[Federal Register Volume 69, Number 110 (Tuesday, June 8, 2004)]
[Notices]
[Pages 32012-32031]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 04-12829]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Office of Inspector General


OIG Draft Supplemental Compliance Program Guidance for Hospitals

AGENCY: Office of Inspector General (OIG), HHS.

ACTION: Notice and comment period.

-----------------------------------------------------------------------

SUMMARY: This Federal Register notice seeks the comments of interested 
parties on a draft supplemental compliance program guidance (CPG) for 
hospitals developed by the Office of Inspector General (OIG). When the 
final version of this document is published, it will supplement the 
OIG's prior compliance program guidance for hospitals issued in 1998. 
This draft contains new compliance recommendations and an expanded 
discussion of risk areas. The draft takes into account recent changes 
to hospital payment systems and regulations, evolving industry 
practices, current enforcement priorities, and lessons learned in the 
area of corporate compliance. When published, the final supplemental 
CPG will provide voluntary guidelines to assist hospitals and hospital 
systems in identifying significant risk areas and in evaluating and, as 
necessary, refining ongoing compliance efforts.

DATES: To ensure consideration, comments must be delivered to the 
address provided below by no later than 5 p.m. on July 23, 2004.

ADDRESSES: Please mail or deliver written comments to the following 
address: Office of Inspector General, Department of Health and Human 
Services, Attention: OIG-9-CPG, Room 5246, Cohen Building, 330 
Independence Avenue, SW., Washington, DC 20201.
    We do not accept comments by facsimile (FAX) transmission. In 
commenting, please refer to file code OIG-9-CPG. Comments received 
timely will be available for public inspection as they are received, 
generally beginning approximately 2 weeks after publication of a 
document, in Room 5541 of the Office of Inspector General at 330 
Independence Avenue, SW., Washington, DC 20201 on Monday through Friday 
of each week from 8 a.m. to 4:30 p.m.

FOR FURTHER INFORMATION CONTACT: Darlene M. Hampton or Paul Johnson, 
Office of Counsel to the Inspector General, (202) 619-0335.

SUPPLEMENTARY INFORMATION: 

Background

    Several years ago, the OIG embarked on a major initiative to engage 
the private health care community in preventing the submission of 
erroneous claims and in combating fraud and abuse in the Federal health 
care programs through voluntary compliance efforts. In the last several 
years, the OIG has developed a series of compliance program guidances 
(CPGs) directed at the following segments of the health care industry: 
Hospitals; clinical

[[Page 32013]]

laboratories; home health agencies; third-party billing companies; the 
durable medical equipment, prosthetics, orthotics, and supply industry; 
hospices; Medicare+Choice organizations; nursing facilities; 
physicians; ambulance suppliers; and pharmaceutical manufacturers. CPGs 
are intended to encourage the development and use of internal controls 
to monitor adherence to applicable statutes, regulations, and program 
requirements. The suggestions made in these CPGs are not mandatory, and 
the CPGs should not be viewed as exhaustive discussions of beneficial 
compliance practices or relevant risk areas. Copies of these CPGs can 
be found on the OIG webpage at http://oig.hhs.gov.

Supplementing the Compliance Program Guidance for Hospitals

    The OIG originally published a CPG for the hospital industry on 
February 23, 1998.\1\ Since that time, there have been significant 
changes in the way hospitals deliver, and are reimbursed for, health 
care services. In response to these developments, on June 18, 2002, the 
OIG published a notice in the Federal Register, titled a ``Solicitation 
of Information and Recommendations for Revising the Compliance Program 
Guidance for the Hospital Industry.'' \2\ The OIG received 11 comments 
from various interested parties. In light of the public comments and 
our consideration of the issues, we have decided to supplement, rather 
than revise, the 1998 guidance.
---------------------------------------------------------------------------

    \1\ See 63 FR 8987 (February 23, 1998), available on our webpage 
at http://oig.hhs.gov/authorities/docs/cpghosp.pdf.
    \2\ See 67 FR 41433 (June 18, 2002), available on our webpage at 
http://oig.hhs.gov/authorities/docs/cpghospitalsolicitationnotice.pdf pdf.
---------------------------------------------------------------------------

    Many public commenters sought guidance on the application of 
specific Medicare rules and regulations related to payment and 
coverage, an area beyond the scope of this OIG guidance. Hospitals with 
questions about the interpretation or application of payment and 
coverage rules or regulations should contact their Fiscal 
Intermediaries (FIs) or the national CMS office, as appropriate.
    To ensure full and meaningful input from the industry, we are 
publishing this supplemental CPG in draft form with a 45-day comment 
period. We will then review the comments and publish a final 
supplemental CPG.

Draft Supplemental Compliance Program Guidance for Hospitals

I. Introduction

    Continuing its efforts to promote voluntary compliance programs for 
the health care industry, the Office of Inspector General (OIG) of the 
Department of Health and Human Services (the Department) publishes this 
Supplemental Compliance Program Guidance for Hospitals.\3\ This 
document supplements, rather than replaces, the OIG's 1998 CPG for the 
hospital industry, 63 FR 8987 (February 23, 1998), which addressed the 
fundamentals of establishing an effective compliance program.\4\ 
Neither this supplemental CPG, nor the original 1998 CPG, is a model 
compliance program. Rather, collectively the two documents offer a set 
of guidelines that hospitals should consider when developing and 
implementing a new compliance program or evaluating an existing one.
---------------------------------------------------------------------------

    \3\ For purposes of convenience in this guidance, we use the 
term ``hospitals'' to refer to individual hospitals, multi-hospital 
systems, health systems that own or operate hospitals, academic 
medical centers, and any other organization that owns or operates 
one or more hospitals. Where applicable, the term ``hospitals'' is 
also intended to include, without limitation, hospital owners, 
officers, managers, staff, agents, and sub-providers. This guidance 
primarily focuses on hospitals reimbursed under the inpatient 
prospective payment system. While other hospitals should find this 
CPG useful, we recognize that they may be subject to different laws, 
rules, and regulations and, accordingly, may have different or 
additional risk areas and may need to adopt different compliance 
strategies. We encourage all hospitals to establish and maintain 
ongoing compliance programs.
    \4\ The 1998 OIG Compliance Guidance for Hospitals is available 
on our webpage at http://oig.hhs.gov/authorities/docs/cpghosp.pdf.
---------------------------------------------------------------------------

    We are mindful that many hospitals have already devoted substantial 
time and resources to compliance efforts. We believe that those efforts 
demonstrate the industry's good faith commitment to ensuring and 
promoting integrity. For those hospitals with existing compliance 
programs, this document may serve as a benchmark or comparison against 
which to measure ongoing efforts and as a roadmap for updating or 
refining their compliance plans.
    In crafting this CPG, we considered, among other things, the public 
comments received in response to the solicitation notice published in 
the Federal Register,\5\ as well as relevant OIG and Centers for 
Medicare & Medicaid Services (CMS) statutory and regulatory authorities 
(including the Federal anti-kickback statute, together with the safe 
harbor regulations and preambles,\6\ and CMS transmittals and program 
memoranda); other OIG guidance (such as OIG advisory opinions, Special 
Fraud Alerts, bulletins, and other guidance); experience gained from 
investigations conducted by the OIG's Office of Investigations, the 
Department of Justice, and the State Medicaid Fraud Units; and relevant 
reports issued by the OIG's Office of Audit Services and Office of 
Evaluation and Inspections.\7\ We also consulted generally with CMS, 
the Department's Office for Civil Rights, and the Department of 
Justice.
---------------------------------------------------------------------------

    \5\ See 67 FR 41433 (June 18, 2002), ``Solicitation of 
Information and Recommendations for Revising a Compliance Program 
Guidance for the Hospital Industry,'' available on our webpage at 
http://oig.hhs.gov/authorities/docs/cpghospitalsolicitationnotice.pdf.
    \6\ See 42 U.S.C. 1320a-7b(b). See also 42 CFR 1001.952. The 
safe harbor regulations and preambles are available on our webpage 
at http://oig.hhs.gov/fraud/safeharborregulations.html#1.
    \7\ OIG materials are available on our webpage at http://oig.hhs.gov.
---------------------------------------------------------------------------

A. Benefits of a Compliance Program

    A successful compliance program addresses the public and private 
sectors' mutual goals of reducing fraud and abuse; enhancing health 
care providers' operations; improving the quality of health care 
services; and reducing the overall cost of health care services. 
Attaining these goals benefits the hospital industry, the government, 
and patients alike. Compliance programs help hospitals fulfill their 
legal duty to refrain from submitting false or inaccurate claims or 
cost information to the Federal health care programs \8\ or engaging in 
other illegal practices. A hospital may gain important additional 
benefits by voluntarily implementing a compliance program, including:
---------------------------------------------------------------------------

    \8\ The term ``Federal health care programs,'' as defined in 42 
U.S.C. 1320a-7b(f), includes any plan or program that provides 
health benefits, whether directly, through insurance, or otherwise, 
which is funded directly, in whole or in part, by the United States 
Government (other than the Federal Employees Health Benefit Plan 
described at 5 U.S.C. 8901-8914) or any State health plan (e.g., 
Medicaid or a program receiving funds from block grants for social 
services or child health services). In this document, the term 
``Federal health care program requirements'' refers to the statutes, 
regulations, and other rules governing Medicare, Medicaid, and all 
other Federal health care programs.

     Demonstrating the hospital's commitment to honest and 
responsible corporate conduct;
     increasing the likelihood of preventing, identifying, and 
correcting unlawful and unethical behavior at an early stage;
     encouraging employees to report potential problems to 
allow for appropriate internal inquiry and corrective action; and
     through early detection and reporting, minimizing any 
financial loss to government and taxpayers, as well as any 
corresponding financial loss to the hospital.

    The OIG recognizes that implementation of a compliance

[[Page 32014]]

program may not entirely eliminate improper or unethical conduct from 
the operations of health care providers. However, an effective 
compliance program demonstrates a hospital's good faith effort to 
comply with applicable statutes, regulations, and other Federal health 
care program requirements, and may significantly reduce the risk of 
unlawful conduct and corresponding sanctions.

B. Application of Compliance Program Guidance

    Given the diversity of the hospital industry, there is no single 
``best'' hospital compliance program. The OIG recognizes the 
complexities of the hospital industry and the differences among 
hospitals and hospital systems. Some hospital entities are small and 
may have limited resources to devote to compliance measures; others are 
affiliated with well-established, large, multi-facility organizations 
with a widely dispersed work force and significant resources to devote 
to compliance.
    Accordingly, this supplemental CPG is not intended to be one-size-
fits-all guidance. Rather, the OIG strongly encourages hospitals to 
identify and focus their compliance efforts on those areas of potential 
concern or risk that are most relevant to their individual 
organizations. Compliance measures adopted by a hospital to address 
identified risk areas should be tailored to fit the unique environment 
of the organization (including its structure, operations, resources, 
and prior enforcement experience). In short, the OIG recommends that 
each hospital adapt the objectives and principles underlying this 
guidance to its own particular circumstances.
    In section II below, titled ``Fraud and Abuse Risk Areas,'' we 
present several fraud and abuse risk areas that are particularly 
relevant to the hospital industry. Each hospital should carefully 
examine these risk areas and identify those that potentially impact the 
hospital. Next, in section III, ``Hospital Compliance Program 
Effectiveness,'' we offer recommendations for assessing and improving 
an existing compliance program to better address identified risk areas. 
Finally, in section IV, ``Self-Reporting,'' we set forth the actions 
hospitals should take if they discover credible evidence of misconduct.

II. Fraud and Abuse Risk Areas

    This section is intended to help hospitals identify areas of their 
operations that present a potential risk of liability under several key 
Federal fraud and abuse statutes and regulations. This section focuses 
on areas that are currently of concern to the enforcement community and 
is not intended to address all potential risk areas for hospitals. 
Importantly, the identification of a particular practice or activity in 
this section is not intended to imply that the practice or activity is 
necessarily illegal in all circumstances or that it may not have a 
valid or lawful purpose underlying it.
    This section addresses the following areas of significant concern 
for hospitals: (A) Submission of accurate claims and information; (B) 
the referral statutes; (C) payments to reduce or limit services; (D) 
the Emergency Medical Treatment and Labor Act (EMTALA); (E) substandard 
care; (F) relationships with Federal health care program beneficiaries; 
(G) HIPAA Privacy and Security Rules; and (H) billing Medicare or 
Medicaid substantially in excess of usual charges. In addition, a final 
section (I) addresses several areas of general interest that, while not 
necessarily matters of significant risk, have been of continuing 
interest to the hospital community. This guidance does not create any 
new law or legal obligations, and the discussions in this guidance are 
not intended to present detailed or comprehensive summaries of lawful 
and unlawful activity. Nor is this guidance intended as a substitute 
for consultation with CMS or a hospital's Fiscal Intermediary (FI) with 
respect to the application and interpretation of Medicare payment and 
coverage provisions, which are subject to change. Rather, this guidance 
should be used as a starting point for a hospital's legal review of its 
particular practices and for development or refinement of policies and 
procedures to reduce or eliminate potential risk.

A. Submission of Accurate Claims and Information

    Perhaps the single biggest risk area for hospitals is the 
preparation and submission of claims or other requests for payment from 
the Federal health care programs. It is axiomatic that all claims and 
requests for reimbursement from the Federal health care programs--and 
all documentation supporting such claims or requests--must be complete 
and accurate and must reflect reasonable and necessary services ordered 
by an appropriately licensed medical professional who is a 
participating provider in the health care program from which the 
individual or entity is seeking reimbursement. Hospitals must disclose 
and return any overpayments that result from mistaken or erroneous 
claims.\9\ Moreover, the knowing submission of a false, fraudulent, or 
misleading statement or claim is actionable. A hospital may be liable 
under the False Claims Act\10\ or other statutes imposing sanctions for 
the submission of false claims or statements, including liability for 
civil monetary penalties or exclusion.\11\ Underlying assumptions used 
in connection with claims submission should be reasoned, consistent, 
and appropriately documented, and hospitals should retain all relevant 
records reflecting their efforts to comply with Federal health care 
program requirements.
---------------------------------------------------------------------------

    \9\ See 42 U.S.C. 1320a-7b(a)(3).
    \10\ The False Claims Act (31 U.S.C. 3729-33), among other 
things, prohibits knowingly presenting or causing to be presented to 
the Federal government a false or fraudulent claim for payment or 
approval, knowingly making or using or causing to be made or used a 
false record or statement to have a false or fraudulent claim paid 
or approved by the government, and knowingly making or using or 
causing to be made or used, a false record or statement to conceal, 
avoid, or decrease an obligation to pay or transmit money or 
property to the government. The Act defines ``knowing'' and 
``knowingly'' to mean that ``a person, with respect to the 
information (1) has actual knowledge of the information; (2) acts in 
deliberate ignorance of the truth or falsity of the information; or 
(3) acts in reckless disregard of the truth or falsity of the 
information, and no proof of specific intent to defraud is 
required.'' 31 U.S.C. 3729(b).
    \11\ In some circumstances, inaccurate or incomplete reporting 
may lead to liability under the Federal anti-kickback statute. In 
addition, hospitals should be mindful that many States have fraud 
and abuse statutes--including false claims, anti-kickback, and other 
statutes--that are not addressed in this guidance.
---------------------------------------------------------------------------

