[Federal Register Volume 70, Number 19 (Monday, January 31, 2005)]
[Notices]
[Pages 4858-4876]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 05-1620]



[[Page 4858]]

-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Office of Inspector General


OIG Supplemental Compliance Program Guidance for Hospitals

AGENCY: Office of Inspector General (OIG), HHS.

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: This Federal Register notice sets forth the Supplemental 
Compliance Program Guidance (CPG) for Hospitals developed by the Office 
of Inspector General (OIG). Through this notice, the OIG is 
supplementing its prior compliance program guidance for hospitals 
issued in 1998. The supplemental CPG contains new compliance 
recommendations and an expanded discussion of risk areas, taking into 
account recent changes to hospital payment systems and regulations, 
evolving industry practices, current enforcement priorities, and 
lessons learned in the area of corporate compliance. The supplemental 
CPG provides voluntary guidelines to assist hospitals and hospital 
systems in identifying significant risk areas and in evaluating and, as 
necessary, refining ongoing compliance efforts.

FOR FURTHER INFORMATION CONTACT: Darlene M. Hampton, Office of Counsel 
to the Inspector General, (202) 619-0335.

SUPPLEMENTARY INFORMATION:

Background

    Several years ago, the OIG embarked on a major initiative to engage 
the private health care community in preventing the submission of 
erroneous claims and in combating fraud and abuse in the Federal health 
care programs through voluntary compliance efforts. In the last several 
years, the OIG has developed a series of compliance program guidances 
(CPGs) directed at the following segments of the health care industry: 
hospitals; clinical laboratories; home health agencies; third-party 
billing companies; the durable medical equipment, prosthetics, 
orthotics, and supply industry; hospices; Medicare+Choice 
organizations; nursing facilities; physicians; ambulance suppliers; and 
pharmaceutical manufacturers. CPGs are intended to encourage the 
development and use of internal controls to monitor adherence to 
applicable statutes, regulations, and program requirements. The 
suggestions made in these CPGs are not mandatory, and the CPGs should 
not be viewed as exhaustive discussions of beneficial compliance 
practices or relevant risk areas. Copies of these CPGs can be found on 
the OIG Web page at http://oig.hhs.gov.

Supplementing the Compliance Program Guidance for Hospitals

    The OIG originally published a CPG for the hospital industry on 
February 23, 1998. (See 63 FR 8987 (February 23, 1998), available on 
our Web page at http://oig.hhs.gov/authorities/docs/cpghosp.pdf.) Since 
that time, there have been significant changes in the way hospitals 
deliver, and are reimbursed for, health care services. In response to 
these developments, on June 18, 2002, the OIG published a notice in the 
Federal Register, soliciting public suggestions for revising the 
hospital CPG. (See 67 FR 41433 (June 18, 2002), available on our Web 
page at http://oig.hhs.gov/authorities/docs/cpghospitalsolicitationnotice.pdf.) After consideration of the public 
comments and the issues raised, the OIG published a draft supplemental 
compliance program guidance for hospitals in the Federal Register on 
June 8, 2004, to ensure that all parties had a reasonable and 
meaningful opportunity to provide input into the final product. (See 69 
FR 32012 (June 8, 2004), available on our Web page at http://oig.hhs.gov/authorities/docs/04/060804hospitaldraftsuppCPGFR.pdf.) The 
OIG received comments from a variety of parties with interests in the 
hospital industry and diverse points of view. These comments were 
carefully considered during the development of this final supplemental 
CPG. While some commenters preferred a replacement CPG, for efficiency 
and to create a concise product of particular use to hospitals with 
existing compliance programs, we have decided to supplement, rather 
than replace, the 1998 guidance.
    Many public commenters sought guidance on the application of 
specific Medicare rules and regulations related to payment and 
coverage, an area beyond the scope of this OIG guidance. Hospitals with 
questions about the interpretation or application of payment and 
coverage rules or regulations should contact their Fiscal 
Intermediaries (FIs) or the Centers for Medicare & Medicaid Services, 
as appropriate.

Supplemental Compliance Program Guidance for Hospitals

I. Introduction

    Continuing its efforts to promote voluntary compliance programs for 
the health care industry, the Office of Inspector General (OIG) of the 
Department of Health and Human Services (the Department) publishes this 
Supplemental Compliance Program Guidance (CPG) for Hospitals.\1\ This 
document supplements, rather than replaces, the OIG's 1998 CPG for the 
hospital industry (63 FR 8987; February 23, 1998), which addressed the 
fundamentals of establishing an effective compliance program.\2\ 
Neither this supplemental CPG, nor the original 1998 CPG, is a model 
compliance program. Rather, collectively the two documents offer a set 
of guidelines that hospitals should consider when developing and 
implementing a new compliance program or evaluating an existing one.
---------------------------------------------------------------------------

    \1\ For purposes of convenience in this guidance, we use the 
term ``hospitals'' to refer to individual hospitals, multi-hospital 
systems, health systems that own or operate hospitals, academic 
medical centers, and any other organization that owns or operates 
one or more hospitals. Where applicable, the term ``hospitals'' is 
also intended to include, without limitation, hospital owners, 
officers, managers, staff, agents, and sub-providers. This guidance 
primarily focuses on hospitals reimbursed under the inpatient and 
outpatient prospective payment systems. While other hospitals should 
find this CPG useful, we recognize that they may be subject to 
different laws, rules, and regulations and, accordingly, may have 
different or additional risk areas and may need to adopt different 
compliance strategies. We encourage all hospitals to establish and 
maintain ongoing compliance programs.
    \2\ The 1998 OIG Compliance Program Guidance for Hospitals is 
available on our Web page at http://oig.hhs.gov/authorities/docs/cpghosp.pdf.
---------------------------------------------------------------------------

    We are mindful that many hospitals have already devoted substantial 
time and resources to compliance efforts. We believe that those efforts 
demonstrate the industry's good faith commitment to ensuring and 
promoting integrity. For those hospitals with existing compliance 
programs, this document may serve as a benchmark or comparison against 
which to measure ongoing efforts and as a roadmap for updating or 
refining their compliance plans.
    In crafting this supplemental CPG, we considered, among other 
things, the public comments received in response to the solicitation 
notice published in the Federal Register \3\ and the draft supplemental 
CPG,\4\ as well as relevant OIG and Centers for Medicare & Medicaid 
Services (CMS) statutory and regulatory authorities (including the 
Federal anti-kickback statute, together with the safe harbor 
regulations and

[[Page 4859]]

preambles,\5\ and CMS transmittals and program memoranda); other OIG 
guidance (such as OIG advisory opinions, special fraud alerts, 
bulletins, and other guidance); experience gained from investigations 
conducted by the OIG's Office of Investigations, the Department of 
Justice (DoJ), and the State Medicaid Fraud Units; and relevant reports 
issued by the OIG's Office of Audit Services and Office of Evaluation 
and Inspections.\6\ We also consulted generally with CMS, the 
Department's Office for Civil Rights, and DoJ.
---------------------------------------------------------------------------

    \3\ See 67 FR 41433 (June 18, 2002), ``Solicitation of 
Information and Recommendations for Revising a Compliance Program 
Guidance for the Hospital Industry,'' available on our Web page at 
http://oig.hhs.gov/authorities/docs/cpghospitalsolicitationnotice.pdf.
    \4\ See 69 FR 32012 (June 8, 2004), ``OIG Draft Supplemental 
Compliance Program Guidance for Hospitals,'' available on our Web 
page at http://oig.hhs.gov/authorities/docs/04/060804hospitaldraftsuppCPGFR.pdf.
    \5\ See 42 U.S.C. 1320a-7b(b). See also 42 CFR 1001.952. The 
safe harbor regulations and preambles are available on our Web page 
at http://oig.hhs.gov/fraud/safeharborregulations.html#1.
    \6\ The OIG's materials are available on our Web page at http://oig.hhs.gov.
---------------------------------------------------------------------------

A. Benefits of a Compliance Program
    A successful compliance program addresses the public and private 
sectors' mutual goals of reducing fraud and abuse; enhancing health 
care providers' operations; improving the quality of health care 
services; and reducing the overall cost of health care services. 
Attaining these goals benefits the hospital industry, the government, 
and patients alike. Compliance programs help hospitals fulfill their 
legal duty to refrain from submitting false or inaccurate claims or 
cost information to the Federal health care programs \7\ or engaging in 
other illegal practices. A hospital may gain important additional 
benefits by voluntarily implementing a compliance program, including:
---------------------------------------------------------------------------