    Common and longstanding risks associated with claims preparation 
and submission include inaccurate or incorrect coding, upcoding, 
unbundling of services, billing for medically unnecessary services or 
other services not covered by the relevant health care program, billing 
for services not provided, duplicate billing, insufficient 
documentation, and false or fraudulent cost reports. While hospitals 
should continue to be vigilant with respect to these important risk 
areas, we believe these risk areas are relatively well-understood in 
the industry and, therefore, they are not generally addressed in this 
section.\12\ Rather, the following discussion highlights evolving risks 
or risks that appear to the OIG to be under-appreciated by the 
industry. The risks are grouped under the following topics: Outpatient 
procedure coding; admissions and discharges; supplemental payment 
considerations; and use of information technology. By

[[Page 32015]]

necessity, this discussion is illustrative, not exhaustive, of risks 
associated with the submission of claims or other information. In all 
cases, hospitals should consult the applicable laws, rules, and 
regulations.
---------------------------------------------------------------------------

    \12\ To review the risk areas discussed in the original hospital 
CPG, see 63 FR 8987, 8990 (February 23, 1998), available on our 
webpage at http://oig.hhs.gov/authorities/docs/cpghosp.pdf.
---------------------------------------------------------------------------

1. Outpatient Procedure Coding
    The implementation of Medicare's Hospital Outpatient Prospective 
Payment System (OPPS)\13\ increased the importance of accurate 
procedure coding for hospital outpatient services. Previously, hospital 
coding concerns mainly consisted of ensuring accurate ICD-9-CM 
diagnosis and procedure coding for reimbursement under the inpatient 
prospective payment system (PPS). Hospitals reported procedure codes 
for outpatient services, but were reimbursed for outpatient services 
based on their charges for services. With OPPS, procedure codes 
effectively became the basis for Medicare reimbursement. Under OPPS, 
each reported procedure code is assigned to a corresponding Ambulatory 
Payment Classification (APC) code. Hospitals are then reimbursed a 
predetermined amount for each APC, irrespective of the specific level 
of resources used to furnish the service. In implementing OPPS, CMS 
developed new rules governing the use of procedure code modifiers for 
outpatient coding.\14\ Because incorrect procedure coding may lead to 
overpayments and subject a hospital to liability for the submission of 
false claims, hospitals need to pay close attention to coder training 
and qualifications.
---------------------------------------------------------------------------

    \13\ Congress enacted the OPPS in section 4523 of the Balanced 
Budget Act of 1997. OPPS became effective on August 1, 2001. CMS 
promulgated regulations implementing the OPPS at 42 CFR Part 419. 
For more information regarding the OPPS, see http://www.cms.gov/providers/hopps/ providers/hopps/.
    \14\ The list of current modifiers is listed in the Current 
Procedural Terminology (CPT) coding manual. However, hospitals 
should pay particular attention to CMS transmittals and program 
memoranda that may introduce new or altered application of modifiers 
for claims submission and reimbursement purposes. See chapter 4, 
section 20.6 of the Medicare Claims Processing Manual at http://www.cms.gov/manuals/104_claims/clm104c04.pdf.
---------------------------------------------------------------------------

    Hospitals should also review their outpatient documentation 
practices to ensure that claims are based on complete medical records 
and that the medical record supports the level of service claimed. 
Under OPPS, hospitals must generally include on a single claim all 
services provided to the same patient on the same day. Coding from 
incomplete medical records may create problems in complying with this 
claim submission requirement. Moreover, submitting claims for services 
that are not supported by the medical record may also result in the 
submission of improper claims.
    In addition to the coding risk areas noted above and in the 1998 
hospital CPG, other specific risk areas associated with incorrect 
outpatient procedure coding include the following:
     Billing on an outpatient basis for ``inpatient-only'' 
procedures--CMS has identified several procedures for which 
reimbursement is typically allowed only if the service is performed in 
an inpatient setting.\15\
---------------------------------------------------------------------------

    \15\ The list of ``inpatient-only'' procedures appears in the 
annual update to the OPPS rule. For the 2004 final rule, the 
``inpatient-only'' list is found in Addendum E. See http://www.cms.gov/regulations/hopps/2004f regulations/hopps/2004f.
---------------------------------------------------------------------------

     Submitting claims for medically unnecessary services by 
failing to follow the FI's local medical review policies--Each FI 
publishes local medical review policies (LMRPs) that identify certain 
procedures that may only be rendered when specific conditions are 
present. In addition to relying on a physician's sound clinical 
judgment with respect to the appropriateness of a proposed course of 
treatment, hospitals should regularly review and become familiar with 
their individual FI's LMRPs. LMRPs should be incorporated into a 
hospital's regular coding and billing operations.\16\
---------------------------------------------------------------------------

    \16\ A hospital may contact its FI to request a copy of the 
pertinent LMRPs, or visit CMS's webpage at http://www.cms.gov/mcd to 
search existing local and national policies.
---------------------------------------------------------------------------

     Submitting duplicate claims or otherwise not following the 
National Correct Coding Initiative guidelines--CMS developed the 
National Correct Coding Initiative (NCCI) to promote correct coding 
methodologies. NCCI identifies certain codes that should not be used 
together because they are either mutually exclusive or one is a 
component of another. If a hospital uses code pairs that are listed in 
the NCCI and those codes are not detected by the editing routines in 
the hospital's billing system, the hospital may submit duplicate or 
unbundled claims. Intentional manipulation of code assignments to 
maximize payments and avoid NCCI edits constitutes fraud. Unintentional 
misapplication of the NCCI coding and billing guidelines may also give 
rise to overpayments or civil liability for hospitals that have 
developed a pattern of inappropriate billing. To minimize risk, 
hospitals should ensure that their coding software includes up-to-date 
NCCI edit files.\17\
---------------------------------------------------------------------------

    \17\ More information regarding NCCI can be obtained from CMS's 
webpage at http://www.cms.gov/medlearn/ncci.asp.
---------------------------------------------------------------------------

     Submitting incorrect claims for ancillary services because 
of outdated Charge Description Masters--Charge Description Masters 
(CDMs) list all of the hospital's charges for items and services and 
include the underlying procedure codes necessary to bill for those 
items and services. Outdated CDMs create significant compliance risk 
for hospitals. Because the Healthcare Common Procedure Coding System 
(HCPCS) codes and APCs are updated regularly, hospitals should pay 
particular attention to the task of updating the CDM to ensure the 
assignment of correct codes to outpatient claims. This should include 
timely updates, proper use of modifiers, and correct associations 
between procedure codes and revenue codes.\18\
---------------------------------------------------------------------------

    \18\ For information relating to HCPCS code updates, see http://www.cms.gov/medicare/hcpcs/. For information relating to annual APC 
updates, see http://www.cms.gov/providers/hopps/.
---------------------------------------------------------------------------

     Circumventing the multiple procedure discounting rules--A 
surgical procedure performed in connection with another surgical 
procedure may be discounted. However, certain surgical procedures are 
designated as non-discounted, even when performed with another surgical 
procedure. Hospitals should ensure that the procedure codes selected 
represent the actual services provided, irrespective of the discounting 
status. They should also review the annual OPPS rule update to 
understand more fully CMS's multiple procedure discounting rule.\19\
---------------------------------------------------------------------------

    \19\ See http://www.cms.gov/medlearn/refopps.asp.
---------------------------------------------------------------------------

     Failing to follow CMS instructions regarding the selection 
of proper evaluation and management codes--Hospitals should take steps 
to ensure that the evaluation and management (E/M) codes that are used 
to describe medical services provided to patients follow published CMS 
guidelines.\20\
---------------------------------------------------------------------------

    \20\ Section 1848(c)(5) of the Social Security Act (42 U.S.C. 
1395w-4(c)(5)) mandated the development of a uniform coding system 
to describe physician services. E/M documentation guidelines can be 
accessed at http://www.cms.gov/medlearn/emdoc.asp.
---------------------------------------------------------------------------

     Improperly billing for observation services--In certain 
circumstances, Medicare provides a separate APC payment for observation 
services for patients with diagnoses of chest pain, asthma, or 
congestive heart failure. Claims for these observation services must 
correctly reflect the diagnosis and meet certain other requirements. 
Billing for observation services in situations that do not satisfy the 
requirements is inappropriate and may result in hospital liability. 
Hospitals should develop, and become familiar with, CMS's detailed

[[Page 32016]]

policies for the submission of claims for observation services.\21\
---------------------------------------------------------------------------

    \21\ See CMS Program Transmittal A-02-026, available on CMS's 
webpage at http://www.cms.gov/manuals/pm_trans/A02026.pdf.
---------------------------------------------------------------------------

2. Admissions and Discharges
    Often, the status of patients at the time of admission or discharge 
significantly influences the amount and method of reimbursement 
hospitals receive. Therefore, hospitals have a duty to ensure that 
admission and discharge policies are updated and reflect current CMS 
rules. Risk areas with respect to the admission and discharge processes 
include the following:

     Failure to follow the ``same-day rule''--OPPS rules 
require hospitals to include on the same claim all OPPS services 
provided at the same hospital, to the same patient, on the same day, 
unless certain conditions are met. Hospitals should review internal 
billing systems and procedures to ensure that they are not submitting 
multiple claims for OPPS services delivered to the same patient on the 
same day.\22\
---------------------------------------------------------------------------

    \22\ See chapter 1, section 50.2 of the Medicare Claims 
Processing Manual, available on CMS's webpage at http://www.cms.gov/manuals/104_claims/clm104c01.pdf.
---------------------------------------------------------------------------

     Abuse of partial hospitalization payments--Under OPPS, 
Medicare provides a per diem payment for specific hospital services 
rendered to behavioral and mental health patients on a partial 
hospitalization basis. Examples of improper billing under the partial 
hospitalization program include, without limitation: reducing the range 
of services offered; withholding services that are medically 
appropriate; billing for services not covered; and billing for services 
without a certificate of medical necessity.\23\
---------------------------------------------------------------------------

    \23\ See chapter 4, section 260 of the Medicare Claims 
Processing Manual, available on CMS's webpage at http://www.cms.gov/manuals/104_claims/clm104c04.pdf.
---------------------------------------------------------------------------

     Same-day discharges and readmissions--Same-day discharges 
and readmissions may indicate premature discharges, medically 
unnecessary readmissions, or incorrect discharge coding. Hospitals 
should have procedures in place to review discharges and admissions 
carefully to ensure that they reflect prudent clinical decision-making 
and are properly coded.\24\
---------------------------------------------------------------------------

    \24\ See, e.g., OIG Audit Report A-03-01-00011, ``Review of 
Medicare Same-Day, Same-Provider Acute Care Readmissions in 
Pennsylvania During Calendar Year 1998,'' August 2002, available on 
our webpage at http://oig.hhs.gov/oas/reports/region3/30100011.pdf.
---------------------------------------------------------------------------

     Violation of Medicare's post-acute care transfer policy--
The post-acute care transfer policy provides that, for certain 
designated DRGs, a hospital will receive a per diem transfer payment, 
rather than the full DRG payment, if the patient is discharged to 
certain post-acute care settings.\25\ There are currently 29 DRGs that 
are subject to CMS's post-acute care transfer policy; however, CMS may 
revise the list of designated DRGs periodically.\26\ To avoid 
improperly billing for discharges, hospitals should pay particular 
attention to CMS's post-acute care transfer policy and keep an accurate 
list of all designated DRGs subject to that policy.
---------------------------------------------------------------------------

    \25\ See 42 CFR 412.4(c). See, e.g., OIG Audit Report A-04-00-
01220 ``Implementation of Medicare's Postacute Care Transfer 
Policy,'' October 2001, available on our webpage at http://oig.hhs.gov/oas/reports/region4/40001220.pdf.
    \26\ The initial 10 designated DRGs were selected by the 
Secretary, pursuant to section 1886(d)(5)(J) of the Social Security 
Act (42 U.S.C. 1395ww(d)(5)(J)). With the 2004 fiscal year PPS rule, 
CMS revised the list of DRGs paid under CMS's post-acute care 
transfer policy, bringing the total number of designated DRGs to 29. 
See 68 FR 45346, 45406 (August 1, 2003). See also chapter 3, section 
40.2.4 of the Medicare Claims Processing Manual, available on CMS's 
webpage at http://www.cms.gov/manuals/104_claims/clm104c03.pdf.
---------------------------------------------------------------------------

     Improper churning of patients by long-term care hospitals 
co-located in acute care hospitals--Long term care hospitals that are 
co-located within acute care hospitals may qualify for PPS-exempt 
status if certain regulatory requirements are satisfied.\27\ Hospitals 
should not engage in the practice of churning, or inappropriately 
transferring, patients between the host hospital and the hospital-
within-a-hospital.
---------------------------------------------------------------------------

    \27\ See 42 CFR 412.22(e).
---------------------------------------------------------------------------

3. Supplemental Payment Considerations
    Under the Medicare program, in certain limited situations, 
hospitals may claim payments in addition to, or in some cases in lieu 
of, the normalreimbursement available to hospitals under the regular 
payment systems. Eligibility for these payments depends on compliance 
with specific criteria. Hospitals that claim supplemental payments 
improperly are liable for fines and penalties under Federal law. 
Examples of specific risks that hospitals should address include the 
following:

     Improper reporting of the costs of ``pass-through'' 
items--``Pass-through'' items are certain items of new technology and 
drugs for which Medicare will reimburse the hospital based on costs 
during a limited transitional period.\28\
---------------------------------------------------------------------------

    \28\ For more information regarding CMS's APC ``pass-through'' 
payments, see http://www.cms.gov/providers/hopps/apc.asp.
---------------------------------------------------------------------------

     Abuse of DRG outlier payments--Recent investigations 
revealed substantial abuse of outlier payments by hospitals with 
Medicare patients. Hospital management, compliance staff, and counsel 
should familiarize themselves with CMS's new outlier rules and 
requirements intended to curb abuses.\29\
---------------------------------------------------------------------------

    \29\ See 42 CFR 412.84; 68 FR 34493 (June 9, 2003).
---------------------------------------------------------------------------

     Improper claims for incorrectly designated ``provider-
based'' entities--Certain hospital-affiliated entities and clinics can 
be designated as ``provider-based,'' which allows for a higher level of 
reimbursement for certain services.\30\ Hospitals should take steps to 
ensure that facilities or organizations are only designated as 
provider-based if they satisfy the criteria set forth in the 
regulations.
---------------------------------------------------------------------------

    \30\ The criteria for determining whether a facility or 
organization is provider-based can be found at 42 CFR 413.65. In 
April 2003, CMS published Transmittal A-03-030, outlining changes to 
the criteria for provider-based designation. See http://www.cms.gov/manuals/pm_trans/A03030.pdf.
---------------------------------------------------------------------------

     Improper claims for clinical trials--Since September 2000, 
Medicare has covered items and services furnished during certain 
clinical trials, as long as those items and services would typically be 
covered for Medicare beneficiaries, but for the fact that they are 
provided in an experimental or clinical trial setting. Hospitals that 
participate in clinical trials should review the requirements for 
submitting claims for patients participating in clinical trials.\31\
---------------------------------------------------------------------------

    \31\ To view Medicare's National Coverage Decision regarding 
clinical trials, see http://www.cms.gov/coverage/8d2.asp. Specific 
requirements for submitting claims for reimbursement for clinical 
trials can be accessed on CMS's webpage at http://www.cms.gov/coverage/8d4.asp.
---------------------------------------------------------------------------

     Improper claims for organ acquisition costs-Hospitals that 
are approved transplantation centers may receive reimbursement on a 
reasonable cost basis to cover the costs of acquisition of certain 
organs.\32\ Organ acquisition costs are only reimbursable if a hospital 
satisfies several requirements, such as having adequate cost 
information, supporting documentation, and supporting medical 
records.\33\ Hospitals must also ensure that expenses not related to 
organ acquisition, such as transplant and post-transplant activities 
and costs from