    \7\ The term ``Federal health care programs,'' as defined in 42 
U.S.C. 1320a-7b(f), includes any plan or program that provides 
health benefits, whether directly, through insurance, or otherwise, 
which is funded directly, in whole or in part, by the United States 
Government (other than the Federal Employees Health Benefit Plan 
described at 5 U.S.C. 8901-8914) or any State health plan (e.g., 
Medicaid or a program receiving funds from block grants for social 
services or child health services). In this document, the term 
``Federal health care program requirements'' refers to the statutes, 
regulations, and other rules governing Medicare, Medicaid, and all 
other Federal health care programs.
---------------------------------------------------------------------------

     Demonstrating the hospital's commitment to honest and 
responsible corporate conduct;
     Increasing the likelihood of preventing, identifying, and 
correcting unlawful and unethical behavior at an early stage;
     Encouraging employees to report potential problems to 
allow for appropriate internal inquiry and corrective action; and
     Through early detection and reporting, minimizing any 
financial loss to government and taxpayers, as well as any 
corresponding financial loss to the hospital.
    The OIG recognizes that implementation of a compliance program may 
not entirely eliminate improper or unethical conduct from the 
operations of health care providers. However, an effective compliance 
program demonstrates a hospital's good faith effort to comply with 
applicable statutes, regulations, and other Federal health care program 
requirements, and may significantly reduce the risk of unlawful conduct 
and corresponding sanctions.
B. Application of Compliance Program Guidance
    Given the diversity of the hospital industry, there is no single 
``best'' hospital compliance program. The OIG recognizes the 
complexities of the hospital industry and the differences among 
hospitals and hospital systems. Some hospital entities are small and 
may have limited resources to devote to compliance measures; others are 
affiliated with well-established, large, multi-facility organizations 
with a widely dispersed work force and significant resources to devote 
to compliance.
    Accordingly, this supplemental CPG is not intended to be one-size-
fits-all guidance. Rather, the OIG strongly encourages hospitals to 
identify and focus their compliance efforts on those areas of potential 
concern or risk that are most relevant to their individual 
organizations. Compliance measures adopted by a hospital to address 
identified risk areas should be tailored to fit the unique environment 
of the organization (including its structure, operations, resources, 
and prior enforcement experience). In short, the OIG recommends that 
each hospital adapt the objectives and principles underlying this 
guidance to its own particular circumstances.
    In section II below, titled ``Fraud and Abuse Risk Areas,'' we 
present several fraud and abuse risk areas that are particularly 
relevant to the hospital industry. Each hospital should carefully 
examine these risk areas and identify those that potentially impact the 
hospital. Next, in section III, ``Hospital Compliance Program 
Effectiveness,'' we offer recommendations for assessing and improving 
an existing compliance program to better address identified risk areas. 
Finally, in section IV, ``Self-Reporting,'' we set forth the actions 
hospitals should take if they discover credible evidence of misconduct.

II. Fraud and Abuse Risk Areas

    This section is intended to help hospitals identify areas of their 
operations that present a potential risk of liability under several key 
Federal fraud and abuse statutes and regulations. This section focuses 
on areas that are currently of concern to the enforcement community and 
is not intended to address all potential risk areas for hospitals. 
Importantly, the identification of a particular practice or activity in 
this section is not intended to imply that the practice or activity is 
necessarily illegal in all circumstances or that it may not have a 
valid or lawful purpose underlying it.
    This section addresses the following areas of significant concern 
for hospitals: (A) Submission of accurate claims and information; (B) 
the referral statutes; (C) payments to reduce or limit services; (D) 
the Emergency Medical Treatment and Labor Act (EMTALA); (E) substandard 
care; (F) relationships with Federal health care beneficiaries; (G) 
HIPAA Privacy and Security Rules; and (H) billing Medicare or Medicaid 
substantially in excess of usual charges. In addition, a final section 
(I) addresses several areas of general interest that, while not 
necessarily matters of significant risk, have been of continuing 
interest to the hospital community. This guidance does not create any 
new law or legal obligations, and the discussions in this guidance are 
not intended to present detailed or comprehensive summaries of lawful 
and unlawful activity. Nor is this guidance intended as a substitute 
for consultation with CMS or a hospital's Fiscal Intermediary (FI) with 
respect to the application and interpretation of Medicare payment and 
coverage provisions, which are subject to change. Rather, this guidance 
should be used as a starting point for a hospital's legal review of its 
particular practices and for development or refinement of policies and 
procedures to reduce or eliminate potential risk.
A. Submission of Accurate Claims and Information
    Perhaps the single biggest risk area for hospitals is the 
preparation and submission of claims or other requests for payment from 
the Federal health care programs. It is axiomatic that all claims and 
requests for reimbursement from the Federal health care programs--and 
all documentation supporting such claims or requests--must be complete 
and accurate and must reflect reasonable and necessary services ordered 
by an appropriately licensed medical professional who is a 
participating provider in the health care program from which the 
individual or entity is seeking reimbursement. Hospitals must disclose 
and return any overpayments that result from mistaken

[[Page 4860]]

or erroneous claims.\8\ Moreover, the knowing submission of a false, 
fraudulent, or misleading statement or claim is actionable. A hospital 
may be liable under the False Claims Act \9\ or other statutes imposing 
sanctions for the submission of false claims or statements, including 
liability for civil money penalties (CMPs) or exclusion.\10\ Underlying 
assumptions used in connection with claims submission should be 
reasoned, consistent, and appropriately documented, and hospitals 
should retain all relevant records reflecting their efforts to comply 
with Federal health care program requirements.
---------------------------------------------------------------------------

    \8\ See 42 U.S.C. 1320a-7b(a)(3).
    \9\ The False Claims Act (31 U.S.C. 3729-33), among other 
things, prohibits knowingly presenting or causing to be presented to 
the Federal government a false or fraudulent claim for payment or 
approval, knowingly making or using or causing to be made or used a 
false record or statement to have a false or fraudulent claim paid 
or approved by the government, and knowingly making or using or 
causing to be made or used a false record or statement to conceal, 
avoid, or decrease an obligation to pay or transmit money or 
property to the government. The False Claims Act defines ``knowing'' 
and ``knowingly'' to mean that ``a person, with respect to the 
information--(1) has actual knowledge of the information; (2) acts 
in deliberate ignorance of the truth or falsity of the information; 
or (3) acts in reckless disregard of the truth or falsity of the 
information, and no proof of specific intent to defraud is 
required.'' 31 U.S.C. 3729(b).
    \10\ In some circumstances, inaccurate or incomplete reporting 
may lead to liability under the Federal anti-kickback statute. In 
addition, hospitals should be mindful that many States have fraud 
and abuse statutes--including false claims, anti-kickback, and other 
statutes--that are not addressed in this guidance.
---------------------------------------------------------------------------

    Common and longstanding risks associated with claims preparation 
and submission include inaccurate or incorrect coding, upcoding, 
unbundling of services, billing for medically unnecessary services or 
other services not covered by the relevant health care program, billing 
for services not provided, duplicate billing, insufficient 
documentation, and false or fraudulent cost reports. While hospitals 
should continue to be vigilant with respect to these important risk 
areas, we believe these risk areas are relatively well-understood in 
the industry and, therefore, they are not generally addressed in this 
section.\11\ Rather, the following discussion highlights evolving risks 
or risks that appear to the OIG to be under-appreciated by the 
industry. The risks are grouped under the following topics: Outpatient 
procedure coding; admissions and discharges; supplemental payment 
considerations; and use of information technology. By necessity, this 
discussion is illustrative, not exhaustive, of risks associated with 
the submission of claims or other information. In all cases, hospitals 
should consult the applicable laws, rules, and regulations.
---------------------------------------------------------------------------

    \11\ To review the risk areas discussed in the original hospital 
CPG, see 63 FR 8987, 8990 (February 23, 1998), available on our Web 
page at http://oig.hhs.gov/authorities/docs/cpghosp.pdf pdf.
---------------------------------------------------------------------------

1. Outpatient Procedure Coding
    The implementation of Medicare's Hospital Outpatient Prospective 
Payment System (OPPS) \12\ increased the importance of accurate 
procedure coding for hospital outpatient services. Previously, hospital 
coding concerns mainly consisted of ensuring accurate ICD-9-CM 
diagnosis and procedure coding for reimbursement under the inpatient 
prospective payment system (PPS). Hospitals reported procedure codes 
for outpatient services, but were reimbursed for outpatient services 
based on their charges for services. With the OPPS, procedure codes 
effectively became the basis for Medicare reimbursement. Under the 
OPPS, each reported procedure code is assigned to a corresponding 
Ambulatory Payment Classification (APC) code. Hospitals are then 
reimbursed a predetermined amount for each APC, irrespective of the 
specific level of resources used to furnish the individual service. In 
implementing the OPPS, CMS developed new rules governing the use of 
procedure code modifiers for outpatient coding.\13\ Because incorrect 
procedure coding may lead to overpayments and subject a hospital to 
liability for the submission of false claims, hospitals need to pay 
close attention to coder training and qualifications.
---------------------------------------------------------------------------