[[Page 32017]]

other cost centers, are not included in the hospital's organ 
acquisition costs.\34\
---------------------------------------------------------------------------

    \32\ See 42 CFR 412.2(e)(4), 42 CFR 412.113(d), and 42 CFR 
413.203. See generally 42 CFR Part 413 (setting forth the principles 
of reasonable cost reimbursement).
    \33\ See Medicare's Provider Reimbursement Manual (PRM), Part I, 
section 2304 and Part II, section 3610, available on CMS's webpage 
at http://www.cms.gov/manuals/cmstoc.asp.
    \34\ See 42 CFR 412.100. See also, chapter 3, section 90 of the 
Medicare Claims Processing Manual, available on CMS's webpage at 
http://www.cms.gov/manuals/104_claims/clm104c03.pdf. See, e.g., 
OIG Audit Report A-04-02-02017, ``Audit of Medicare Costs for Organ 
Acquisitions at Tampa General Hospital,'' April 2003, available on 
our webpage at http://oig.hhs.gov/oas/reports/region4/40202017.pdf.
---------------------------------------------------------------------------

     Improper claims for cardiac rehabilitation services--
Medicare covers reasonable and necessary cardiac rehabilitation 
services under the hospital ``incident-to'' benefit, which requires 
that the services of non-physician personnel be furnished under a 
physician's direct supervision. In addition to satisfying the 
supervision requirement, hospitals must ensure that cardiac 
rehabilitation services are reasonable and necessary.\35\
---------------------------------------------------------------------------

    \35\ See section 35-25 of the Medicare Coverage Issues Manual. 
See, e.g., OIG Audit Report A-01-03-00516, ``Review of Outpatient 
Cardiac Rehabilitation Services at the Cooley Dickinson Hospital,'' 
December 2003, available on our webpage at http://oig.hhs.gov/oas/reports/region1/10300516.pdf.
---------------------------------------------------------------------------

     Failure to follow Medicare rules regarding payment for 
costs related to educational activities \36\--Hospitals should pay 
particular attention to these rules when implementing dental or other 
education programs, particularly those not historically operated at the 
hospital.
---------------------------------------------------------------------------

    \36\ Payments for direct graduate medical education (GME) and 
indirect graduate medical education (IME) costs are in part based 
upon the number of full-time equivalent (FTE) residents at each 
hospital and the proportion of time residents spend in training. 
Hospitals that inappropriately calculate the number of FTE residents 
risk receiving inappropriate medical education payments. Hospitals 
should have in place procedures regarding (i) resident rotation 
monitoring, (ii) resident credentialing, (iii) written agreements 
with non-hospital providers, and (iv) the approval process for 
research activities. For more information regarding medical 
education reimbursement, see 42 CFR 413.86 (GME requirements) and 42 
CFR 412.105 (IME requirements). See, e.g., OIG Audit Report A-01-01-
00547 ``Review of Graduate Medical Education Costs Claimed by the 
Hartford Hospital for Fiscal Year Ending September 30, 1999,'' 
October 2003, available on our webpage at http://oig.hhs.gov/oas/reports/region1/10100547.pdf.
---------------------------------------------------------------------------

4. Use of Information Technology
    The implementation of the OPPS increased the need for hospitals to 
pay particular attention to their computerized billing, coding, and 
information systems. Billing and coding under the OPPS is more data 
intensive than billing and coding under the inpatient PPS. When the 
OPPS began, many hospitals' existing systems were unable to accommodate 
the new requirements and required adjustments.
    As the health care industry moves forward, hospitals will 
increasingly rely on information technology. For example, HIPAA Privacy 
and Security Rules (discussed below in section II.G), electronic claims 
submission,\37\ electronic prescribing, networked information sharing 
among providers, and systems for the tracking and reduction of medical 
errors, among others, will require hospitals to depend more on 
information technologies. Information technology presents new 
opportunities to advance health care efficiency, but also new 
challenges to ensuring the accuracy of claims and the information used 
to generate claims. It is often difficult for purchasers of computer 
systems and software to know exactly how the system operates and 
generates information. Prudent hospitals will take steps to ensure that 
they thoroughly assess all new computer systems and software that 
impact coding, billing, or the generation or transmission of 
information related to the Federal health care programs or their 
beneficiaries.
---------------------------------------------------------------------------

    \37\ For more information regarding Medicare's Electronic Data 
Interchange programs, see http://www.cms.gov/providers/edi/.
---------------------------------------------------------------------------

B. The Referral Statutes: The Physician Self-Referral Law (the 
``Stark'' Law) and the Federal Anti-Kickback Statute

1. The Physician Self-Referral Law
    From a hospital compliance perspective, the physician self-referral 
law (section 1877 of the Social Security Act (Act), commonly known as 
the ``Stark'' law) should be viewed as a threshold statute. Simply put, 
hospitals face significant financial exposure unless their financial 
relationships with referring physicians fit squarely in statutory or 
regulatory exceptions to the statute. The statute prohibits hospitals 
from submitting--and Medicare from paying--any claim for a ``designated 
health service'' (DHS) if the referral of the DHS comes from a 
physician with whom the hospital has a prohibited financial 
relationship.\38\ This is true even if the prohibited financial 
relationship is the result of inadvertence or error. In addition, 
hospitals and physicians that knowingly violate the statute may be 
subject to civil monetary penalties and exclusion from the Federal 
health care programs. Under certain circumstances, a knowing violation 
of the Stark law may also give rise to liability under the False Claims 
Act. Because all inpatient and outpatient hospital services (including 
services furnished directly by a hospital or by others ``under 
arrangements'' with a hospital) are DHS under the statute,\39\ 
hospitals must diligently review all financial relationships with 
referring physicians for compliance with the Stark law.
---------------------------------------------------------------------------

    \38\ The statute also prohibits physicians from referring DHS to 
entities, including hospitals, with which they have prohibited 
financial relationships. However, the billing prohibition and 
nonpayment sanction apply only to the DHS entity (e.g., the 
hospital). See section 1877(a) of the Act. Section 1903(s) of the 
Act extends the statutory prohibition to Medicaid-covered services.
    \39\ The statute lists ten additional categories of DHS, 
including, among others, clinical laboratory services, radiology 
services, and durable medical equipment. See section 1877(h)(6) of 
the Act. Hospitals and health systems that own or operate free-
standing DHS entities should be mindful of the ten additional DHS 
categories.
---------------------------------------------------------------------------

    For purposes of analyzing a financial relationship under the Stark 
law, the following three-part inquiry is useful:

     Is there a referral from a physician for a designated 
health service? If not, then there is no Stark law issue (although 
other fraud and abuse authorities, such as the anti-kickback statute, 
may be implicated). If the answer is ``yes,'' the next inquiry is:
     Does the physician (or an immediate family member) have a 
financial relationship with the entity furnishing the DHS (e.g., the 
hospital)? Again, if the answer is no, the Stark law is not implicated. 
However, if the answer is ``yes,'' the third inquiry is:
     Does the financial relationship fit in an exception? If 
not, the statute has been violated.

    Detailed definitions of the highlighted terms (and others) are set 
forth in regulations at 42 CFR 411.351 through 411.361 (substantial 
additional explanatory material appears in the regulatory preambles to 
the final regulations: 66 FR 856 (January 4, 2001); 69 FR 16054 (March 
26, 2004); and 69 FR 17933 (April 6, 2004)). Importantly, a financial 
relationship can be almost any kind of direct or indirect ownership or 
investment relationship (e.g., stock ownership, a partnership interest, 
or secured debt) or direct or indirect compensation arrangement, 
whether in cash or in-kind (e.g., a rental contract, personal services 
contract, salary, gift, or gratuity), between a referring physician (or 
immediate family member) and a hospital. Moreover, the financial 
relationship need not relate to the provision of DHS (e.g., a joint 
venture between a hospital and a physician to operate a hospice would 
create an indirect compensation relationship between the hospital and 
the physician for Stark law purposes).
    The statutory and regulatory exceptions are the key to compliance 
with the Stark law. Any financial relationship between the hospital and 
a physician who refers to the hospital must fit in an exception. 
Exceptions

[[Page 32018]]

exist in the statute and regulations for many common types of business 
arrangements. To fit in an exception, an arrangement must squarely meet 
all of the conditions set forth in the exception. Importantly, it is 
the actual relationship between the parties, and not merely the 
paperwork, that must fit in an exception. Unlike the anti-kickback safe 
harbors, which are voluntary, fitting in an exception is mandatory 
under the Stark law.
    Compliance with a Stark law exception does not immunize an 
arrangement under the anti-kickback statute. Rather, the Stark law sets 
a minimum standard for arrangements between physicians and hospitals. 
Even if a hospital-physician relationship qualifies for a Stark law 
exception, it should still be reviewed for compliance with the anti-
kickback statute. The anti-kickback statute is discussed in greater 
detail in the next subsection.
    Because of the significant exposure for hospitals under the Stark 
law, we recommend that hospitals implement systems to ensure that all 
conditions in the exceptions upon which they rely are fully satisfied. 
For example, many of the exceptions, such as the rental and personal 
services exceptions, require signed, written agreements with 
physicians. We are aware of numerous instances in which hospitals 
failed to maintain these signed written agreements, often inadvertently 
(e.g., a holdover lease without a written lease amendment; a physician 
hired as an independent contractor for a short-term project without a 
signed agreement). To avoid a large overpayment, hospitals should 
ensure frequent and thorough review of their contracting and leasing 
processes. The final regulations contain a new limited exception for 
certain inadvertent, temporary instances of noncompliance with another 
exception. This exception may only be used on an occasional basis. 
Hospitals should be mindful that this exception is not a substitute for 
vigilant contracting and leasing oversight. In addition, hospitals 
should review the new reporting requirements at 42 CFR 411.361, which 
generally require hospitals to retain records that the hospitals know 
or should know about in the course of prudently conducting business. 
Hospitals should ensure that they have policies and procedures in place 
to address these requirements.
    In addition, because many exceptions to the Stark law require fair 
market value compensation for items or services actually needed and 
rendered, hospitals should have appropriate processes for making and 
documenting reasonable, consistent, and objective determinations of 
fair market value and for ensuring that needed items and services are 
furnished or rendered. Other areas that may require careful monitoring 
include, without limitation, tracking the total value of non-monetary 
compensation provided annually to each referring physician, tracking 
the provision and value of medical staff incidental benefits, and 
monitoring the provision of professional courtesy.\40\ As discussed 
further in the anti-kickback section below, hospitals should exercise 
care when recruiting physicians. Importantly, while the final 
regulations contain a limited exception for certain joint recruiting by 
hospitals and existing group practices, the exception strictly forbids 
the use of income guarantees that shift group practice overhead or 
expenses to the hospital or any payment structure that otherwise 
transfers remuneration to the group practice.
---------------------------------------------------------------------------

    \40\ Hospitals affiliated with academic medical centers should 
be aware that the regulations contain a special exception for 
certain academic medical center arrangements. See 42 CFR 411.353(e). 
Specialty hospitals should be mindful of certain limitations on new 
physician-owned specialty hospitals contained in section 507 of the 
Medicare Prescription Drug, Improvement and Modernization Act of 
2003. See CMS's One-Time Notification regarding the 18-month 
moratorium on physician investment in specialty hospitals, CMS 
Manual System Pub. 100-20 One-Time Notification, Transmittal 26 
(March 19, 2004), available on CMS's webpage at http://www.cms.gov/manuals/pm_trans/R62OTN.pdf.
---------------------------------------------------------------------------

    Further information about the Stark law and applicable regulations 
can be found on CMS's webpage at http://cms.gov/medlearn/refphys.asp. 
Information regarding CMS's Stark advisory opinion process can be found 
at http://cms.gov/physicians/aop/default.asp.
2. The Federal Anti-Kickback Statute
    Hospitals should also be aware of the Federal anti-kickback 
statute, section 1128B(b) of the Act, and the constraints it places on 
business arrangements related directly or indirectly to items or 
services reimbursable by any Federal health care program, including, 
but not limited to, Medicare and Medicaid. The anti-kickback statute 
prohibits in the health care industry some practices that are common in 
other business sectors, such as offering gifts to reward past or 
potential new referrals.
    The anti-kickback statute is a criminal prohibition against 
payments (in any form, whether the payments are direct or indirect) 
made purposefully to induce or reward the referral or generation of 
Federal health care program business. The anti-kickback statute 
addresses not only the offer or payment of anything of value for 
patient referrals, but also the offer or payment of anything of value 
in return for purchasing, leasing, ordering, or arranging for or 
recommending the purchase, lease, or ordering of any item or service 
reimbursable in whole or in part by a Federal health care program. The 
statute extends equally to the solicitation or acceptance of 
remuneration for referrals or the generation of other business payable 
by a Federal health care program. Liability under the anti-kickback 
statute is determined separately for each party involved. In addition 
to criminal penalties, violators may be subject to civil monetary 
penalties and exclusion from the Federal health care programs. 
Hospitals should also be mindful that compliance with the anti-kickback 
statute is a condition of payment under Medicare and other Federal 
health care programs. See, e.g., Medicare Federal Health Care Provider/
Supplier Application, CMS Form 855A, Certification Statement at section 
15, paragraph A.3, available on CMS's webpage at http://www.cms.gov/providers/enrollment/forms/. As such, liability may arise under the 
False Claims Act where the anti-kickback statute violation results in 
the submission of a claim for payment under a Federal health care 
program.
    Although liability under the anti-kickback statute ultimately turns 
on a party's intent, it is possible to identify arrangements or 
practices that may present a significant potential for abuse. For 
purposes of analyzing an arrangement or practice under the anti-
kickback statute, the following two inquiries are useful:

     Does the hospital have any remunerative relationship 
between itself (or its affiliates or representatives) and persons or 
entities in a position to generate Federal health care program business 
for the hospital (or its affiliates) directly or indirectly? Persons or 
entities in a position to generate Federal health care program business 
for a hospital include, for example, physicians and other health care 
professionals, ambulance companies, clinics, hospices, home health 
agencies, nursing facilities, and other hospitals.
     With respect to any remunerative relationship so 
identified, could one purpose of the remuneration be to induce or 
reward the referral or recommendation of business payable in whole or 
in part by a Federal health care program? Importantly, under the anti-
kickback statute, neither a legitimate business purpose for the 
arrangement, nor a fair market value payment, will legitimize a payment 
if there is also an

[[Page 32019]]

illegal purpose (i.e., inducing Federal health care program business).

    Although any arrangement satisfying both tests implicates the anti-
kickback statute and requires careful scrutiny by a hospital, the 
courts have identified several potentially aggravating considerations 
that can be useful in identifying arrangements at greatest risk of 
prosecution. In particular, hospitals should ask the following 
questions, among others, about any potentially problematic arrangements 
or practices they identify:

     Does the arrangement or practice have a potential to 
interfere with, or skew, clinical decision-making?
     Does the arrangement or practice have a potential to 
increase costs to Federal health care programs, beneficiaries, or 
enrollees?
     Does the arrangement or practice have a potential to 
increase the risk of overutilization or inappropriate utilization?
     Does the arrangement or practice raise patient safety or 
quality of care concerns?