    \12\ Congress enacted the OPPS in section 4523 of the Balanced 
Budget Act of 1997. The OPPS became effective on August 1, 2001. CMS 
promulgated regulations implementing the OPPS at 42 CFR part 419. 
For more information regarding the OPPS, see http://www.cms.gov/providers/hopps/.
    \13\ The list of current modifiers is listed in the Current 
Procedural Terminology (CPT) coding manual. However, hospitals 
should pay particular attention to CMS transmittals and program 
memoranda that may introduce new or altered application of modifiers 
for claims submission and reimbursement purposes. See chapter 4, 
section 20.6 of the Medicare Claims Processing Manual at http://www.cms.gov/manuals/104_claims/clm104c04.pdf pdf.
---------------------------------------------------------------------------

    Hospitals should also review their outpatient documentation 
practices to ensure that claims are based on complete medical records 
and that the medical records support the levels of service claimed. 
Under the OPPS, hospitals must generally include on a single claim all 
services provided to the same patient on the same day. Coding from 
incomplete medical records may create problems in complying with this 
claim submission requirement. Moreover, submitting claims for services 
that are not supported by the medical record may also result in the 
submission of improper claims.
    In addition to the coding risk areas noted above and in the 1998 
hospital CPG, other specific risk areas associated with incorrect 
outpatient procedure coding include the following:
     Billing on an outpatient basis for ``inpatient-only'' 
procedures--CMS has identified procedures for which reimbursement is 
typically allowed only if the service is performed in an inpatient 
setting.\14\
---------------------------------------------------------------------------

    \14\ The list of ``inpatient-only'' procedures appears in the 
annual update to the OPPS rule. For the 2004 final rule, the 
``inpatient-only'' list is found in Addendum E. See http://www.cms.gov/regulations/hopps/2004f.
---------------------------------------------------------------------------

     Submitting claims for medically unnecessary services by 
failing to follow the FI's local policies--Each FI publishes local 
policies, including local medical review polices (LMRPs) and local 
coverage determinations (LCDs), that identify certain procedures that 
are only reimbursable when specific conditions are present.\15\ In 
addition to relying on a physician's sound clinical judgment with 
respect to the appropriateness of a proposed course of treatment, 
hospitals should regularly review and become familiar with their 
individual FI's LMRPs and LCDs. LMRPs and LCDs should be incorporated 
into a hospital's regular coding and billing operations.\16\
---------------------------------------------------------------------------

    \15\ Effective December 7, 2003, FI's began issuing LCDs instead 
of LMRPs, and FI's will convert all existing LMRPs into LCDs by 
December 31, 2005.
    \16\ A hospital may contact its FI to request a copy of the 
pertinent LMRPs and LCDs, or visit CMS's Web page at http://www.cms.gov/mcd to search existing local and national policies.
---------------------------------------------------------------------------

     Submitting duplicate claims or otherwise not following the 
National Correct Coding Initiative guidelines--CMS developed the 
National Correct Coding Initiative (NCCI) to promote correct coding 
methodologies. The NCCI identifies certain codes that should not be 
used together because they are either mutually exclusive or one is a 
component of another. If a hospital uses code pairs that are listed in 
the NCCI and those codes are not detected by the editing routines in 
the hospital's billing system, the hospital may submit duplicate or 
unbundled claims. Intentional manipulation of code assignments to 
maximize payments and avoid NCCI edits constitutes fraud. Unintentional 
misapplication of NCCI coding and billing guidelines may also give rise 
to overpayments or civil liability for hospitals that have developed a 
pattern of inappropriate billing. To minimize risk, hospitals

[[Page 4861]]

should ensure that their coding software includes up-to-date NCCI edit 
files.\17\
---------------------------------------------------------------------------

    \17\ More information regarding the NCCI can be obtained from 
CMS's Web page at http://www.cms.gov/medlearn/ncci.asp.
---------------------------------------------------------------------------

     Submitting incorrect claims for ancillary services because 
of outdated Charge Description Masters--Charge Description Masters 
(CDMs) list all of a hospital's charges for items and services and 
include the underlying procedure codes necessary to bill for those 
items and services. Outdated CDMs create significant compliance risk 
for hospitals. Because the Healthcare Common Procedure Coding System 
(HCPCS) codes and APCs are updated regularly, hospitals should pay 
particular attention to the task of updating the CDM to ensure the 
assignment of correct codes to outpatient claims. This should include 
timely updates, proper use of modifiers, and correct associations 
between procedure codes and revenue codes.\18\
---------------------------------------------------------------------------

    \18\ For information relating to HCPCS code updates, see http://www.cms.gov/medicare/hcpcs/. For information relating to annual APC 
updates, see http://www.cms.gov/providers/hopps/.
---------------------------------------------------------------------------

     Circumventing the multiple procedure discounting rules--A 
surgical procedure performed in connection with another surgical 
procedure may be discounted. However, certain surgical procedures are 
designated as non-discounted, even when performed with another surgical 
procedure. Hospitals should ensure that the procedure codes selected 
represent the actual services provided, irrespective of the discounting 
status. They should also review the annual OPPS rule update to 
understand more fully CMS's multiple procedure discounting rule.\19\
---------------------------------------------------------------------------

    \19\ See http://www.cms.gov/medlearn/refopps.asp asp.
---------------------------------------------------------------------------

     Improper evaluation and management code selection--
Hospitals should use proper codes to describe the evaluation and 
management (E/M) services they provide. A hospital's E/M coding 
guidelines should ensure that services are medically necessary and 
sufficiently documented and that the codes accurately reflect the 
intensity of hospital resources required to deliver the services.
     Improperly billing for observation services--In certain 
circumstances, Medicare provides a separate APC payment for observation 
services for patients with diagnoses of chest pain, asthma, or 
congestive heart failure. Claims for these observation services must 
correctly reflect the diagnosis and meet certain other requirements. 
Seeking a separate payment for observation services in situations that 
do not satisfy the requirements is inappropriate and may result in 
hospital liability. Hospitals should become familiar with CMS's 
detailed policies for the submission of claims for observation 
services.\20\
---------------------------------------------------------------------------

    \20\ See CMS Program Transmittal A-02-026, available on CMS's 
Web page at http://www.ems.gov/manuals/pm_trans/A02026.pdf.
---------------------------------------------------------------------------

2. Admissions and Discharges
    Often, the status of patients at the time of admission or discharge 
significantly influences the amount and method of reimbursement 
hospitals receive. Therefore, hospitals have a duty to ensure that 
admission and discharge policies are updated and reflect current CMS 
rules. Risk areas with respect to the admission and discharge processes 
include the following:
     Failure to follow the ``same-day rule''--The OPPS rules 
require hospitals to include on the same claim all OPPS services 
provided at the same hospital, to the same patient, on the same day, 
unless certain conditions are met. Hospitals should review internal 
billing systems and procedures to ensure that they are not submitting 
multiple claims for OPPS services delivered to the same patient on the 
same day.\21\
---------------------------------------------------------------------------

    \21\ See, e.g., chapter 1, section 50.2 of the Medicare Claims 
Processing Manual, available on CMS's Web page at http://www.cms.gov/manuals/104_claims/clm104c01.pdf.
---------------------------------------------------------------------------

     Abuse of partial hospitalization payments--Under the OPPS, 
Medicare provides a per diem payment for specific hospital services 
rendered to behavioral and mental health patients on a partial 
hospitalization basis. Examples of improper billing under the partial 
hospitalization program include, without limitation: reducing the range 
of services offered; withholding services that are medically 
appropriate; billing for services not covered; and billing for services 
without a certificate of medical necessity.\22\
---------------------------------------------------------------------------

    \22\ See chapter 4, section 260 of the Medicare Claims 
Processing Manual, available on CMS's Web page at http://www.cms.gov/manuals/104_claims/clm104c04.pdf.
---------------------------------------------------------------------------

     Same-day discharges and readmissions--Same-day discharges 
and readmissions may indicate premature discharges, medically 
unnecessary readmissions, or incorrect discharge coding. Hospitals 
should have procedures in place to review discharges and admissions 
carefully to ensure that they reflect prudent clinical decision-making 
and are properly coded.\23\
---------------------------------------------------------------------------

    \23\ See, e.g., OIG Audit Report A-03-01-00011, ``Review of 
Medicare Same-Day, Same-Provider Acute Care Readmissions in 
Pennsylvania During Calendar year 1998,'' August 2002, available on 
our Web page at http://oig.hhs.gov/oas/reports/region 3/
30100011.pdf.
---------------------------------------------------------------------------