    Hospitals that have identified potentially problematic arrangements 
or practices can take a number of steps to reduce or eliminate the risk 
of an anti-kickback violation. Detailed guidance relating to a number 
of specific practices is available from several sources. Most 
importantly, the anti-kickback statute and the corresponding 
regulations establish a number of ``safe harbors'' for common business 
arrangements. The following safe harbors are of most relevance to 
hospitals:

     Investment interests safe harbor, 42 CFR 1001.952(a),
     space rental safe harbor, 42 CFR 1001.952(b),
     equipment rental safe harbor, 42 CFR 1001.952(c),
     personal services and management contracts safe harbor, 42 
CFR 1001.952(d),
     sale of practice safe harbor, 42 CFR 1001.952(e),
     referral services safe harbor, 42 CFR 1001.952(f),
     discount safe harbor, 42 CFR 1001.952(h),
     employment safe harbor, 42 CFR 1001.952(i),
     group purchasing organizations safe harbor, 42 CFR 
1001.952(j),
     waiver of beneficiary coinsurance and deductible amounts 
safe harbor, 42 CFR 1001.952(k),
     practitioner recruitment safe harbor, 42 CFR 1001.952(n),
     obstetrical malpractice insurance subsidies safe harbor, 
42 CFR 1001.952(o),
     cooperative hospital services organizations safe harbor, 
42 CFR 1001.952(q),
     ambulatory surgical centers safe harbor, 42 CFR 
1001.952(r),
     ambulance replenishing safe harbor, 42 CFR 1001.952(v), 
and
     safe harbors for certain managed care and risk sharing 
arrangements, 42 CFR 1001.952(m), (t), and (u).\41\
---------------------------------------------------------------------------

    \41\ Importantly, the anti-kickback statute safe harbors are not 
the same as the Stark law exceptions described above at section 
II.B.1 of this guidance. An arrangement's compliance with the anti-
kickback statute and the Stark law must be evaluated separately.
---------------------------------------------------------------------------

    Safe harbor protection requires strict compliance with all 
applicable conditions set out in the relevant safe harbor.\42\ Although 
compliance with a safe harbor is voluntary and failure to comply with a 
safe harbor does not mean an arrangement is illegal per se, we 
recommend that hospitals structure arrangements to fit in a safe harbor 
whenever possible. Arrangements that do not fit in a safe harbor must 
be evaluated on a case-by-case basis.
---------------------------------------------------------------------------

    \42\ Parties to an arrangement cannot obtain safe harbor 
protection by entering into a sham contract that complies with the 
written agreement requirement of a safe harbor and appears, on 
paper, to meet all of the other safe harbor requirements, but does 
reflect the actual arrangement between the parties. In other words, 
in assessing compliance with a safe harbor, the OIG examines not 
only whether the written contract satisfies all of the safe harbor 
requirements, but also whether the actual arrangement satisfies the 
requirements.
---------------------------------------------------------------------------

    Other available guidance includes special fraud alerts and advisory 
bulletins issued by the OIG identifying and discussing particular 
practices or issues of concern and OIG advisory opinions issued to 
specific parties about their particular business arrangements.\43\ A 
hospital concerned about an existing or proposed arrangement may 
request a binding OIG advisory opinion regarding whether the 
arrangement violates the Federal anti-kickback statute or other OIG 
fraud and abuse authorities, using the procedures set out at 42 CFR 
part 1008. The safe harbor regulations (and accompanying Federal 
Register preambles), fraud alerts and bulletins, advisory opinions (and 
instructions for obtaining them, including a list of frequently asked 
questions), and other guidance are available on the OIG webpage at 
http://oig.hhs.gov.
---------------------------------------------------------------------------

    \43\ While informative for guidance purposes, an OIG advisory 
opinion is binding only with respect to the particular party or 
parties that requested the opinion. The analyses and conclusions set 
forth in OIG advisory opinions are very fact-specific. Accordingly, 
hospitals should be aware that different facts may lead to different 
results.
---------------------------------------------------------------------------

    The following discussion highlights several known areas of 
potential risk under the anti-kickback statute. The propriety of any 
particular arrangement can only be determined after a detailed 
examination of the attendant facts and circumstances. The 
identification of a given practice or activity as ``suspect'' or as an 
area of ``risk'' does not mean it is necessarily illegal or unlawful, 
or that it cannot be properly structured to fit in a safe harbor; nor 
does it mean that the practice or activity is not beneficial from a 
clinical, cost, or other perspective. Rather, the areas identified 
below are areas of activity that have a potential for abuse and that 
should receive close scrutiny from hospitals. The discussion highlights 
potential risks under the anti-kickback statute arising from hospitals' 
relationships in the following five categories: (a) Joint ventures; (b) 
compensation arrangements with physicians; (c) relationships with other 
health care entities; (d) recruitment arrangements; (e) discounts; (f) 
medical staff credentialing; and (g) malpractice insurance subsidies. 
(In addition, the kickback risks associated with gainsharing 
arrangements are discussed below in section II.C of this guidance).
    Physicians are the primary referral source for hospitals, and, 
therefore, most of the discussion below focuses on hospitals' 
relationships with physicians. Notwithstanding, hospitals also receive 
referrals from other health care professionals, including physician 
assistants and nurse practitioners, and from other providers and 
suppliers (such as ambulance companies, clinics, hospices, home health 
agencies, nursing facilities, and other hospitals). Therefore, in 
addition to reviewing their relationships with physicians, hospitals 
should also review their relationships with non-physician referral 
sources to ensure that the relationships do not violate the anti-
kickback statute. The principles described in the following discussions 
can be used to assess the risk associated with relationships with both 
physician and non-physician referral sources.

a. Joint Ventures

    The OIG has a long-standing concern about joint venture 
arrangements between those in a position to refer or generate Federal 
health care program business and those providing items or services 
reimbursable by Federal health care programs.\44\ In the context of 
joint ventures, our chief concern is that remuneration from a joint 
venture might be a disguised payment for past or future referrals to 
the venture or to one

[[Page 32020]]

or more of its participants. Such remuneration may take a variety of 
forms, including dividends, profit distributions, or, with respect to 
contractual joint ventures, the economic benefit received under the 
terms of the operative contracts.
---------------------------------------------------------------------------

    \44\ See 1989 Special Fraud Alert on Joint Venture Arrangements, 
reprinted in the Federal Register, 59 FR 65372 (December 19, 1994), 
and available on our webpage at http://oig.hhs.gov/fraud/docs/alertsandbulletins/121994.html.
---------------------------------------------------------------------------

    When scrutinizing joint ventures under the anti-kickback statute, 
hospitals should examine the following factors, among others:

     The manner in which joint venture participants are 
selected and retained. If participants are selected or retained in a 
manner that takes into account, directly or indirectly, the value or 
volume of referrals, the joint venture is suspect. The existence of one 
or more of the following indicators suggests that there might be an 
improper nexus between the selection or retention of participants and 
the value or volume of their referrals:

--a substantial number of participants are in a position to make or 
influence referrals to the venture, other participants, or both;
--participants that are expected to make a large number of referrals 
are offered a greater or more favorable investment or business 
opportunity in the joint venture than those anticipated to make fewer 
referrals;
--participants are actively encouraged or required to make referrals to 
the joint venture;
--participants are encouraged or required to divest their ownership 
interest if they fail to sustain an ``acceptable'' level of referrals;
--the venture (or its participants) tracks its sources of referrals and 
distributes this information to the participants; or
--the investment interests are nontransferable or subject to transfer 
restrictions related to referrals.

     The manner in which the joint venture is structured. The 
structure of the joint venture is suspect if a participant is already 
engaged in the line of business to be conducted by the joint venture, 
and that participant will own all or most of the equipment, provide or 
perform all or most of the items or services, or take responsibility 
for all or most of the day-to-day operations. With this kind of 
structure, the co-participant's primary contribution is typically as a 
captive referral base.
     The manner in which the investments are financed and 
profits are distributed. The existence of one or more of the following 
indicators suggests that the joint venture may be a vehicle to disguise 
referrals:

--participants are offered investment shares for a nominal or no 
capital contribution;
--the amount of capital that participants invest is disproportionately 
small, and the returns on the investment are disproportionately large, 
when compared to a typical investment in a new business enterprise;
--participants are permitted to borrow their capital investments from 
another participant or from the joint venture, and to pay back the loan 
through deductions from profit distributions, thus eliminating even the 
need to contribute cash;
--participants are paid extraordinary returns on the investment in 
comparison with the risk involved; or
--a substantial portion of the gross revenues of the venture are 
derived from participant-driven referrals.
    In light of the obvious risk inherent in joint ventures, whenever 
possible, hospitals should structure joint ventures to fit squarely in 
one of the following safe harbors for investment interests:

     the ``small entity'' investment safe harbor, 42 CFR 
1001.952(a)(2), which applies to returns on investments as long as no 
more than 40 percent of the investment interests are held by investors 
who are in a position to make or influence referrals to, furnish items 
or services to, or otherwise generate business for the venture 
(interested investors), no more than 40 percent of revenues come from 
referrals or business otherwise generated from investors, and all other 
conditions are satisfied; \45\
---------------------------------------------------------------------------

    \45\ There is also a safe harbor for investment interests in 
large entities (i.e., entities with over fifty million dollars in 
assets), 42 CFR 1001.952(a)(1).
---------------------------------------------------------------------------

     the safe harbor for investment interests in an entity 
located in an underserved area, 42 CFR 1001.952(a)(3), which applies to 
ventures located in medically underserved areas (as defined in 
regulations issued by the Department and set forth at 42 CFR part 51c), 
as long as no more than 50 percent of the investment interests are held 
by interested investors and all other conditions are satisfied; or
     the hospital-physician ambulatory surgical center (ASC) 
safe harbor, 42 CFR 1001.952(r)(4). This safe harbor only protects 
investments in Medicare-certified ASCs owned by hospitals and certain 
qualifying physicians. Importantly, it does not protect investments by 
hospitals and physicians in non-ASC clinical joint ventures, including, 
for example, cardiac catheterization or vascular labs, oncology 
centers, and dialysis facilities. Investors in such clinical ventures 
should look to other safe harbors and to the factors noted above.

    These safe harbors protect remuneration in the form of returns on 
investment interests (i.e., money paid by an entity to its owners or 
investors as dividends, profit distributions, or the like). However, 
they do not protect payments made by participating investors to a 
venture or payments made by the venture to other parties, such as 
vendors, contractors, or employees (although in some cases these 
arrangements may fit in other safe harbors).
    As we originally observed in our 1989 Special Fraud Alert on Joint 
Venture Arrangements,\46\ joint ventures may take a variety of forms, 
including a contractual arrangement between two or more parties to 
cooperate in a common and distinct enterprise providing items or 
services, thereby creating a ``contractual joint venture.'' We 
elaborated more fully on contractual joint ventures in our 2003 Special 
Advisory Bulletin on Contractual Joint Ventures.\47\ Contractual joint 
ventures pose the same kinds of risks as equity joint ventures and 
should be analyzed similarly. Factors to consider include, for example, 
whether the hospital is expanding into a new line of business created 
predominately or exclusively to serve the hospital's existing patient 
base, whether a would-be competitor of the new line of business is 
providing all or most of the key services, and whether the hospital 
assumes little or no bona fide business risk. An example of a 
potentially problematic contractual joint venture would be a hospital 
contracting with an existing durable medical equipment (DME) supplier 
to operate the hospital's newly formed DME subsidiary (with its own DME 
supplier number) on essentially a turnkey basis, with the hospital 
primarily furnishing referrals and assuming little or no business 
risk.\48\
---------------------------------------------------------------------------

    \46\ See 1989 Special Fraud Alert on Joint Venture Arrangements, 
supra note 44.
    \47\ This Special Advisory Bulletin is available on our webpage 
at http://oig.hhs.gov/fraud/docs/alertsandbulletins/042303SABJointVentures.pdf.
    \48\ Contractual ventures with existing clinical laboratories 
and outpatient therapy providers, among others, are also potentially 
problematic, particularly if the venture is functionally a turnkey 
operation that enables a hospital to use its captive referrals to 
expand into a new line of business with little or no contribution of 
resources or assumption of real risk.
---------------------------------------------------------------------------

    Hospitals should be aware that, for reasons described in our 2003 
Special Advisory Bulletin on Contractual Joint Ventures,\49\ safe 
harbor protection may

[[Page 32021]]

not be available for contractual joint ventures, and attempts to carve 
out separate contracts and qualify each separately for safe harbor 
protection may be ineffectual and leave the parties at risk under the 
statute.\50\
---------------------------------------------------------------------------

    \49\ See 2003 Special Advisory Bulletin on Contractual Joint 
Ventures, supra note 47.
    \50\ The Medicare program permits hospitals to furnish services 
``under arrangements'' with other providers or suppliers. Hospitals 
frequently furnish services ``under arrangements'' with an entity 
owned, in whole or in part, by referring physicians. Standing alone, 
these ``under arrangements'' relationships do not fall within the 
scope of problematic contractual joint ventures described in the 
Special Fraud Alert; however, these relationships will violate the 
anti-kickback statute if remuneration is purposefully offered or 
paid to induce referrals (e.g., paying above-market rates for the 
services to influence referrals or otherwise tying the arrangements 
to referrals in any manner). These ``under arrangements'' 
relationships should be structured, when possible, to fit within an 
anti-kickback safe harbor. They must fit within a Stark exception, 
even if the service furnished ``under arrangements'' is not itself a 
DHS. See 66 FR 941-2 (January 4, 2001); 69 FR 16054, 16106 (March 
26, 2004).
---------------------------------------------------------------------------

    If a hospital is planning to participate, directly or indirectly, 
in a joint venture involving referring physicians and the venture does 
not qualify for safe harbor protection, the hospital should scrutinize 
the venture with care, taking into account the factors noted above, and 
consider obtaining advice from an experienced attorney. At a minimum, 
to reduce (but not necessarily eliminate) the risk of abuse, hospitals 
should consider (i) barring physicians employed by the hospital or its 
affiliates from referring to the joint venture; (ii) taking steps to 
ensure that medical staff and other affiliated physicians are not 
encouraged in any manner to refer to the joint venture; (iii) notifying 
physicians annually in writing of the preceding policy; (iv) refraining 
from tracking in any manner the volume of referrals attributable to 
particular referrals sources; (v) ensuring that no physician 
compensation is tied in any manner to the volume or value of referrals 
to, or other business generated for, the venture; (vi) disclosing all 
financial interests to patients;\51\ and (vii) requiring that other 
participants in the joint venture adopt similar steps.
---------------------------------------------------------------------------

    \51\ While disclosure to patients does not offer sufficient 
protection against Federal health care program abuse, effective and 
meaningful disclosure offers some protection against possible abuses 
of patient trust.
---------------------------------------------------------------------------

b. Compensation Arrangements With Physicians

    Hospitals enter into a variety of compensation arrangements with 
physicians whereby physicians provide items or services to, or on 
behalf of, the hospital. Conversely, in some arrangements, hospitals 
provide items or services to physicians. Examples of these compensation 
arrangements include, without limitation, medical director agreements, 
personal or management services agreements, space or equipment leases, 
and agreements for the provision of billing, nursing, or other staff 
services. Although many compensation arrangements are legitimate 
business arrangements, compensation arrangements may violate the anti-
kickback statute if one purpose of the arrangement is to compensate 
physicians for past or future referrals.\52\
---------------------------------------------------------------------------

    \52\ As previously noted, a hospital should ensure that each 
compensation arrangement with a referring physician fits squarely in 
a statutory or regulatory exception to the Stark law.
---------------------------------------------------------------------------

    The general rule of thumb is that any remuneration flowing between 
hospitals and physicians should be at fair market value for actual and 
necessary items furnished or services rendered based upon an arm's-
length transaction and should not take into account, directly or 
indirectly, the value or volume of any past or future referrals or 
other business generated between the parties. Arrangements under which 
hospitals provide physicians with items or services for free or less 
than fair market value, relieve physicians of financial obligations 
they would otherwise incur, or inflate compensation paid to physicians 
for items or services pose significant risk. In such circumstances, an 
inference arises that the remuneration may be in exchange for 
generating business.
    In particular, hospitals should review their physician compensation 
arrangements and carefully assess the risk of fraud and abuse using the 
following factors, among others:
     Are the items and services obtained from a physician 
legitimate, commercially reasonable, and necessary to achieve a 
legitimate business purpose of the hospital (apart from obtaining 
referrals)? Assuming that the hospital needs the items and services, 
does the hospital have multiple arrangements with different physicians, 
so that in the aggregate the items or services provided by all 
physicians exceed the hospital's actual needs (apart from generating 
business)?
     Does the compensation represent fair market value in an 
arm's-length transaction for the items and services? Could the hospital 
obtain the services from a non-referral source at a cheaper rate or 
under more favorable terms? Does the remuneration take into account, 
directly or indirectly, the value or volume of any past or future 
referrals or other business generated between the parties? Is the 
compensation tied, directly or indirectly, to Federal health care 
program reimbursement?
     Is the determination of fair market value based upon a 
reasonable methodology that is uniformly applied and properly 
documented? If fair market value is based on comparables, the hospital 
should ensure that the comparison entities are not actual or potential 
referral sources, so that the market rate for the services is not 
distorted.
     Is the compensation commensurate with the fair market 
value of a physician with the skill level and experience reasonably 
necessary to perform the contracted services?
     Were the physicians selected to participate in the 
arrangement in whole or in part because of their past or anticipated 
referrals?
     Is the arrangement properly and fully documented in 
writing? Are the physicians documenting the services they provide? Is 
the hospital monitoring the services?
     In the case of physicians staffing hospital outpatient 
departments, are safeguards in place to ensure that the physicians do 
not use hospital outpatient space, equipment, or personnel to conduct 
their private practice and that they bill the appropriate site-of-
service modifier?