     Violation of Medicare's post-acute care transfer policy--
The post-acute care transfer policy provides that, for certain 
designated Diagnosis Related Groups (DRGs), a hospital will receive a 
per diem transfer payment, rather than the full DRG payment, if the 
patient is discharged to certain post-acute care settings.\24\ CMS may 
periodically revise the list of designated DRGs that are subject to its 
post-acute care transfer policy.\25\ To avoid improperly billing for 
discharges, hospitals should pay particular attention to CMS's post-
acute care transfer policy and keep an accurate list of all designated 
DRGs subject to that policy.
---------------------------------------------------------------------------

    \24\ See 42 CFR 412.4(c). See, e.g., OIG Audit Report A-04-00-
01220 ``Implementation of Medicare's Postacute Care Transfer 
Policy,'' October 2001, available on our Web page at http://oig.hhs.gov/oas/reports/region4/40001220.pdf.
    \25\ The initial 10 designated DRGs were selected by the 
Secretary, pursuant to section 1886(d)(5)(J) of the Social Security 
Act (42 U.S.C. 1395ww(d)(5)(J)). With the 2004 fiscal year PPS rule, 
CMS revised the list of DRGs paid under CMS's post-acute care 
transfer policy, bringing the total number of designated DRGs to 29. 
See 68 FR 45346 (August 1, 2003). Then, with the 2005 fiscal year 
PPS rule, CMS revised the list again, bringing the current total 
number of designated DRGs to 30. See 69 FR 48916 (August 11, 2004). 
See also chapter 3, section 402.4 of the Medicare Claims Processing 
Manual, available on CMS's Web page at http://www.cms.gov/manuals/104_claims/clm104c03.pdf.
---------------------------------------------------------------------------

     Improper churning of patients by long-term care hospitals 
co-located in acute care hospitals--Long term care hospitals that are 
co-located within acute care hospitals may qualify for PPS-exempt 
status if certain regulatory requirements are satisfied.\26\ Hospitals 
should not engage in the practice of churning, or inappropriately 
transferring, patients between the host hospital and the hospital-
within-a-hospital.
---------------------------------------------------------------------------

    \26\ See 42 CFR 412.22(e).
---------------------------------------------------------------------------

3. Supplemental Payment Considerations
    Under the Medicare program, in certain limited situations, 
hospitals may claim payments in addition to, or in some cases in lieu 
of, the normal reimbursement available to hospitals under the regular 
payment systems. Eligibility for these payments depends on compliance 
with specific criteria. Hospitals that claim supplemental payments 
improperly are liable for fines and penalties under Federal law. 
Examples of specific risks that hospitals should address include the 
following:
     Improper reporting of the costs of ``pass-through'' 
items--``Pass-through'' items are certain items of new technology and 
drugs for which Medicare will reimburse the hospital

[[Page 4862]]

based on costs during a limited transitional period.\27\
---------------------------------------------------------------------------

    \27\ For more information regarding CMS's APC ``pass-through'' 
payments, See http://www.cms.gov/providers/hopps/apc.asp.
---------------------------------------------------------------------------

     Abuse of DRG outlier payments--Recent investigations 
revealed substantial abuse of outlier payments by hospitals with 
Medicare patients. Hospital management, compliance staff, and counsel 
should familiarize themselves with CMS's new outlier rules and 
requirements intended to curb abuses.\28\
---------------------------------------------------------------------------

    \28\ See 42 CFR 412.84; 68 FR 34493 (June 9, 2003).
---------------------------------------------------------------------------

     Improper claims for incorrectly designated ``provider-
based'' entities--Certain hospital-affiliated entities and clinics can 
be designated as ``provider-based,'' which allows for a higher level of 
reimbursement for certain services.\29\ Hospitals should take steps to 
ensure that facilities or organizations are only designated as 
provider-based if they satisfy the criteria set forth in the 
regulations.
---------------------------------------------------------------------------

    \29\ The criteria for determining whether a facility or 
organization is provider-based can be found at 42 CFR 413.65. In 
April 2003, CMS published Transmittal A-03-030, outlining changes to 
the criteria for provider-based designation. See http://www.cms.gov/manuals/pm_trans/A03030.pdf.
---------------------------------------------------------------------------

     Improper claims for clinical trials--Since September 2000, 
Medicare has covered items and services furnished during certain 
clinical trials, as long as those items and services would typically be 
covered for Medicare beneficiaries, but for the fact that they are 
provided in an experimental or clinical trial setting. Hospitals that 
participate in clinical trials should review the requirements for 
submitting claims for patients participating in clinical trials.\30\
---------------------------------------------------------------------------

    \30\ To view Medicare's National Coverage Decision regarding 
clinical trials, see http://www.cms.gov/coverage/8d2.asp. Specific 
requirements for submitting claims for reimbursement for clinical 
trials can be accessed on CMS's Web page at http://www.cms.gov/coverage/8d4.asp.
---------------------------------------------------------------------------

     Improper claims for organ acquisition costs--Hospitals 
that are approved transplantation centers may receive reimbursement on 
a reasonable cost basis to cover the costs of acquisition of certain 
organs.\31\ Organ acquisition costs are only reimbursable if a hospital 
satisfies several requirements, such as having adequate cost 
information, supporting documentation, and supporting medical 
records.\32\ Hospitals must also ensure that expenses not related to 
organ acquisition, such as transplant and post-transplant activities 
and costs from other cost centers, are not included in the hospital's 
organ acquisition costs.\33\
---------------------------------------------------------------------------

    \31\ See 42 CFR 412.2(e)(4), 42 CFR 412.113(d), and 42 CFR 
413.203. See generally 42 CFR part 413 (setting forth the principles 
of reasonable cost reimbursement).
    \32\ See Medicare's Provider Reimbursement Manual (PRM), Part I, 
section 2304 and Part II, section 3610, available on CMS's Web page 
at http://www.cms.gov/manuals/cmsfoc.asp.
    \33\ See 42 CFR 412.100. See also, chapter 3, section 90 of the 
Medicare Claims Processing Manual, available on CMS's Web page at 
http://www.cms.gov/manuals/104_claims/clm104c03.pdf pdf.See, e.g., OIG Audit Report A-04-02-02017, ``Audit of Medicare 
Costs for Organ Acquisitions at Tampa General Hospital,'' April 
2003, available on our Web page at http://oig.hhs.gov/oas/reports/region4/40202017.pdf.
---------------------------------------------------------------------------

     Improper claims for cardiac rehabilitation services--
Medicare covers reasonable and necessary cardiac rehabilitation 
services under the hospital ``incident-to'' benefit, which requires 
that the services of nonphysician personnel be furnished under a 
physician's direct supervision. In addition to satisfying the 
supervision requirement, hospitals must ensure that cardiac 
rehabilitation services are reasonable and necessary.\34\
---------------------------------------------------------------------------

    \34\ See section 35-25 of the Medicare Coverage Issues Manual. 
See, e.g., OIG Audit Report A-01-03-00516, ``Review of Outpatient 
Cardiac Rehabilitation Services at the Cooley Dickinson Hospital,'' 
December 2003, available on our Web page at http://oig.hhs.gov/oas/reports/region reports/region 1/10300516.pdf.
---------------------------------------------------------------------------

     Failure to follow Medicare rules regarding payment for 
costs related to educational activities\35\--Hospitals should pay 
particular attention to these rules when implementing dental or other 
education programs, particularly those not historically operated at the 
hospital.
---------------------------------------------------------------------------

    \35\ Payments for direct graduage medical education (GME) and 
indirect graduate medical education (IME) costs are, in part, based 
upon the number of full-time equivalent (FTE) residents at each 
hospital and the proportion of time residents spend in training. 
Hospitals that inappropriately calculate the number of FTE residents 
risk receiving inappropriate medical education payments. Hospitals 
should have in place procedures regarding: (i) Resident rotation 
monitoring; (ii) resident credentialing; (iii) written agreements 
with non-hospital providers; and (iv) the approval process for 
research activities. For more information regarding medical 
education reimbursement, see 42 CFR 413.75 et. seq. (GME 
requirements) and 42 CFR 412.105 (IME requirements). See, e.g., OIG 
Audit Report A-01-01-00547 ``Review of Graduate Medical Education 
Costs Claimed by the Hartford Hospital for Fiscal Year Ending 
September 30, 1999,'' October 2003, available on our Web page at 
http://oig.hhs.gov/oas/reports/region 1/10100547.pdf.
---------------------------------------------------------------------------

4. Use of Information Technology
    The implementation of the OPPS increased the need for hospitals to 
pay particular attention to their computerized billing, coding, and 
information systems. Billing and coding under the OPPS is more data 
intensive than billing and coding under the inpatient PPS. When the 
OPPS began, many hospitals' existing systems were unable to accommodate 
the new requirements and required adjustments.
    As the health care industry moves forward, hospitals will 
increasingly rely on information technology. For example, HIPAA Privacy 
and Security Rules (discussed below in section II.G), electronic claims 
submission,\36\ electronic prescribing, networked information sharing 
among providers, and systems for the tracking and reduction of medical 
errors, among others, will require hospitals to depend more on 
information technologies. Information technology presents new 
opportunities to advance health care efficiency, but also new 
challenges to ensuring the accuracy of claims and the information used 
to generate claims. It may be difficult for purchasers of computer 
systems and software to know exactly how the system operates and 
generates information. Prudent hospitals will take steps to ensure that 
they thoroughly assess all new computer systems and software that 
impact coding, billing, or the generation or transmission of 
information related to the Federal health care programs or their 
beneficiaries.
---------------------------------------------------------------------------

    \36\ For more information regarding Medicare's Electronic Data 
Interchange programs, see http://www.cms.gov/providers/edi/.
---------------------------------------------------------------------------

B. The Referral Statutes: The Physician Self-Referral Law (the 
``Stark'' Law) and the Federal Anti-Kickback Statute
1. The Physician Self-Referral Law
    From a hospital compliance perspective, the physician self-referral 
law (section 1877 of the Social Security Act (Act), commonly known as 
the ``Stark'' law) should be viewed as a threshold statute. The statute 
prohibits hospitals from submitting--and Medicare from paying--any 
claim for a ``designated health service'' (DHS) if the referral of the 
DHS comes from a physician with whom the hospital has a prohibited 
financial relationship.\37\ This is true even if the prohibited 
financial relationship is the result of inadvertence or error. In 
addition, hospitals and physicians that knowingly violate the statute 
may be subject to CMPs and exclusion from the Federal health care 
programs. Furthermore, under certain circumstances, a knowing violation 
of the Stark law may also give rise to liability under the False Claims 
Act. Because all inpatient and outpatient hospital services furnished 
to Medicare or Medicaid patients

[[Page 4863]]

(including services furnished directly by a hospital or by others 
``under arrangements'' with a hospital) are DHS under the statute,\38\ 
hospitals must diligently review all financial relationships with 
referring physicians for compliance with the Stark law. Simply put, 
hospitals face significant financial exposure unless their financial 
relationships with referring physicians fit squarely in statutory or 
regulatory exceptions to the Stark law.
---------------------------------------------------------------------------

    \37\ The statute also prohibits physicians from referring DHS to 
entities, including hospitals, with which they have prohibited 
financial relationships. However, the billing prohibition and 
nonpayment sanction apply only to the DHS entity (e.g., the 
hospital). See section 1877(a) of the Act. Section 1903(s) of the 
Act extends the statutory prohibition to Medicaid-covered services.
    \38\ The statute lists ten additional categories of DHS, 
including, among others, clinical laboratory services, radiology 
services, and durable medical equipment. See section 1877(h)(6) of 
the Act. Hospitals and health systems that own or operate free-
standing DHS entities should be mindful of the ten additional DHS 
categories. CMS has clarified that lithotripsy services furnished to 
hospital inpatients are not DHS. See 69 FR 16054, 16106 (March 26, 
2004).
---------------------------------------------------------------------------

    For purposes of analyzing a financial relationship under the Stark 
law, the following three-part inquiry is useful:
     Is there a referral from a physician for a designated 
health service? If not, then there is no Stark law issue (although 
other fraud and abuse authorities, such as the anti-kickback statute, 
may be implicated). If the answer is ``yes,'' the next inquiry is:
     Does the physician (or an immediate family member) have a 
financial relationship with the entity furnishing the DHS (e.g., the 
hospital)? Again, if the answer is no, the Stark law is not implicated. 
However, if the answer is ``yes,'' the third inquiry is:
     Does the financial relationship fit in an exception? If 
not, the statute has been violated.
    Detailed definitions of the highlighted terms are set forth in 
regulations at 42 CFR 411.351 through 411.361 (substantial additional 
explanatory material appears in the regulatory preambles to the final 
regulations: 66 FR 856 (January 4, 2001); 69 FR 16054 (March 26, 2004); 
and 69 FR 17933 (April 6, 2004)). Importantly, a financial relationship 
can be almost any kind of direct or indirect ownership or investment 
relationship (e.g., stock ownership, a partnership interest, or secured 
debt) or direct or indirect compensation arrangement, whether in cash 
or in-kind (e.g., a rental contract, personal services contract, 
salary, gift, or gratuity), between a referring physician (or immediate 
family member) and a hospital. Moreover, the financial relationship 
need not relate to the provision of DHS (e.g., a joint venture between 
a hospital and a physician to operate a hospice would create an 
indirect compensation relationship between the hospital and the 
physician for Stark law purposes).
    The statutory and regulatory exceptions are the key to compliance 
with the Stark law. Any financial relationship between the hospital and 
a physician who refers to the hospital must fit in an exception. 
Exceptions exist in the statute and regulations for many common types 
of business arrangements. To fit in an exception, an arrangement must 
squarely meet all of the conditions set forth in the exception. 
Importantly, it is the actual relationship between the parties, and not 
merely the paperwork, that must fit in an exception. Unlike the anti-
kickback safe harbors, which are voluntary, fitting in an exception is 
mandatory under the Stark law.
    Compliance with a Stark law exception does not immunize an 
arrangement under the anti-kickback statute. Rather, the Stark law sets 
a minimum standard for arrangements between physicians and hospitals. 
Even if a hospital-physician relationship qualifies for a Stark law 
exception, it should still be reviewed for compliance with the anti-
kickback statute. The anti-kickback statute is discussed in greater 
detail in the next subsection.
    Because of the significant exposure for hospitals under the Stark 
law, we recommend that hospitals implement systems to ensure that all 
conditions in the exceptions upon which they rely are fully satisfied. 
For example, many of the exceptions, such as the rental and personal 
services exceptions, require signed, written agreements with 
physicians. We are aware of numerous instances in which hospitals 
failed to maintain these signed written agreements, often inadvertently 
(e.g., a holdover lease without a written lease amendment; a physician 
hired as an independent contractor for a short-term project without a 
signed agreement). To avoid a large overpayment, hospitals should 
ensure frequent and thorough review of their contracting and leasing 
processes. The final regulations contain a new limited exception for 
certain inadvertent, temporary instances of noncompliance with another 
exception. This exception may only be used on an occasional basis. 
Hospitals should be mindful that this exception is not a substitute for 
vigilant contracting and leasing oversight. In addition, hospitals 
should review the new reporting requirements at 42 CFR 411.361, which 
generally require hospitals to retain records that the hospitals know 
or should know about in the course of prudently conducting business. 
Hospitals should ensure that they have policies and procedures in place 
to address these reporting requirements.
    In addition, because many exceptions to the Stark law require fair 
market value compensation for items or services actually needed and 
rendered, hospitals should have appropriate processes for making and 
documenting reasonable, consistent, and objective determinations of 
fair market value and for ensuring that needed items and services are 
furnished or rendered. Other areas that may require careful monitoring 
include, without limitation, the total value of nonmonetary 
compensation provided annually to each referring physician, the value 
of medical staff incidental benefits, and the provision of professional 
courtesy.\39\ As discussed further in the anti-kickback section below, 
hospitals should exercise care when recruiting physicians. Importantly, 
while the final regulations contain a limited exception for certain 
joint recruiting by hospitals and existing group practices, the 
exception strictly forbids the use of income guarantees that shift 
group practice overhead or expenses to the hospital or any payment 
structure that otherwise transfers remuneration to the group practice.
---------------------------------------------------------------------------

    \39\ Hospitals affiliated with academic medical centers should 
be aware that the regulations contain a special exception for 
certain academic medical center arrangements. See 42 CFR 411.355(e). 
Specialty hospitals should be mindful of certain limitations on new 
physician-owned specialty hospitals contained in section 507 of the 
Medicare Prescription Drug, Improvement and Modernization Act of 
2003. See CMS's One-Time Notification regarding the 18-month 
moratorium on physician investment in specialty hospitals, CMS 
Manual System Pub. 100-20 One-Time Notification, Transmittal 26 
(March 19, 2004), available on CMS's Web page at http://www.cms.gov/manuals/pm_trans/R62OTN.pdf.
---------------------------------------------------------------------------