    Whenever possible, hospitals should structure their compensation 
arrangements with physicians to fit in a safe harbor. Potentially 
applicable are the space rental safe harbor, 42 CFR 1001.952(b), the 
equipment rental safe harbor, 42 CFR 1001.952(c), the personal services 
and management contracts safe harbor, 42 CFR 1001.952(d), the sale of 
practice safe harbor, 42 CFR 1001.952(e), the referral services safe 
harbor, 42 CFR 1001.952(f), the employee safe harbor, 42 CFR 
1001.952(i), the practitioner recruitment safe harbor, 42 CFR 
1001.952(n), and the obstetrical malpractice insurance subsidies safe 
harbor, 42 CFR 1001.952(o). An arrangement must fit squarely in a safe 
harbor to be protected. Arrangements that do not fit in a safe harbor 
should be reviewed in light of the totality of all facts and 
circumstances. At minimum, hospitals should develop policies and 
procedures requiring physicians to document, and the hospital to 
monitor, the services or items provided under compensation arrangements 
(including, for example, by using written time reports). In some cases, 
particularly rentals, hospitals should consider obtaining an 
independent fair market valuation using appropriate health care 
valuation standards.
    Arrangements between hospitals and hospital-based physicians (e.g.,

[[Page 32022]]

anesthesiologists, radiologists, and pathologists) raise some different 
concerns. In these arrangements, it is typically the hospitals making 
referrals to the physicians, rather than the physicians making 
referrals to the hospitals. Such arrangements may violate the anti-
kickback statute if the arrangements: (i) Compensate physicians for 
less than the fair market value of goods or services provided by the 
physicians to the hospitals; or (ii) require physicians to pay more 
than the fair market value for services provided by the hospitals.\53\ 
We are aware that hospitals have long provided for the delivery of 
certain hospital-based physician services through the grant of a 
contract to a physician or physician group akin to a franchise, which 
shifts management, staffing, and other administrative functions, and in 
some cases limited clinical duties, to physicians at no cost to the 
hospitals. Such arrangements are of value to the hospital as well as 
the physicians, value that may well have nothing to do with the value 
or volume of referrals flowing from the hospital to the hospital-based 
physicians. In an appropriate context, an arrangement that requires a 
hospital-based physician or physician group to perform reasonable 
administrative or clinical duties directly related to their hospital-
based professional services at no charge to the hospital or its 
patients would not violate the anti-kickback statute. Whether a 
particular arrangement with hospital-based physicians runs afoul of the 
anti-kickback statute would depend on the specific facts and 
circumstances, including the intent of the parties.
---------------------------------------------------------------------------

    \53\ Arrangements between hospitals and hospital-based 
physicians were the topic of a Management Advisory Report (MAR) 
titled ``Financial Arrangements Between Hospitals and Hospital-Based 
Physicians,'' OEI-09-89-00330, available on our webpage at http://oig.hhs.gov/oei/reports/oei-09-89-00330.pdf.
---------------------------------------------------------------------------

c. Relationships With Other Health Care Entities

    As addressed in the preceding subsection, hospitals may obtain 
referrals of Federal health care program business from a variety of 
health care professionals and entities. In addition, when furnishing 
inpatient, outpatient, and related services, hospitals often direct or 
influence referrals for items and services reimbursable by Federal 
health care programs. For example, hospitals may refer patients to, or 
order items or services from, home health agencies,\54\ skilled nursing 
facilities, durable medical equipment companies, laboratories, 
pharmaceutical companies, and other hospitals. In cases where a 
hospital is the referral source for other providers or suppliers, it 
would be prudent for the hospital to scrutinize carefully any 
remuneration flowing to the hospital from the provider or supplier to 
ensure compliance with the anti-kickback statute, using the principles 
outlined above. Remuneration may include, for example, free or below-
market-value items and services or the relief of a financial 
obligation.
---------------------------------------------------------------------------

    \54\ When referring to home health agencies, hospitals must 
comply with section 1861(ee)(2)(D) and (H) of the Act, requiring 
that Medicare participating hospitals, as part of the discharge 
planning process, (i) share with each beneficiary a list of 
Medicare-certified home health agencies that serve the beneficiary's 
geographic area and that request to be listed and (ii) identify any 
home health agency in which the hospital has a disclosable financial 
interest or that has a financial interest in the hospital.
---------------------------------------------------------------------------

    Hospitals should also review their managed care arrangements to 
ensure compliance with the anti-kickback statute. Managed care 
arrangements that do not fit within one of the managed care and risk 
sharing safe harbors at 42 CFR 1001.952(m), (t), or (u) must be 
evaluated on a case-by-case basis.

d. Recruitment Arrangements

    Many hospitals provide incentives to recruit a physician or other 
health care professional to join the hospital's medical staff and 
provide medical services to the surrounding community. When used to 
bring needed physicians to an underserved community, these arrangements 
can benefit patients. However, recruitment arrangements pose 
substantial fraud and abuse risk.
    In most cases, the recruited physician establishes a private 
practice in the community instead of becoming a hospital employee.\55\ 
Such arrangements potentially implicate the anti-kickback statute if 
one purpose of the recruitment arrangement is to induce referrals to 
the recruiting hospital. Safe harbor protection is available for 
certain recruitment arrangements offered by hospitals to attract 
primary care physicians and practitioners to health professional 
shortage areas (HPSAs), as defined in regulations issued by the 
Department.\56\ The scope of this safe harbor is very limited. In 
particular, the safe harbor does not protect (a) recruitment 
arrangements in areas that are not designated as HPSAs, (b) recruitment 
of specialists, or (c) joint recruitment with existing physician 
practices in the area.
---------------------------------------------------------------------------

    \55\ Properly structured, payments to physicians who become 
hospital employees may be protected by the employee safe harbor at 
42 CFR 1001.952(i).
    \56\ See 42 CFR 1001.952(n).
---------------------------------------------------------------------------

    Because of the significant risk of fraud and abuse posed by 
improper recruitment arrangements, hospitals should scrutinize these 
arrangements with care. When assessing the degree of risk associated 
with recruitment arrangements, hospitals should examine the following 
factors, among others:

     The size and value of the recruitment benefit. Does the 
benefit exceed what is reasonably necessary to attract a qualified 
physician to the particular community? Has the hospital previously 
tried and failed to recruit or retain physicians?
     The duration of payout of the recruitment benefit. Total 
benefit payout periods extending longer than three years from the 
initial recruitment agreement should trigger heightened scrutiny.
     The practice of the existing physician. Is the physician a 
new physician with few or no patients or an established practitioner 
with a ready stream of referrals? Is the physician relocating from a 
substantial distance so that referrals are unlikely to follow or is it 
possible for the physician to bring an established patient base?
     The need for the recruitment. Is the recruited physician's 
specialty necessary to provide adequate access to medically necessary 
care for patients in the community? Do patients already have reasonable 
access to comparable services from other providers or practitioners in 
or near the community? An assessment of community need based wholly or 
partially on the competitive interests of the recruiting hospital or 
existing physician practices would subject the recruitment payments to 
heightened scrutiny under the statute.

    Significantly, hospitals should be aware that the practitioner 
recruitment safe harbor does not protect ``joint recruitment'' 
arrangements between hospitals and other entities or individuals, such 
as solo practitioners, group practices, or managed care organizations, 
pursuant to which the hospital makes payments directly or indirectly to 
the other entity or individual. These joint recruitment arrangements 
present a high risk of fraud and abuse and have been the subject of 
recent government investigations and prosecutions. These arrangements 
can easily be used as vehicles to disguise payments from the hospital 
to an existing referral source--typically an existing physician 
practice--in exchange for the existing practice's referrals to the 
hospital. Suspect payments to existing referral sources may include, 
among other things, income guarantees that shift costs from the 
existing referral source to the recruited physician and overhead

[[Page 32023]]

and build-out costs funded for the benefit of the existing referral 
source. Hospitals should review all ``joint recruiting'' arrangements 
to ensure that remuneration does not inure in whole or in part to the 
benefit of any party other than the recruited physician.

e. Discounts

    Public policy favors open and legitimate price competition in 
health care. Thus, the anti-kickback statute contains an exception for 
discounts offered to customers that submit claims to the Federal health 
care programs, if the discounts are properly disclosed and accurately 
reported.\57\ However, to qualify for the exception, the discount must 
be in the form of a reduction in the price of the good or service based 
on an arm's-length transaction. In other words, the exception covers 
only reductions in the product's price. Moreover, the regulation 
provides that the discount must be given at the time of sale or, in 
certain cases, set at the time of sale, even if finally determined 
subsequent to the time of sale (i.e., a rebate).
---------------------------------------------------------------------------

    \57\ See 42 U.S.C. 1320a-7b(b)(3)(A); 42 CFR 1001.952(h).
---------------------------------------------------------------------------

    In conducting business, hospitals sell and purchase items and 
services reimbursable by Federal health care programs. Therefore, 
hospitals should thoroughly familiarize themselves with the discount 
safe harbor at 42 CFR 1001.952(h). In particular, depending on their 
role in the arrangement, hospitals should pay attention to the discount 
safe harbor requirements applicable to ``buyers,'' ``sellers,'' or 
``offerors.'' Compliance with the safe harbor is determined separately 
for each party. In general, hospitals should ensure that all 
discounts--including rebates--are properly disclosed and accurately 
reflected on hospital cost reports. If a hospital offers a discount on 
an item or service to a buyer, it should ensure that the discount is 
properly disclosed on the invoice or other documentation for the item 
or service.
    The discount safe harbor does not protect a discount offered to one 
payor but not to the Federal health care programs. Accordingly, in 
negotiating discounts for items and services paid from a hospital's 
pocket (such as those reimbursed under the Medicare Part A prospective 
payment system), the hospital should ensure that there is no link or 
connection, explicit or implicit, between discounts offered or 
solicited for that business and the hospital's referral of business 
billable by the seller directly to Medicare or another Federal health 
care program. For example, a hospital should not engage in ``swapping'' 
by accepting from a supplier an unreasonably low price on Part A 
services that the hospital pays for out of its own pocket in exchange 
for hospital referrals that are billable by the supplier directly to 
Part B (e.g., ambulance services). Suspect arrangements include below-
cost arrangements or arrangements at prices lower than the prices 
offered by the supplier to other customers with similar volumes of 
business, but without Federal health care program referrals.
    Hospitals may also receive discounts on items and services 
purchased through group purchasing organizations (GPOs). Discounts 
received from a vendor in connection with a GPO to which a hospital 
belongs should be properly disclosed and accurately reported on the 
hospital cost reports. Although there is a safe harbor for payments 
made by a vendor to a GPO as part of an agreement to furnish items or 
services to a group of individuals or entities, 42 CFR 1001.952(k), the 
safe harbor does not protect the discount received by the individual or 
entity.\58\
---------------------------------------------------------------------------

    \58\ To preclude improper shifting of discounts, the safe harbor 
excludes GPOs that wholly own their members or have members that are 
subsidiaries of the parent company that wholly owns the GPO. 
Hospitals with affiliated GPOs should be mindful of these 
limitations.
---------------------------------------------------------------------------

f. Medical Staff Credentialing

    Certain medical staff credentialing practices may implicate the 
anti-kickback statute. For example, conditioning privileges on a 
particular number of referrals or requiring the performance of a 
particular number of procedures, beyond volumes necessary to ensure 
clinical proficiency, potentially raise substantial risks under the 
statute. On the other hand, a credentialing policy that categorically 
refuses privileges to physicians with significant conflicts of interest 
would not appear to implicate the statute in most situations. Hospitals 
are advised to examine their credentialing practices to ensure that 
they do not run afoul of the anti-kickback statute. The OIG has 
solicited comments about, and is considering, whether further guidance 
in this area is appropriate.\59\
---------------------------------------------------------------------------

    \59\ See our ``Solicitation of New Safe Harbors and Special 
Fraud Alerts,'' 67 FR 72894 (December 9, 2002), available on our 
webpage at http://oig.hhs.gov/authorities/docs/solicitationannsafeharbor.pdf.
---------------------------------------------------------------------------

g. Malpractice Insurance Subsidies

    The OIG historically has been concerned that a hospital's subsidy 
of malpractice insurance premiums for potential referral sources, 
including hospital medical staff, may be suspect under the anti-
kickback statute, because the payments may be used to influence 
referrals. The OIG has established a safe harbor for medical 
malpractice premium subsidies provided to obstetrical care 
practitioners in primary health care shortage areas.\60\ Depending on 
the circumstances, premium support may also be structured to fit in 
other safe harbors.
---------------------------------------------------------------------------

    \60\ See 42 CFR 1001.952(o).
---------------------------------------------------------------------------

    We are aware of the current disruption (i.e., dramatic premium 
increases, insurers' withdrawals from certain markets, and/or sudden 
termination of coverage based upon factors other than the physicians' 
claims history) in the medical malpractice liability insurance markets 
in some States.\61\ Notwithstanding, hospitals should review 
malpractice insurance subsidy arrangements closely to ensure that there 
is no improper inducement to referral sources. Relevant factors 
include, without limitation:
---------------------------------------------------------------------------

    \61\ See OIG letter on hospital corporation's medical 
malpractice insurance assistance program, available on our webpage 
at http://oig.hhs.gov/fraud/docs/alertsandbulletins/MalpracticeProgram.pdf.

     Whether the subsidy is being provided on an interim basis 
for a fixed period in a State or States experiencing severe access or 
affordability problems;
     whether the subsidy is being offered only to current 
active medical staff (or physicians new to the locality or in practice 
less than a year, i.e., physicians with no or few established 
patients);
     whether the criteria for receiving a subsidy is unrelated 
to the volume or value of referrals or other business generated by the 
subsidized physician or his practice;
     whether physicians receiving subsidies are paying at least 
as much as they currently pay for malpractice insurance (i.e., are 
windfalls to physicians avoided);
     whether physicians are required to perform services or 
relinquish rights, which have a value equal to the fair market value of 
the insurance assistance; and
     whether the insurance is available regardless of the 
location at which the physician provides services, including, but not 
limited to, other hospitals.

    No one of these factors is determinative, and this list is 
illustrative, not exhaustive, of potential considerations in connection 
with the provision of malpractice insurance subsidies. Parties 
contemplating malpractice subsidy programs that do not fit into one of 
the safe harbors may want to consider obtaining an advisory opinion. 
Parties should also be mindful

[[Page 32024]]

that these subsidy arrangements also implicate the Stark law.

C. Payments To Reduce or Limit Services: Gainsharing Arrangements

    The civil monetary penalty set forth in section 1128A(b)(1) of the 
Act prohibits a hospital from knowingly making a payment directly or 
indirectly to a physician as an inducement to reduce or limit items or 
services furnished to Medicare or Medicaid beneficiaries under the 
physician's direct care.\62\ Hospitals that make (and physicians that 
receive) such payments are liable for civil monetary penalties (CMPs) 
of up to $2,000 per patient covered by the payments.\63\ The statutory 
proscription is very broad. The payment need not be tied to an actual 
diminution in care, so long as the hospital knows that the payment may 
influence the physician to reduce or limit services to his or her 
patients. There is no requirement that the prohibited payment be tied 
to a specific patient or to a reduction in medically necessary care. In 
short, any hospital incentive plan that encourages physicians through 
payments to reduce or limit clinical services directly or indirectly 
violates the statute.
---------------------------------------------------------------------------

    \62\ The prohibition applies only to reductions or limitations 
of items or services provided to Medicare and Medicaid fee-for-
service beneficiaries. See section 1128A(b)(1)(A) of the Act. See 
also our August 19, 1999 letter regarding ``Social Security Act 
sections 1128A(b)(1) and (2) and hospital-physician incentive plans 
for Medicare or Medicaid beneficiaries enrolled in managed care 
plans,'' available on our webpage at http://oig.hhs.gov/fraud/docs/alertsandbulletins/gsletter.htm.
    \63\ See sections 1128A(b)(1)(B) & (b)(2) of the Act.
---------------------------------------------------------------------------

    We are aware that a number of hospitals are engaged in, or 
considering entering into, incentive arrangements commonly called 
``gainsharing.'' While there is no fixed definition of a 
``gainsharing'' arrangement, the term typically refers to an 
arrangement in which a hospital gives physicians a percentage share of 
any reduction in the hospital's costs for patient care attributable in 
part to the physicians' efforts. We recognize that, properly 
structured, gainsharing arrangements can serve legitimate business and 
medical purposes, such as increasing efficiency, reducing waste, and, 
thereby, potentially increasing a hospital's profitability. However, 
the plain language of section 1128A(b)(1) of the Act prohibits tying 
the physicians' compensation for services to reductions or limitations 
in items or services provided to patients under the physicians' 
clinical care.\64\
---------------------------------------------------------------------------

    \64\ A detailed discussion of gainsharing can be found in our 
July 1999 Special Advisory Bulletin titled ``Gainsharing 
Arrangements and CMPs for Hospital Payments to Physicians to Reduce 
or Limit Services to Beneficiaries,'' available on our webpage at 
http://oig.hhs.gov/fraud/docs/alertsandbulletins/gainsh.htm.
---------------------------------------------------------------------------

    In addition to the CMP risks described above, gainsharing 
arrangements can also implicate the anti-kickback statute if the cost-
savings payments are used to influence referrals. For example, the 
statute is potentially implicated if a gainsharing arrangement is 
intended to influence physicians to ``cherry pick'' healthy patients 
for the hospital offering gainsharing payments and steer sicker (and 
more costly) patients to hospitals that do not offer gainsharing 
payments. Similarly, the statute may be implicated if a hospital offers 
a cost-sharing program with the intent to foster physician loyalty and 
attract more referrals. In addition, we have serious concerns about 
overly broad arrangements under which a physician continues for an 
extended time to reap the benefits of previously-achieved savings or 
receives cost-savings payments unrelated to anything done by the 
physician, whether work, services, or other undertaking (e.g., a change 
in the way the physician practices).
    Wherever possible, hospitals should consider structuring cost-
saving arrangements to fit in the personal services safe harbor. 
However, in many cases, protection under the personal services safe 
harbor is not available because gainsharing arrangements typically 
involve a percentage payment (i.e., the aggregate fee will not be set 
in advance, as required by the safe harbor). Finally, gainsharing 
arrangements may also implicate the Stark law.

D. Emergency Medical Treatment and Labor Act (EMTALA)

    Hospitals should review their obligations under EMTALA (section 
1867 of the Act) to evaluate and treat individuals who come to their 
emergency departments and other facilities. Hospitals should pay 
particular attention to when an individual must receive a medical 
screening exam to determine whether that individual is suffering from 
an emergency medical condition. When such a screening or treatment of 
an emergency medical condition is required, it cannot be delayed to 
inquire about an individual's method of payment or insurance status. If 
the hospital's emergency department (ED) is ``on diversion'' and an 
individual comes to the ED for evaluation or treatment of a medical 
condition, the hospital is required to provide such services despite 
its diversionary status.
    Hospital emergency departments may not transfer an individual with 
an unstable emergency medical condition unless the benefits of such a 
transfer outweigh the risks. In such circumstances, the hospital must 
arrange for a transfer that will minimize the risks to the individual 
and that has been prearranged with the facility to which the individual 
is being transferred. Moreover, when a hospital receives a call from 
another facility requesting that it accept an appropriate transfer of a 
patient with an emergency, it must accept that patient for transfer if 
it has specialized capabilities to treat the patient that the 
transferring hospital does not have and it has the capacity to treat 
the patient.
    A hospital must provide appropriate screening and treatment 
services within the full capabilities of its staff and facilities. This 
includes access to specialists who are on call. Thus, hospital policies 
and procedures should be clear on how to access the full services of 
the hospital and all staff should understand the hospital's obligations 
to patients under EMTALA. In particular, on-call physicians need to be 
educated as to their responsibilities to emergency patients, including 
the responsibility to accept appropriately transferred patients from 
other facilities. In addition, all persons working in emergency 
departments should be periodically trained and reminded of the 
hospital's EMTALA obligations and hospital policies and procedures 
designed to ensure that such obligations are met.
    For further information about EMTALA, hospitals are directed to: 
(i) The anti-dumping statute at section 1867 of the Act; (ii) the anti-
dumping statute's implementing regulations at 42 CFR part 489; (iii) 
our 1999 Special Advisory Bulletin on the Patient Anti-Dumping Statute, 
64 FR 61353 (November 10, 1999), available on our webpage at http://oig.hhs.gov/fraud/docs/alertsandbulletins/frdump.pdf; and (iv) CMS's 
EMTALA resource webpage located at http://www.cms.gov/providers/emtala/emtala.asp.

E. Substandard Care

    The OIG has authority to exclude any individual or entity from 
participation in Federal health care programs if the individual or 
entity provides unnecessary items or services (i.e., items or services 
in excess of the needs of a patient) or substandard items or services 
(i.e., items or services of a quality which fails to meet 
professionally recognized

[[Page 32025]]

standards of health care).\65\ Significantly, neither knowledge nor 
intent is required for exclusion under this provision. The exclusion 
can be based upon unnecessary or substandard items or services provided 
to any patient, even if that patient is not a Medicare or Medicaid 
beneficiary.
---------------------------------------------------------------------------

    \65\ See section 1128(b)(6)(B) of the Act, which is available 
through the Internet at http://www4.law. cornell.edu/uscode /42/
1320a-7.html.
---------------------------------------------------------------------------

    We are mindful that the vast majority of hospitals are fully 
committed to providing quality care to their patients. To achieve their 
quality-related goals, hospitals should continually measure their 
performance against comprehensive standards. For example, hospitals 
should meet all of the Medicare hospital conditions of participation 
(COP), including without limitation, the COP pertaining to a quality 
assessment and performance program at 42 CFR 482.21 and the hospital 
COP pertaining to the medical staff at 42 CFR 482.22. Hospitals that 
have elected to be reviewed by the Joint Commission on Accreditation of 
Healthcare Organizations (JCAHO) should maintain their JCAHO 
accreditation.\66\ In addition, hospitals should develop their own 
quality of care protocols and implement mechanisms for evaluating 
compliance with those protocols.
---------------------------------------------------------------------------

    \66\ JCAHO's Comprehensive Accreditation Manual for Hospitals is 
available through the Internet at http://www.jcrinc.com/subscribers/perspectives. asp?durki=6065 &site=10&return=2815.
---------------------------------------------------------------------------

    Finally, in reviewing the quality of care provided, hospitals must 
not limit their review to the quality of their nursing and other 
ancillary services. Instead, hospitals must also take an active part in 
monitoring the quality of medical services provided at the hospital by 
appropriately overseeing the credentialing and peer review of their 
medical staffs.

F. Relationships With Federal Health Care Beneficiaries

    Hospitals' relationships with Federal health care beneficiaries may 
also implicate the fraud and abuse laws. In particular, hospitals 
should be aware that section 1128A(a)(5) of the Act authorizes the OIG 
to impose CMPs on hospitals (and others) that offer or transfer 
remuneration to a Medicare or Medicaid beneficiary that the offeror 
knows or should know is likely to influence the beneficiary to order or 
receive items or services from a particular provider, practitioner, or 
supplier for which payment may be made under the Medicare or Medicaid 
programs. The definition of ``remuneration'' expressly includes the 
offer or transfer of items or services for free or other than fair 
market value, including the waiver of all or part of a Medicare or 
Medicaid cost-sharing amount.\67\ In other words, hospitals may not 
offer valuable items or services to Medicare or Medicaid beneficiaries 
to attract their business. In this regard, hospitals should familiarize 
themselves with the OIG's August 2002 Special Advisory Bulletin on 
Offering Gifts and Other Inducements to Beneficiaries.\68\
---------------------------------------------------------------------------

    \67\ See section 1128A(i)(6) of the Act.
    \68\ The Special Advisory Bulletin on Offering Gifts and Other 
Inducements to Beneficiaries, 65 FR 24400, 24411 (April 26, 2000), 
is available on our webpage at http://oig.hhs.gov/fraud/docs/alertsandbulletins/SABGiftsandInducements.pdf.
---------------------------------------------------------------------------

1. Gifts and Gratuities
    Hospitals should scrutinize any offers of gifts or gratuities to 
beneficiaries for compliance with the CMP provision prohibiting 
inducements to Medicare and Medicaid beneficiaries. The key inquiry 
under the CMP is whether the remuneration is something that the 
hospital knows or should know is likely to influence the beneficiary's 
selection of a particular provider, practitioner, or supplier for 
Medicare or Medicaid payable services. As interpreted by the OIG, 
section 1128A(a)(5) does not apply to the provision of items or 
services valued at less than $10 per item and $50 per patient in the 
aggregate on an annual basis.\69\ A special exception for incentives to 
promote the delivery of preventive care services is discussed below at 
section II.I.2.
---------------------------------------------------------------------------

    \69\ See id.
---------------------------------------------------------------------------

2. Cost-Sharing Waivers
    In general, hospitals are obligated to collect cost-sharing amounts 
owed by Federal health care program beneficiaries. Waiving owed amounts 
may constitute prohibited remuneration to beneficiaries under section 
1128A(a)(5) of the Act or the anti-kickback statute. Certain waivers of 
Part A inpatient cost-sharing amounts may be protected by structuring 
them to fit in the safe harbor for waivers of beneficiary inpatient 
coinsurance and deductible amounts at 42 CFR 1001.952(k). In 
particular, under the safe harbor, waived amounts may not be claimed as 
bad debt; the waivers must be offered uniformly across the board, 
without regard to the reason for admission, length of stay, or DRG; and 
waivers may not be made as part of any agreement with a third party 
payer, unless the third party payer is a Medicare SELECT plan under 
section 1882(t)(1) of the Act.\70\
---------------------------------------------------------------------------

    \70\ The OIG has proposed a rule to extend this safe harbor to 
protect waivers of Part B cost-sharing amounts pursuant to 
agreements with Medicare SELECT plans. See 67 FR 60202 (September 
25, 2002), available on our webpage at http://oig.hhs.gov/fraud/docs/safeharborregulations/MedicareSELECTNPRMFederalRegister.pdf. 
However, the OIG is still considering comments on this rule, and it 
has not been finalized.
---------------------------------------------------------------------------

    In addition, hospitals (and others) may waive cost-sharing amounts 
on the basis of a beneficiary's financial need, so long as the waiver 
is not routine, not advertised, and made pursuant to a good faith, 
individualized assessment of the beneficiary's financial need or after 
reasonable collection efforts have failed.\71\ The OIG recognizes that 
what constitutes a good faith determination of ``financial need'' may 
vary depending on the individual patient's circumstances and that 
hospitals should have flexibility to take into account relevant 
variables. These factors may include, for example:
---------------------------------------------------------------------------

    \71\ See section 1128A(a)(6)(A) of the Act.

     The local cost of living;
     a patient's income, assets, and expenses;
     a patient's family size; and
     the scope and extent of a patient's medical bills.

    Hospitals should use a reasonable set of financial need guidelines 
that are based on objective criteria and appropriate for the applicable 
locality. The guidelines should be applied uniformly in all cases. 
While hospitals have flexibility in making the determination of 
financial need, we do not believe it is appropriate to apply inflated 
income guidelines that result in waivers for beneficiaries who are not 
in genuine financial need. Hospitals should consider that the financial 
status of a patient may change over time and should recheck a patient's 
eligibility at reasonable intervals sufficient to ensure that the 
patient remains in financial need. For example, a patient who obtains 
outpatient hospital services several times a week would not need to be 
rechecked every visit. Hospitals should take reasonable measures to 
document their determinations of Medicare beneficiaries' financial 
need. We are aware that in some situations patients may be reluctant or 
unable to provide documentation of their financial status. In those 
cases, hospitals may be able to use other reasonable methods for 
determining financial need, including, for example, documented patient 
interviews or questionnaires.
    In sum, hospitals should review their waiver policies to ensure 
that the policies and the manner in which they are implemented comply 
with all applicable laws. For more information about cost-sharing 
waivers, hospitals should review our February 2, 2004

[[Page 32026]]

paper on ``Hospital Discounts Offered To Patients Who Cannot Afford To 
Pay Their Hospital Bills,'' containing a section titled ``Reductions or 
Waivers of Cost-Sharing Amounts for Medicare Beneficiaries Experiencing 
Financial Hardship'' and available on our webpage at http://oig.hhs.gov/fraud/docs/alertsandbulletins/2004/FA021904hospitaldiscounts.pdf.\72\
---------------------------------------------------------------------------

    \72\ See also OIG's Special Fraud Alert on Routine Waiver of 
Copayments or Deductibles Under Medicare Part B, issued May 1991, 
republished in the Federal Register at 59 FR 65373, 65374 (December 
19, 1994), and available on our webpage at http://oig.hhs.gov/fraud/docs/alertsandbulletins/121994.html.
---------------------------------------------------------------------------

3. Free Transportation
    The plain language of the CMP prohibits offering free 
transportation to Medicare or Medicaid beneficiaries to influence their 
selection of a particular provider, practitioner, or supplier. 
Notwithstanding, hospitals can offer free local transportation of low 
value (i.e., within the $10 per item and $50 annual limits).\73\ Luxury 
and specialized transportation, such as limousines or ambulances, would 
exceed the low value threshold and are problematic, as are arrangements 
tied in any manner to the volume or value of referrals and arrangements 
tied to particularly lucrative treatments or medical conditions. 
However, we have indicated that we are considering developing a 
regulatory exception for some complimentary local transportation 
provided to beneficiaries residing in a hospital's primary service 
area.\74\ Accordingly, until such time as we promulgate a final rule on 
complimentary local transportation under section 1128A(a)(5) or 
indicate our intention not to proceed with such rule, we have indicated 
that we will not impose administrative sanctions for violations of 
section 1128A(a)(5) of the Act in connection with hospital-based 
complimentary transportation programs that meet the following 
conditions:
---------------------------------------------------------------------------

    \73\ Our position on local transportation of nominal value is 
more fully set forth in the preamble to the final rule enacting 42 
CFR 1003.102(b)(13). See 65 FR 24400, 24411 (April 26, 2000).
    \74\ See supra note 68.