    Further information about the Stark law and applicable regulations 
can be found on CMS's Web page at http://cms.gov/medlearn/refphys.asp. 
Information regarding CMS's Stark advisory opinion process can be found 
at http://cms.gov/physicians/aop/default.asp.
2. The Federal Anti-Kickback Statute
    Hospitals should also be aware of the Federal anti-kickback 
statute, section 1128B(b) of the Act, and the constraints it places on 
business arrangements related directly or indirectly to items or 
services reimbursable by any Federal health care program, including, 
but not limited to, Medicare and Medicaid. The anti-kickback statute 
prohibits in the health care industry some practices that are common in 
other business sectors, such as offering gifts to reward past or 
potential new referrals.
    The anti-kickback statute is a criminal prohibition against 
payments (in any form, whether the payments are direct

[[Page 4864]]

or indirect) made purposefully to induce or reward the referral or 
generation of Federal health care program business. The anti-kickback 
statute addresses not only the offer or payment of anything of value 
for patient referrals, but also the offer or payment of anything of 
value in return for purchasing, leasing, ordering, or arranging for or 
recommending the purchase, lease, or ordering of any item or service 
reimbursable in whole or in part by a Federal health care program. The 
statute extends equally to the solicitation or acceptance of 
remuneration for referrals or the generation of other business payable 
by a Federal health care program. Liability under the anti-kickback 
statute is determined separately for each party involved. In addition 
to criminal penalties, violators may be subject to CMPs and exclusion 
from the Federal health care programs. Hospitals should also be mindful 
that compliance with the anti-kickback statute is a condition of 
payment under Medicare and other Federal health care programs. See, 
e.g., Medicare Federal Health Care Provider/Supplier Application, CMS 
Form 855A, Certification Statement at section 15, paragraph A.3, 
available on CMS's Web page at http://www.cms.gov/providers/enrollment/forms/ /. As such, liability may arise under the False 
Claims Act where the anti-kickback statute violation results in the 
submission of a claim for payment under a Federal health care program.
    Although liability under the anti-kickback statute ultimately turns 
on a party's intent, it is possible to identify arrangements or 
practices that may present a significant potential for abuse. For 
purposes of analyzing an arrangement or practice under the anti-
kickback statute, the following two inquiries are useful:
     Does the hospital have any remunerative relationship 
between itself (or its affiliates or representatives) and persons or 
entities in a position to generate Federal health care program business 
for the hospital (or its affiliates) directly or indirectly? Persons or 
entities in a position to generate Federal health care program business 
for a hospital include, for example, physicians and other health care 
professionals, ambulance companies, clinics, hospices, home health 
agencies, nursing facilities, and other hospitals.
     With respect to any remunerative relationship so 
identified, could one purpose of the remuneration be to induce or 
reward the referral or recommendation of business payable in whole or 
in part by a Federal health care program? Importantly, under the anti-
kickback statute, neither a legitimate business purpose for the 
arrangement, nor a fair market value payment, will legitimize a payment 
if there is also an illegal purpose (i.e., inducing Federal health care 
program business).
    Although any arrangement satisfying both tests implicates the anti-
kickback statute and requires careful scrutiny by a hospital, the 
courts have identified several potentially aggravating considerations 
that can be useful in identifying arrangements at greatest risk of 
prosecution. In particular, hospitals should ask the following 
questions, among others, about any potentially problematic arrangements 
or practices they identify:
     Does the arrangement or practice have a potential to 
interfere with, or skew, clinical decision-making?
     Does the arrangement or practice have a potential to 
increase costs to Federal health care programs, beneficiaries, or 
enrollees?
     Does the arrangement or practice have a potential to 
increase the risk of overutilization or inappropriate utilization?
     Does the arrangement or practice raise patient safety or 
quality of care concerns?
    Hospitals that have identified potentially problematic arrangements 
or practices can take a number of steps to reduce or eliminate the risk 
of an anti-kickback violation. Detailed guidance relating to a number 
of specific practices is available from several sources. Most 
importantly, the anti-kickback statute and the corresponding 
regulations establish a number of ``safe harbors'' for common business 
arrangements. The following safe harbors are of most relevance to 
hospitals:
     Investment interests safe harbor (42 CFR 1001.952(a)),
     Space rental safe harbor (42 CFR 1001.952(b)),
     Equipment rental safe harbor (42 CFR 1001.952(c)),
     Personal services and management contracts safe harbor (42 
CFR 1001.952(d)),
     Sale of practice safe harbor (42 CFR 1001.952(e)),
     Referral services safe harbor (42 CFR 1001.952(f)),
     Discount safe harbor (42 CFR 1001.952(h)),
     Employee safe harbor (42 CFR 1001.952(i)),
     Group purchasing organizations safe harbor (42 CFR 
1001.952(j)),
     Waiver of beneficiary coinsurance and deductible amounts 
safe harbor (42 CFR 1001.952(k)),
     Practitioner recruitment safe harbor (42 CFR 1001.952(n)),
     Obstetrical malpractice insurance subsidies safe harbor 
(42 CFR 1001.952(o)),
     Cooperative hospital service organizations safe harbor (42 
CFR 1001.952(q)),
     Ambulatory surgical centers safe harbor (42 CFR 
1001.952(r)),
     Ambulance replenishing safe harbor (42 CFR 1001.952(v)), 
and
     Safe harbors for certain managed care and risk sharing 
arrangements (42 CFR 1001.952(m), (t), and (u)).\40\
---------------------------------------------------------------------------

    \40\ Importantly, the anti-kickback statute safe harbors are not 
the same as the Stark law exceptions described above at section 
II.B.1 of this guidance. An arrangement's compliance with the anti-
kickback statute and the Stark law must be evaluated separately.
---------------------------------------------------------------------------

    Safe harbor protection requires strict compliance with all 
applicable conditions set out in the relevant safe harbor.\41\ Although 
compliance with a safe harbor is voluntary and failure to comply with a 
safe harbor does not mean an arrangement is illegal per se, we 
recommend that hospitals structure arrangements to fit in a safe harbor 
whenever possible. Arrangements that do not fit in a safe harbor must 
be evaluated on a case-by-case basis.
---------------------------------------------------------------------------

    \41\ Parties to an arrangement cannot obtain safe harbor 
protection by entering into a sham contract that complies with the 
written agreement requirement of a safe harbor and appears, on 
paper, to meet all of the other safe harbor requirements, but does 
not reflect the actual arrangement between the parties. In other 
words, in assessing compliance with a safe harbor, the OIG examines 
not only whether the written contract satisfies all of the safe 
harbor requirements, but also whether the actual arrangement 
satisfies the requirements.
---------------------------------------------------------------------------

    Other available guidance includes special fraud alerts and advisory 
bulletins issued by the OIG identifying and discussing particular 
practices or issues of concern and OIG advisory opinions issued to 
specific parties about their particular business arrangements.\42\ A 
hospital concerned about an existing or proposed arrangement may 
request a binding OIG advisory opinion regarding whether the 
arrangement violates the Federal anti-kickback statute or other OIG 
fraud and abuse authorities, using the procedures set out at 42 CFR 
part 1008. The safe harbor regulations (and accompanying Federal 
Register preambles), fraud alerts and bulletins, advisory opinions (and 
instructions for obtaining them, including a list of frequently asked 
questions), and other guidance are

[[Page 4865]]

available on the OIG Web page at http://oig.hhs.gov.
---------------------------------------------------------------------------

    \42\ While informative for guidance purposes, an OIG advisory 
opinion is binding only with respect to the particular party or 
parties that requested the opinion. The analyses and conclusions set 
forth in OIG advisory opinions are very fact-specific. Accordingly, 
hospitals should be aware that different facts may lead to different 
results.
---------------------------------------------------------------------------