     The program was in existence prior to August 30, 2002, the 
date of publication of the Special Advisory Bulletin on Offering Gifts 
and Other Inducements to Beneficiaries.
     Transportation is offered uniformly and without charge or 
at reduced charge to all patients of the hospital or hospital-owned 
ambulatory surgical center (and may also be made available to their 
families).
     The transportation is only provided to and from the 
hospital or a hospital-owned ambulatory surgical center and is for the 
purpose of receiving hospital or ambulatory surgery center services 
(or, in the case of family members, accompanying or visiting hospital 
or ambulatory surgical center patients).
     The transportation is provided only within the hospital's 
or ambulatory surgical center's primary service area.
     The costs of the transportation are not claimed directly 
or indirectly by any Federal health care program cost report or claim 
and are not otherwise shifted to any Federal health care program.
     The transportation does not include ambulance 
transportation.

    Other arrangements are subject to a case-by-case review under the 
statute to ensure that no improper inducement exists.

G. HIPAA Privacy and Security Rules

    As of April 14, 2003, all hospitals transmitting electronic 
transactions to health plans were required to comply with the privacy 
rules of the Health Insurance Portability and Accountability Act 
(HIPAA). Generally, the HIPAA privacy rule addresses the use and 
disclosure of individuals' health information (protected health 
information or PHI) by hospitals and other covered entities, as well as 
standards for individuals' privacy rights to understand and control how 
their health information is used. The privacy rule, 45 CFR parts 160 
and 164, and other helpful information about how it applies, including 
frequently asked questions, can be found on the webpage of the 
Department's Office for Civil Rights (OCR) at http://www.hhs.gov/ocr/hipaa/. Questions about the privacy rule should be submitted to OCR. 
Hospitals can contact OCR by following the instructions on its webpage, 
http://www.hhs.gov/ocr/contact.html, or by calling the HIPAA toll-free 
number, (866) 627-7748.
    To ease the burden of complying with the new requirements, the 
privacy rule gives hospitals and other covered entities flexibility to 
create their own privacy procedures. Each hospital should make sure 
that it is compliant with all applicable provisions of the privacy 
rule, including provisions pertaining to required disclosures (such as 
required disclosures to the Department when it is undertaking a 
compliance investigation or review or enforcement action) and that its 
privacy procedures are tailored to fit its particular size and needs.
    The final HIPAA security rule was published in the Federal Register 
on February 20, 2003. It is available on CMS's webpage at http://www.cms.gov/hipaa/hipaa2. The security rule specifies a series of 
administrative, technical, and physical security procedures for 
hospitals that are covered entities and other covered entities to use 
to assure the confidentiality of electronic PHI. Hospitals that are 
covered entities must be compliant with the security rule by April 20, 
2005. The security rule requirements are flexible and scalable, which 
allows each covered entity to tailor its approach to compliance based 
on its own unique circumstances. Covered entities can consider their 
organization and capabilities, as well as costs, in designing their 
security plans and procedures. Questions about the HIPAA security rules 
should be submitted to CMS. Hospitals can contact CMS by following the 
instructions on its webpage, http://www.cms.gov/hipaa/hipaa2/contact, 
or by calling the HIPAA toll-free number, (866) 627-7748.

H. Billing Medicare or Medicaid Substantially in Excess of Usual 
Charges

    Section 1128(b)(6)(A) of the Act provides for the permissive 
exclusion from Federal health care programs of any provider or supplier 
that submits a claim based on costs or charges to the Medicare or 
Medicaid programs that is ``substantially in excess'' of its usual 
charge or cost, unless the Secretary finds there is ``good cause'' for 
the higher charge or cost. The exclusion provision does not require a 
provider to charge everyone the same price; nor does it require a 
provider to offer Medicare or Medicaid its ``best price.'' However, 
providers cannot routinely charge Medicare or Medicaid substantially 
more than they usually charge others. Hospitals have raised concerns 
regarding the impact of the exclusion authority on hospital services, 
and the OIG is considering those concerns in the context of the 
rulemaking process.\75\ The OIG's policy regarding application of the 
exclusion authority to discounts offered to uninsured and underinsured 
patients is discussed below.
---------------------------------------------------------------------------

    \75\ See Notice of Proposed Rulemaking regarding ``Clarification 
of Terms and Application of Program Exclusion Authority for 
Submitting Claims Containing Excessive Charges,'' 68 FR 53939 
(September 15, 2003), available on our webpage at http://oig.hhs.gov/authorities/docs/FRSIENPRM.pdf.
---------------------------------------------------------------------------

I. Areas of General Interest

    Although in most cases the following areas do not pose significant 
fraud and abuse risk, the OIG has received numerous inquiries from 
hospitals and others on these topics. Therefore, we offer the following 
guidance to assist

[[Page 32027]]

hospitals in their review of these arrangements.
1. Discounts to Uninsured Patients
    No OIG authority, including the Federal anti-kickback statute, 
prohibits or restricts hospitals from offering discounts to uninsured 
patients who are unable to pay their hospital bills.\76\ In addition, 
the OIG has never excluded or attempted to exclude any provider or 
supplier for offering discounts to uninsured or underinsured patients 
under the permissive exclusion authority at section 1128(b)(6)(A) of 
the Act. However, to provide additional assurance to the industry, the 
OIG recently proposed regulations that would define key terms in the 
statute.\77\ Among other things, the proposed regulations would make 
clear that free or substantially reduced charges to uninsured persons 
would not affect the calculation of a provider's or supplier's 
``usual'' charges, as the term ``usual charges'' is used in the 
exclusion provision. The OIG is currently reviewing the public comments 
to the proposed regulations. Until such time as a final regulation is 
promulgated or the OIG indicates its intention not to promulgate a 
final rule, it will continue to be the OIG's enforcement policy that 
when calculating their ``usual charges'' for purposes of section 
1128(b)(6)(A), individuals and entities do not need to consider free or 
substantially reduced charges to (i) uninsured patients or (ii) 
underinsured patients who are self-paying patients for the items or 
services furnished. In offering such discounts, a hospital should 
reflect full uniform charges, rather than the discounted amounts, on 
its Medicare cost report and make the FI aware that it has reported its 
full charges.\78\
---------------------------------------------------------------------------

    \76\ Discounts offered to underinsured patients potentially 
raise a more significant concern under the anti-kickback statute, 
and hospitals should exercise care to ensure that such discounts are 
not tied directly or indirectly to the furnishing of items or 
services payable by a Federal health care program. For more 
information, see our February 2, 2004 paper on ``Hospital Discounts 
Offered To Patients Who Cannot Afford To Pay Their Hospital Bills,'' 
available on our webpage at http://oig.hhs.gov/fraud/docs/alertsandbulletins/2004/FA021904hospitaldiscounts.pdf, and CMS's 
paper titled ``Questions On Charges For The Uninsured,'' dated 
February 17, 2004, and available on CMS's webpage at http://www.cms.gov/FAQ_Uninsured.pdf.
    \77\ See 68 FR 53939 (September 15, 2003), available on our 
webpage at http://oig.hhs.gov/authorities/docs/FRSIENPRM.pdf.
    \78\ For more information, see CMS's paper titled ``Questions On 
Charges For The Uninsured,'' dated February 17, 2004, and available 
on CMS's webpage at http://www.cms.gov/FAQ_Uninsured.pdf.
---------------------------------------------------------------------------

    Under CMS rules, Medicare generally reimburses a hospital for a 
percentage of the ``bad debt'' of a Medicare beneficiary (i.e., unpaid 
deductibles or coinsurance) as long as the hospital bills a patient and 
engages in reasonable, consistent collection efforts.\79\ However, as 
explained in CMS's paper titled ``Questions On Charges For The 
Uninsured,'' a hospital can forgo any collection effort aimed at a 
Medicare patient, if the hospital, using its customary methods, can 
document that the patient is indigent or medically indigent.\80\ In 
addition, if the hospital also determines that no source other than the 
patient is legally responsible for the unpaid deductibles and 
coinsurance, the hospital may claim the amounts as Medicare bad debts.
---------------------------------------------------------------------------

    \79\ See 42 CFR 413.80 and Medicare's Provider Reimbursement 
Manual, Part II, chapter 11, section 1102.3.L, available on CMS's 
webpage at http://www.cms.gov/manuals/pub152/PUB_15_2.asp.
    \80\ See ``Questions On Charges For The Uninsured,'' dated 
February 17, 2004 and available on CMS's webpage at http://www.cms.gov/FAQ_Uninsured.pdf. In the paper, CMS further explains 
that hospitals may, but are not required to, determine a patient's 
indigency using a sliding scale. In this type of arrangement, the 
provider would agree to deem the patient indigent with respect to a 
portion of the patient's account (e.g., a flat percentage of the 
debt based on the patient's income, assets, or the size of the 
patient's liability relative to their income). In the case of a 
Medicare patient who is determined to be indigent using this method, 
the amount the hospital decides, pursuant to its policy, not to 
collect from the patient can be claimed by the provider as Medicare 
bad debt. The hospital must, however, engage in a reasonable 
collection effort to collect the remaining balance. Id.
---------------------------------------------------------------------------

    CMS rules provide that a hospital can determine its own individual 
indigency criteria as long as it applies the criteria to Medicare and 
non-Medicare patients uniformly. For Medicare patients, however, if a 
hospital wants to claim Medicare bad debt reimbursement, CMS requires 
documentation to support the indigency determination. To claim Medicare 
bad debt reimbursement, the hospital must follow the guidance stated in 
the Provider Reimbursement Manual.\81\ A hospital should examine a 
patient's total resources, which could include, but are not limited to, 
an analysis of assets, liabilities, income, expenses, and any 
extenuating circumstances that would affect the determination. The 
hospital should document the method by which it determined the 
indigency and include all backup information to substantiate the 
determination. In addition, if collection efforts are made, Medicare 
requires the efforts to be documented in the patient's file with copies 
of the bill(s), follow-up letters, and reports of telephone and 
personal contacts. In the case of a dually-eligible patient (i.e., a 
patient entitled to both Medicare and Medicaid), the hospital must 
include a denial of payment from the State with the bad debt claim.
---------------------------------------------------------------------------

    \81\ See Medicare's Provider Reimbursement Manual, Part II, 
chapter 11, section 1102.3.L, available on CMS's webpage at http://www.cms.gov/manuals/pub152/PUB_15_2.asp.
---------------------------------------------------------------------------

2. Preventive Care Services
    Hospitals, particularly non-profit hospitals, frequently 
participate in community-based efforts to deliver preventive care 
services. The Medicare and Medicaid programs encourage patients to 
access preventive care services. The prohibition against beneficiary 
inducements at section 1128A(a)(5) of the Act does not apply to 
incentives offered to promote the delivery of certain preventive care 
services, if the programs are structured in accordance with the 
regulatory requirements at 42 CFR 1003.101. Generally, to fit within 
the preventive care exception, a service must be a prenatal service or 
post-natal well-baby visit or a specific clinical service described in 
the current U.S. Preventive Services Task Force's Guide to Clinical 
Preventive Services \82\ that is reimbursed by Medicare or Medicaid. 
Obtaining the service may not be tied directly or indirectly to the 
provision of other Medicare or Medicaid services. In addition, the 
incentives may not be in the form of cash or cash equivalents and may 
not be disproportionate to the value of the preventive care provided. 
From an anti-kickback perspective, the chief concern is whether an 
arrangement to induce patients to obtain preventive care services is 
intended to induce other business payable by a Federal health care 
program. Relevant factors in making this evaluation would include, but 
not be limited to: the nature and scope of the preventive care 
services; whether the preventive care services are tied directly or 
indirectly to the provision of other items or services and, if so, the 
nature and scope of the other services; the basis on which patients are 
selected to receive the free or discounted services; and whether the 
patient is able to afford the services.
---------------------------------------------------------------------------

    \82\ Available on the Internet at http://www.ahrq.gov/clinic/cps3dix.htm.
---------------------------------------------------------------------------

3. Professional Courtesy
    Although historically ``professional courtesy'' referred to the 
practice of physicians waiving the entire professional fee for other 
physicians, the term is variously used in the industry now to describe 
a range of practices involving free or discounted services (including 
``insurance only'' billing) furnished to physicians and their families 
and staff. Some hospitals have used the term ``professional courtesy'' 
to describe various programs that offer free or discounted hospital 
services to

[[Page 32028]]

medical staff, employees, community physicians, and their families and 
staff. Although many professional courtesy programs are unlikely to 
pose a significant risk of abuse (and many may be legitimate employee 
benefits programs eligible for the employee safe harbor), some 
hospital-sponsored ``professional courtesy'' programs may implicate the 
fraud and abuse statutes.
    In general, whether a professional courtesy program runs afoul of 
the anti-kickback statute turns on whether the recipients of the 
professional courtesy are selected in a manner that takes into account, 
directly or indirectly, any recipient's ability to refer to, or 
otherwise generate business for, the hospital. Also relevant is whether 
the physicians have solicited the professional courtesy in return for 
referrals. With respect to the Stark law, the key inquiry is whether 
the arrangement fits in the exception for professional courtesy at 42 
CFR 411.357(s). Finally, hospitals should evaluate the method by which 
the courtesy is granted. For example, ``insurance only'' billing 
offered to a Federal program beneficiary potentially implicates the 
anti-kickback statute, the False Claims Act, and the CMP provision 
prohibiting inducements to Medicare and Medicaid beneficiaries 
(discussed in section II.F above). Notably, the Stark law exception for 
professional courtesy requires that insurers be notified if 
``professional courtesy'' includes ``insurance only'' billing.

III. Hospital Compliance Program Effectiveness

    Hospitals with an organizational culture that values compliance are 
more likely to have effective compliance programs and thus be better 
able to prevent, detect, and correct problems. Building and sustaining 
a successful compliance program rarely follows the same formula from 
organization to organization. However, such programs generally include: 
The commitment of the hospital's governance and management at the 
highest levels; structures and processes that create effective internal 
controls; and regular self-assessment and enhancement of the existing 
compliance program. The 1998 CPG provided guidance for hospitals on 
establishing sound internal controls.\83\ This section discusses the 
important roles of corporate leadership and self-assessment of 
compliance programs.
---------------------------------------------------------------------------

    \83\ Among other things, the 1998 hospital CPG includes a 
detailed discussion of the structure and processes that make up the 
recommended seven elements of a compliance program. The seven basic 
elements of a compliance program are: designation of a compliance 
officer and compliance committee; development of compliance policies 
and procedures, including standards of conduct; development of open 
lines of communication; appropriate training and education; response 
to detected offenses; internal monitoring and auditing; and 
enforcement of disciplinary standards.
---------------------------------------------------------------------------

A. Code of Conduct

    Every effective compliance program necessarily begins with a formal 
commitment to compliance by the hospital's governing body and senior 
management. Evidence of that commitment should include active 
involvement of the organizational leadership, allocation of adequate 
resources, a reasonable timetable for implementation of the compliance 
measures, and the identification of a compliance officer and compliance 
committee vested with sufficient autonomy, authority, and 
accountability to implement and enforce appropriate compliance 
measures. A hospital's leadership should foster an organizational 
culture that values, and even rewards, the prevention, detection, and 
resolution of problems. Moreover, hospitals' leadership and management 
should ensure that policies and procedures, including, for example, 
compensation structures, do not create undue pressure to pursue profit 
over compliance. In short, the hospital should endeavor to develop a 
culture that values compliance from the top down and fosters compliance 
from the bottom up. Such an organizational culture is the foundation of 
an effective compliance program.
    Although a clear statement of detailed and substantive policies and 
procedures--and the periodic evaluation of their effectiveness--is at 
the core of a compliance program, the OIG recommends that hospitals 
also develop a general organizational statement of ethical and 
compliance principles that will guide the entity's operations. One 
common expression of this statement of principles is a code of conduct. 
The code should function in the same fashion as a constitution, i.e., 
as a document that details the fundamental principles, values, and 
framework for action within an organization. The code of conduct for a 
hospital should articulate a commitment to compliance by management, 
employees, and contractors, and should summarize the broad ethical and 
legal principles under which the hospital must operate. Unlike the more 
detailed policies and procedures, the code of conduct should be brief, 
easily readable, and cover general principles applicable to all members 
of the organization.
    As appropriate, the OIG strongly encourages the participation and 
involvement of the hospital's board of directors, officers (including 
the chief executive officer (CEO)), members of senior management, and 
other personnel from various levels of the organizational structure in 
the development of all aspects of the compliance program, especially 
the code of conduct. Management and employee involvement in this 
process communicates a strong and explicit commitment by management to 
foster compliance with applicable Federal health care program 
requirements. It also communicates the need for all managers, 
employees, contractors, and medical staff members to comply with the 
organization's code of conduct and policies and procedures.

B. Regular Review of Compliance Program Effectiveness

    Hospitals should regularly review the implementation and execution 
of their compliance program elements. This review should be conducted 
at least annually and should include an assessment of each of the basic 
elements individually, as well as the overall success of the program. 
This review should help the hospital identify any weaknesses in its 
compliance program and implement appropriate changes.
    A common method of assessing compliance program effectiveness is 
measurement of various outcomes indicators (e.g., billing and coding 
error rates, identified overpayments, and audit results). However, we 
have observed that exclusive reliance on these indicators may cause an 
organization to miss crucial underlying weaknesses. We recommend that 
hospitals examine program outcomes and assess the underlying structure 
and process of each compliance program element. We have identified a 
number of factors that may be useful when evaluating the effectiveness 
of basic compliance program elements. Hospitals should consider these 
factors, as well as others, when developing a strategy for assessing 
their compliance programs. While no one factor is determinative of 
program effectiveness, the following factors are often observed in 
effective compliance programs.
1. Designation of a Compliance Officer and Compliance Committee
    The compliance department is the backbone of the hospital's 
compliance program. The compliance department should be led by a well-
qualified compliance officer, who is a member of senior management, and 
should be supported by a compliance committee.

[[Page 32029]]

The purpose of the compliance department is to implement the hospital's 
compliance program and to ensure that the hospital complies with all 
applicable Federal health care program requirements. To ensure that the 
compliance department is meeting this objective, each hospital should 
conduct an annual review of its compliance department. Some factors 
that the organization may wish to consider in its evaluation include 
the following:

     Does the compliance department have a clear, well-crafted 
mission?
     Is the compliance department properly organized?
     Does the compliance department have sufficient resources 
(staff and budget), training, authority, and autonomy to carry out its 
mission?
     Is the relationship between the compliance function and 
the general counsel function appropriate to achieve the purpose of 
each?
     Is there an active compliance committee, comprised of 
trained representatives of each of the relevant functional departments, 
as well as senior management?
     Are ad hoc groups or task forces assigned to carry out any 
special missions, such as conducting an investigation or evaluating a 
proposed enhancement to the compliance program?
     Does the compliance officer have direct access to the 
governing body, the president or CEO, all senior management, and legal 
counsel?
     Does the compliance officer have a good working 
relationship with other key operational areas, such as internal audit, 
coding, billing, and clinical departments?
     Does the compliance officer make regular reports to the 
board of directors and other hospital management concerning different 
aspects of the hospital's compliance program?
2. Development of Compliance Policies and Procedures, Including 
Standards of Conduct
    The purpose of compliance policies and procedures is to establish 
bright-line rules that help employees carry out their job functions in 
a manner that ensures compliance with Federal health care program 
requirements and furthers the mission and objective of the hospital 
itself. Typically, policies and procedures are written to address 
identified risk areas for the organization. As hospitals conduct a 
review of their written policies and procedures, some of the following 
factors may be considered:

     Are policies and procedures clearly written, relevant to 
day-to-day responsibilities, readily available to those who need them, 
and re-evaluated on a regular basis?
     Does the hospital monitor staff compliance with internal 
policies and procedures?
     Have the standards of conduct been distributed to the 
Board of Directors, all officers, all managers, employees, contractors, 
and medical staff?
     Has the hospital developed a risk assessment tool, which 
is re-evaluated on a regular basis, to assess and identify weaknesses 
and risks in operations?
     Does the risk assessment tool include an evaluation of 
Federal health care program requirements, as well as other 
publications, such as OIG CPGs, Work Plans, Special Advisory Bulletins, 
and Special Fraud Alerts?
3. Developing Open Lines of Communication
    Open communication is essential to maintaining an effective 
compliance program. The purpose of developing open communication is to 
increase the hospital's ability to identify and respond to compliance 
problems. Generally, open communication is a product of organizational 
culture and internal mechanisms for reporting instances of potential 
fraud and abuse. When assessing a hospital's ability to communicate 
potential compliance issues effectively, a hospital may wish to 
consider the following factors:

     Has the hospital fostered an organizational culture that 
encourages open communication, without fear of retaliation?
     Has the hospital established an anonymous hotline or other 
similar mechanism so that staff, contractors, patients, visitors, and 
medical staff can report potential compliance issues?
     How well is the hotline publicized; how many and what 
types of calls are received; are calls logged and tracked (to establish 
possible patterns); and does the caller have some way to be informed of 
the hospital's actions?
     Are all instances of potential fraud and abuse 
investigated?
     Are the results of internal investigations shared with the 
hospital governing body and relevant departments on a regular basis?
     Is the governing body actively engaged in pursuing 
appropriate remedies to institutional or recurring problems?
     Does the hospital utilize alternative communication 
methods, such as a periodic newsletter or compliance intranet web site?
4. Appropriate Training and Education
    Hospitals that fail to train and educate their staff adequately 
risk liability for the violation of health care fraud and abuse laws. 
The purpose of conducting a training and education program is to ensure 
that each employee, contractor, or any other individual that functions 
on behalf of the hospital is fully capable of executing his or her role 
in compliance with rules, regulations, and other standards. In 
reviewing their training and education programs, hospitals may consider 
the following factors:
     Does the hospital provide qualified trainers to conduct 
annual compliance training to its staff, including both general and 
specific training pertinent to the staff s responsibilities?
     Has the hospital evaluated the content of its training and 
education program on an annual basis and determined that the subject 
content is appropriate and sufficient to cover the range of issues 
confronting its employees?
     Has the hospital kept up-to-date with any changes in 
Federal health care program requirements and adapted its education and 
training program accordingly?
     Has the hospital formulated the content of its education 
and training program to consider results from its audits and 
investigations; results from previous training and education programs; 
trends in hotline reports; and OIG, CMS, or other agency guidance or 
advisories?
     Has the hospital evaluated the appropriateness of its 
training format by reviewing the length of the training sessions; 
whether training is delivered via live instructors or via computer-
based training programs; the frequency of training sessions; and the 
need for general and specific training sessions?
     Does the hospital seek feedback after each session to 
identify shortcomings in the training program, and does it administer 
post-training testing to ensure attendees understand and retain the 
subject matter delivered?
     Has the hospital s governing body been provided with 
appropriate training on fraud and abuse laws?
     Has the hospital documented who has completed the required 
training?
     Has the hospital assessed whether to impose sanctions for 
failing to attend training or to offer appropriate incentives for 
attending training?
5. Internal Monitoring and Auditing
    Effective auditing and monitoring plans will help hospitals avoid 
the submission of incorrect claims to

[[Page 32030]]

Federal health care program payors. Hospitals should develop detailed 
annual audit plans designed to minimize the risks associated with 
improper claims and billing practices. Some factors hospitals may wish 
to consider include the following:

     Is the audit plan re-evaluated annually, and does it 
address the proper areas of concern, considering, for example, findings 
from previous years' audits, risk areas identified as part of the 
annual risk assessment, and high volume services?
     Does the audit plan include an assessment of billing 
systems, in addition to claims accuracy, in an effort to identify the 
root cause of billing errors?
     Is the role of the auditors clearly established and are 
coding and audit personnel independent and qualified, with the 
requisite certifications?
     Is the audit department available to conduct unscheduled 
reviews and does a mechanism exist that allows the compliance 
department to request additional audits or monitoring should the need 
arise?
     Has the hospital evaluated the error rates identified in 
the annual audits?
     If the error rates are not decreasing, has the hospital 
conducted a further investigation into other aspects of the hospital 
compliance program in an effort to determine hidden weaknesses and 
deficiencies?
     Does the audit include a review of all billing 
documentation, including clinical documentation, in support of the 
claim?
6. Response to Detected Deficiencies
    By consistently responding to detected deficiencies, hospitals can 
develop effective corrective action plans and prevent further losses to 
Federal health care programs. Some factors a hospital may wish to 
consider when evaluating the manner in which it responds to detected 
deficiencies include the following:

     Has the hospital created a response team, consisting of 
representatives from the compliance, audit, and any other relevant 
functional areas, which may be able to evaluate any detected 
deficiencies quickly?
     Are all matters thoroughly and promptly investigated?
     Are corrective action plans developed that take into 
account the root causes of each potential violation?
     Are periodic reviews of problem areas conducted to verify 
that the corrective action that was implemented successfully eliminated 
existing deficiencies?
     When a detected deficiency results in an identified 
overpayment to the hospital, are overpayments promptly reported and 
repaid to the FI?
     If a matter results in a probable violation of law, does 
the hospital promptly disclose the matter to the appropriate law 
enforcement agency.\84\
---------------------------------------------------------------------------

    \84\ For more information on when to self-report, see section 
IV, below.
---------------------------------------------------------------------------

7. Enforcement of Disciplinary Standards
    By enforcing disciplinary standards, hospitals help create an 
organizational culture that emphasizes ethical behavior. Hospitals may 
consider the following factors when assessing the effectiveness of 
internal disciplinary efforts:
     Are disciplinary standards well-publicized and readily 
available to all hospital personnel?
     Are disciplinary standards enforced consistently across 
the organization?
     Is each instance involving the enforcement of disciplinary 
standards thoroughly documented?
     Are employees, contractors and medical staff checked 
routinely (e.g., at least annually) against government sanctions lists, 
including the OIG's List of Excluded Individuals/Entities (LEIE)\85\ 
and the General Services Administration's Excluded Parties Listing 
System.
---------------------------------------------------------------------------

    \85\ See http://oig.hhs.gov/fraud/exclusions.html. The OIG also 
makes available Monthly Supplements for Standard LEIE, which can be 
compared to existing hospital personnel lists.
---------------------------------------------------------------------------

    In sum, while no single factor is conclusive of an effective 
compliance program, the preceding seven areas form a useful starting 
point for developing and maintaining an effective compliance program.

IV. Self-Reporting

    Where the compliance officer, compliance committee, or a member of 
senior management discovers credible evidence of misconduct from any 
source and, after a reasonable inquiry, believes that the misconduct 
may violate criminal, civil, or administrative law, the hospital should 
promptly report the existence of misconduct to the appropriate Federal 
and State authorities \86\ within a reasonable period, but not more 
than 60 days,\87\ after determining that there is credible evidence of 
a violation.\88\ Prompt voluntary reporting will demonstrate the 
hospital's good faith and willingness to work with governmental 
authorities to correct and remedy the problem. In addition, reporting 
such conduct will be considered a mitigating factor by the OIG in 
determining administrative sanctions (e.g., penalties, assessments, and 
exclusion), if the reporting hospital becomes the subject of an OIG 
investigation.\89\ To encourage providers to make voluntary 
disclosures, the OIG published the Provider Self-Disclosure 
Protocol.\90\
---------------------------------------------------------------------------

    \86\ Appropriate Federal and State authorities include the OIG, 
CMS, the Criminal and Civil Divisions of the Department of Justice, 
the U.S. Attorney in relevant districts, the Food and Drug 
Administration, the Department's Office for Civil Rights, the 
Federal Trade Commission, the Drug Enforcement Administration, the 
Federal Bureau of Investigation, and the other investigative arms 
for the agencies administering the affected Federal or State health 
care programs, such as the State Medicaid Fraud Control Unit, the 
Defense Criminal Investigative Service, the Department of Veterans 
Affairs, the Health Resources and Services Administration, and the 
Office of Personnel Management (which administers the Federal 
Employee Health Benefits Program).
    \87\ In contrast, to qualify for the ``not less than double 
damages'' provision of the False Claims Act, the provider must 
provide the report to the government within 30 days after the date 
when the provider first obtained the information. See 31 U.S.C. 
3729(a).
    \88\ Some violations may be so serious that they warrant 
immediate notification to governmental authorities prior to, or 
simultaneous with, commencing an internal investigation. By way of 
example, the OIG believes a provider should immediately report 
misconduct that: (1) Is a clear violation of administrative, civil, 
or criminal laws; (2) has a significant adverse effect on the 
quality of care provided to Federal health care program 
beneficiaries; or (3) indicates evidence of a systemic failure to 
comply with applicable laws or an existing corporate integrity 
agreement, regardless of the financial impact on Federal health care 
programs.
    \89\ The OIG has published criteria setting forth those factors 
that the OIG takes into consideration in determining whether it is 
appropriate to exclude an individual or entity from program 
participation pursuant to 42 U.S.C. 1320a-7(b)(7) for violations of 
various fraud and abuse laws. See 62 FR 67392 (December 24, 1997).
    \90\ See 63 FR 58399 (October 30, 1998), available on our 
webpage at http://oig.hhs.gov/authorities/docs/selfdisclosure.pdf.
---------------------------------------------------------------------------

    When reporting to the government, a hospital should provide all 
information relevant to the alleged violation of applicable Federal or 
State law(s) and the potential financial or other impact of the alleged 
violation. The compliance officer, under advice of counsel and with 
guidance from the governmental authorities, could be requested to 
continue to investigate the reported violation. Once the investigation 
is completed, and especially if the investigation ultimately reveals 
that criminal, civil or administrative violations have occurred, the 
compliance officer should notify the appropriate governmental authority 
of the outcome of the investigation, including a description of the 
impact of the alleged violation on the applicable Federal health care 
programs or their beneficiaries.

[[Page 32031]]

V. Conclusion

    In today's environment of increased scrutiny of corporate conduct 
and increasingly large expenditures for health care, it is imperative 
for hospitals to establish and maintain effective compliance programs. 
These programs should foster a culture of compliance that begins at the 
highest levels and extends throughout the organization. This 
supplemental CPG is intended as a resource for hospitals to help them 
operate effective compliance programs that decrease errors, fraud, and 
abuse and increase compliance with Federal health care program 
requirements for the benefit of the hospitals and public alike.

    Dated: May 20, 2004.
Lewis Morris,
Chief Counsel to the Inspector General.
[FR Doc. 04-12829 Filed 6-7-04; 8:45 am]
BILLING CODE 4150-01-P