    The following discussion highlights several known areas of 
potential risk under the anti-kickback statute. The propriety of any 
particular arrangement can only be determined after a detailed 
examination of the attendant facts and circumstances. The 
identification of a given practice or activity as ``suspect'' or as an 
area of ``risk'' does not mean it is necessarily illegal or unlawful, 
or that it cannot be properly structured to fit in a safe harbor; nor 
does it mean that the practice or activity is not beneficial from a 
clinical, cost, or other perspective. Rather, the areas identified 
below are areas of activity that have a potential for abuse and that 
should receive close scrutiny from hospitals. The discussion highlights 
potential risks under the anti-kickback statute arising from hospitals' 
relationships in the following seven categories: (a) Joint ventures; 
(b) compensation arrangements with physicians; (c) relationships with 
other health care entities; (d) recruitment arrangements; (e) 
discounts; (f) medical staff credentialing; and (g) malpractice 
insurance subsidies. (In addition, the kickback risks associated with 
gainsharing arrangements are discussed below in section II.C of this 
guidance.)
    Physicians are the primary referral source for hospitals, and, 
therefore, most of the discussion below focuses on hospitals' 
relationships with physicians. Notwithstanding, hospitals also receive 
referrals from other health care professionals, including physician 
assistants and nurse practitioners, and from other providers and 
suppliers (such as ambulance companies, clinics, hospices, home health 
agencies, nursing facilities, and other hospitals). Therefore, in 
addition to reviewing their relationships with physicians, hospitals 
should also review their relationships with nonphysician referral 
sources to ensure that the relationships do not violate the anti-
kickback statute. The principles described in the following discussions 
can be used to assess the risk associated with relationships with both 
physician and nonphysician referral sources.
a. Joint Ventures
    The OIG has a long-standing concern about joint venture 
arrangements between those in a position to refer or generate Federal 
health care program business and those providing items or services 
reimbursable by Federal health care programs.\43\ In the context of 
joint ventures, our chief concern is that remuneration from a joint 
venture might be a disguised payment for past or future referrals to 
the venture or to one or more of its participants. Such remuneration 
may take a variety of forms, including dividends, profit distributions, 
or, with respect to contractual joint ventures, the economic benefit 
received under the terms of the operative contracts.
---------------------------------------------------------------------------

    \43\ See 1989 Special Fraud Alert on Joint Venture Arrangements, 
reprinted in the Federal Register (59 FR 65372; December 19,1994) 
and available on our Web page at http://oig.hhs.gov/fraud/docs/alertsandbulletins/121994.html.
---------------------------------------------------------------------------

    When scrutinizing joint ventures under the anti-kickback statute, 
hospitals should examine the following factors, among others:
     The manner in which joint venture participants are 
selected and retained. If participants are selected or retained in a 
manner that takes into account, directly or indirectly, the value or 
volume of referrals, the joint venture is suspect. The existence of one 
or more of the following indicators suggests that there might be an 
improper nexus between the selection or retention of participants and 
the value or volume of their referrals:

--A substantial number of participants are in a position to make or 
influence referrals to the venture, other participants, or both;
--Participants that are expected to make a large number of referrals 
are offered a greater or more favorable investment or business 
opportunity in the joint venture than those anticipated to make fewer 
referrals;
--Participants are actively encouraged or required to make referrals to 
the joint venture;
--Participants are encouraged or required to divest their ownership 
interest if they fail to sustain an ``acceptable'' level of referrals;
--The venture (or its participants) tracks its sources of referrals and 
distributes this information to the participants; or
--The investment interests are nontransferable or subject to transfer 
restrictions related to referrals.

     The manner in which the joint venture is structured. The 
structure of the joint venture is suspect if a participant is already 
engaged in the line of business to be conducted by the joint venture, 
and that participant will own all or most of the equipment, provide or 
perform all or most of the items or services, or take responsibility 
for all or most of the day-to-day operations. With this kind of 
structure, the co-participant's primary contribution is typically as a 
captive referral base.
     The manner in which the investments are financed and 
profits are distributed. The existence of one or more of the following 
indicators suggests that the joint venture may be a vehicle to disguise 
referrals:

--Participants are offered investment shares for a nominal or no 
capital contribution;
--The amount of capital that participants invest is disproportionately 
small, and the returns on the investment are disproportionately large, 
when compared to a typical investment in a new business enterprise;
--Participants are permitted to borrow their capital investments from 
another participant or from the joint venture, and to pay back the loan 
through deductions from profit distributions, thus eliminating even the 
need to contribute cash;
--Participants are paid extraordinary returns on the investment in 
comparison with the risk involved; or
--A substantial portion of the gross revenues of the venture are 
derived from participant-driven referrals.
    In light of the obvious risk inherent in joint ventures, whenever 
possible, hospitals should structure joint ventures to fit squarely in 
one of the following safe harbors for investment interests:
     The ``small entity'' investment safe harbor (42 CFR 
1001.952(a)(2)), which applies to returns on investments as long as no 
more than 40 percent of the investment interests are held by investors 
who are in a position to make or influence referrals to, furnish items 
or services to, or otherwise generate business for the venture 
(interested investors), no more than 40 percent of revenues come from 
referrals or business otherwise generated from investors, and all other 
conditions are satisfied; \44\
---------------------------------------------------------------------------

    \44\ There is also a safe harbor for investment interests in 
large entities (i.e., entities with over fifty million dollars in 
assets) (42 CFR 1001.952(a)(1)).
---------------------------------------------------------------------------

     The safe harbor for investment interests in an entity 
located in an underserved area (42 CFR 1001.952(a)(3)), which applies 
to ventures located in medically underserved areas (as defined in 
regulations issued by the Department and set forth at 42 CFR part 51c), 
as long as no more than 50 percent of the investment interests are held 
by interested investors and all other conditions are satisfied; or
     The hospital-physician ambulatory surgical center (ASC) 
safe harbor (42 CFR 1001.952(r)(4)). This safe harbor only protects 
investments in Medicare-certified ASCs owned by hospitals and certain 
qualifying physicians. Importantly, it does not protect

[[Page 4866]]

investments by hospitals and physicians in non-ASC clinical joint 
ventures, including, for example, cardiac catheterization or vascular 
laboratories, oncology centers, and dialysis facilities. Investors in 
such clinical ventures should look to other safe harbors and to the 
factors noted above.
    These safe harbors protect remuneration in the form of returns on 
investment interests (i.e., money paid by an entity to its owners or 
investors as dividends, profit distributions, or the like). However, 
they do not protect payments made by participating investors to a 
venture or payments made by the venture to other parties, such as 
vendors, contractors, or employees (although in some cases these 
arrangements may fit in other safe harbors).
    As we originally observed in our 1989 Special Fraud Alert on Joint 
Venture Arrangements,\45\ joint ventures may take a variety of forms, 
including a contractual arrangement between two or more parties to 
cooperate in a common and distinct enterprise providing items or 
services, thereby creating a ``contractual joint venture.'' We 
elaborated more fully on contractual joint ventures in our 2003 Special 
Advisory Bulletin on Contractual Joint Ventures.\46\ Contractual joint 
ventures pose the same kinds of risks as equity joint ventures and 
should be analyzed similarly. Factors to consider include, for example, 
whether the hospital is expanding into a new line of business created 
predominately or exclusively to serve the hospital's existing patient 
base, whether a would-be competitor of the new line of business is 
providing all or most of the key services, and whether the hospital 
assumes little or no bona fide business risk. An example of a 
potentially problematic contractual joint venture would be a hospital 
contracting with an existing durable medical equipment (DME) supplier 
to operate the hospital's newly formed DME subsidiary (with its own DME 
supplier number) on essentially a turnkey basis, with the hospital 
primarily furnishing referrals and assuming little or no business 
risk.\47\
---------------------------------------------------------------------------

    \45\ See 1989 Special Fraud Alert on Joint Venture Arrangements, 
supra note 43.
    \46\ This Special Advisory Bulletin is available on our Web page 
at http://oig.hhs.gov/fraud/docs/alertsandbulletins/042303SABJointVentures.pdf.
    \47\ Contractual ventures with existing clinical laboratories 
and outpatient therapy providers, among others, are also potentially 
problematic, particularly if the venture is functionally a turnkey 
operation that enables a hospital to use its captive referrals to 
expand into a new line of business with little or no contribution of 
resources or assumption of real risk.
---------------------------------------------------------------------------

    Hospitals should be aware that, for reasons described in our 2003 
Special Advisory Bulletin on Contractual Joint Ventures,\48\ safe 
harbor protection may not be available for contractual joint ventures, 
and attempts to carve out separate contracts and qualify each 
separately for safe harbor protection may be ineffectual and leave the 
parties at risk under the statute.\49\
---------------------------------------------------------------------------

    \48\ See 2003 Special Advisory Bulletin on Contractual Joint 
Ventures, supra note 46.
    \49\ The Medicare program permits hospitals to furnish services 
``under arrangements'' with other providers or suppliers. Hospitals 
frequently furnish services ``under arrangements'' with an entity 
owned, in whole or in part, by referring physicians. Standing alone, 
these ``under arrangements'' relationships do not fall within the 
scope of problematic contractual joint ventures described in the 
Special Fraud Alert; however, these relationships will violate the 
anti-kickback statute if remuneration is purposefully offered or 
paid to induce referrals (e.g., paying above-market rates for the 
services to influence referrals or otherwise tying the arrangements 
to referrals in any manner). These ``under arrangements'' 
relationships should be structured, when possible, to fit within an 
anti-kickback safe harbor. They must fit within a Stark exception, 
even if the service furnished ``under arrangements'' is not itself a 
DHS. See 66 FR 856, 941-2 (January 4, 2001); 69 FR 16054, 16106 
(March 26, 2004).
---------------------------------------------------------------------------

    If a hospital is planning to participate, directly or indirectly, 
in a joint venture involving referring physicians and the venture does 
not qualify for safe harbor protection, the hospital should scrutinize 
the venture with care, taking into account the factors noted above, and 
consider obtaining advice from an experienced attorney. At a minimum, 
to reduce (but not necessarily eliminate) the risk of abuse, hospitals 
should consider (i) barring physicians employed by the hospital or its 
affiliates from referring to the joint venture; (ii) taking steps to 
ensure that medical staff and other affiliated physicians are not 
encouraged in any manner to refer to the joint venture; (iii) notifying 
physicians annually in writing of the preceding policy; (iv) refraining 
from tracking in any manner the volume of referrals attributable to 
particular referrals sources; (v) ensuring that no physician 
compensation is tied in any manner to the volume or value of referrals 
to, or other business generated for, the venture; (vi) disclosing all 
financial interests to patients; \50\ and (vii) requiring that other 
participants in the joint venture adopt similar steps.
---------------------------------------------------------------------------

    \50\ While disclosure to patients does not offer sufficient 
protection against Federal health care program abuse, effective and 
meaningful disclosure offers some protection against possible abuses 
of patient trust.
---------------------------------------------------------------------------

b. Compensation Arrangements With Physicians
    Hospitals enter into a variety of compensation arrangements with 
physicians whereby physicians provide items or services to, or on 
behalf of, the hospital. Conversely, in some arrangements, hospitals 
provide items or services to physicians. Examples of these compensation 
arrangements include, without limitation, medical director agreements, 
personal or management services agreements, space or equipment leases, 
and agreements for the provision of billing, nursing, or other staff 
services. Although many compensation arrangements are legitimate 
business arrangements, compensation arrangements may violate the anti-
kickback statute if one purpose of the arrangement is to compensate 
physicians for past or future referrals.\51\
---------------------------------------------------------------------------

    \51\ As previously noted, a hospital should ensure that each 
compensation arrangement with a referring physician fits squarely in 
a statutory or regulatory exception to the Stark law.
---------------------------------------------------------------------------

    The general rule of thumb is that any remuneration flowing between 
hospitals and physicians should be at fair market value for actual and 
necessary items furnished or services rendered based upon an arm's-
length transaction and should not take into account, directly or 
indirectly, the value or volume of any past or future referrals or 
other business generated between the parties. Arrangements under which 
hospitals (i) provide physicians with items or services for free or 
less than fair market value, (ii) relieve physicians of financial 
obligations they would otherwise incur, or (iii) inflate compensation 
paid to physicians for items or services pose significant risk. In such 
circumstances, an inference arises that the remuneration may be in 
exchange for generating business.
    In particular, hospitals should review their physician compensation 
arrangements and carefully assess the risk of fraud and abuse using the 
following factors, among others:
     Are the items and services obtained from a physician 
legitimate, commercially reasonable, and necessary to achieve a 
legitimate business purpose of the hospital (apart from obtaining 
referrals)? Assuming that the hospital needs the items and services, 
does the hospital have multiple arrangements with different physicians, 
so that in the aggregate the items or services provided by all 
physicians exceed the hospital's actual needs (apart from generating 
business)?
     Does the compensation represent fair market value in an 
arm's-length transaction for the items and services? Could the hospital 
obtain the services from a non-referral source at a cheaper rate or 
under more favorable terms? Does the remuneration take into

[[Page 4867]]

account, directly or indirectly, the value or volume of any past or 
future referrals or other business generated between the parties? Is 
the compensation tied, directly or indirectly, to Federal health care 
program reimbursement?
     Is the determination of fair market value based upon a 
reasonable methodology that is uniformly applied and properly 
documented? If fair market value is based on comparables, the hospital 
should ensure that the market rate for the comparable services is not 
distorted (e.g., the market for ancillary services may be distorted if 
all providers of the service are controlled by physicians).
     Is the compensation commensurate with the fair market 
value of a physician with the skill level and experience reasonably 
necessary to perform the contracted services?
     Were the physicians selected to participate in the 
arrangement in whole or in part because of their past or anticipated 
referrals?
     Is the arrangement properly and fully documented in 
writing? Are the physicians documenting the services they provide? Is 
the hospital monitoring the services?
     In the case of physicians staffing hospital outpatient 
departments, are safeguards in place to ensure that the physicians do 
not use hospital outpatient space, equipment, or personnel to conduct 
their private practices? In addition, physicians working in outpatient 
departments must bill the appropriate site-of-service modifier. The 
hospital should take reasonable steps to ensure that physicians are 
aware of this requirement and should take appropriate action if it 
identifies physicians engaging in improper site-of-service billing.
    Whenever possible, hospitals should structure their compensation 
arrangements with physicians to fit in a safe harbor. Potentially 
applicable are the space rental safe harbor (42 CFR 1001.952(b)), the 
equipment rental safe harbor (42 CFR 1001.952(c)), the personal 
services and management contracts safe harbor (42 CFR 1001.952(d)), the 
sale of practice safe harbor (42 CFR 1001.952(e)), the referral 
services safe harbor (42 CFR 1001.952(f)), the employee safe harbor (42 
CFR 1001.952(i)), the practitioner recruitment safe harbor (42 CFR 
1001.952(n)), and the obstetrical malpractice insurance subsidies safe 
harbor (42 CFR 1001.952(o)). An arrangement must fit squarely in a safe 
harbor to be protected. Arrangements that do not fit in a safe harbor 
should be reviewed in light of the totality of all facts and 
circumstances. At minimum, hospitals should develop policies and 
procedures requiring physicians to document, and the hospital to 
monitor, the services or items provided under compensation arrangements 
(including, for example, by using written time reports). In some cases, 
particularly rentals, hospitals should consider obtaining an 
independent fair market valuation using appropriate health care 
valuation standards.
    Arrangements between hospitals and traditional hospital-based 
physicians (e.g., anesthesiologists, radiologists, and pathologists) 
raise some different concerns.\52\ In these arrangements, it is 
typically the hospitals that are in a position to influence the flow of 
business to the physicians, rather than the physicians making referrals 
to the hospitals.\53\ Such arrangements may violate the anti-kickback 
statute if the hospital solicits or receives something of value--or the 
physicians offer or pay something of value--in exchange for access to 
the hospital's Federal health care program business. Illegal kickbacks 
between hospitals and hospital-based physicians may take a variety of 
forms, including, without limitation:
---------------------------------------------------------------------------

    \52\ Arrangements between hospitals and hospital-based 
physicians were the topic of a Management Advisory Report (MAR) 
titled ``Financial Arrangements Between Hospitals and Hospital-Based 
Physicians,'' OEI-09-89-00330, available on our Web page at http://oig.hhs.gov/oei/reports/oei-09-89-00330.pdf.
    \53\ In this regard, arrangements between hospitals and 
traditional hospital-based physicians generally do not pose the same 
potential to cause the harms typically associated with kickback 
schemes. Moreover, a hospital's attending medical staff's quality 
expectations and a hospital's liability exposure for the malpractice 
of hospital-based physicians constrain the hospital's choice of a 
hospital-based physician or group. Finally, to the extent that any 
qualified group can bid for hospital-based business and the request 
for proposals clearly includes the entire arrangement, the 
competition is not unfair. (Of course, an open, competitive bidding 
process does not protect an otherwise illegal kickback arrangement.)
---------------------------------------------------------------------------

     A hospital requiring physicians to pay more than the fair 
market value for services provided to the hospital-based physicians by 
the hospital; or
     A hospital compensating physicians less than the fair 
market value for goods or services provided to the hospital by the 
physicians.
    Accordingly, arrangements that require physicians to provide 
Medicare Part A supervision and management services for token or no 
payment in exchange for the ability to provide physician-billable 
Medicare Part B services at the hospital potentially violate the anti-
kickback statute and should be closely scrutinized.
    We are aware that hospitals have long provided for the delivery of 
certain hospital-based physician services through the grant of an 
exclusive contract to a physician or physician group, which includes 
management, staffing, and other administrative functions, and in some 
cases limited clinical duties. These exclusive arrangements affect the 
cash and non-cash value of the overall arrangement to the respective 
parties.
    Depending on the circumstances, an exclusive contract can have 
substantial value to the hospital-based physician or group, as well as 
to the hospital, that may well have nothing to do with the value or 
volume of business flowing between the hospital and the physicians. By 
way of example only, an exclusive arrangement may reduce the costs a 
physician or group would otherwise incur for business development and 
may eliminate administrative costs otherwise incurred by the hospital. 
In an appropriate context, an exclusive arrangement that requires a 
hospital-based physician or physician group to perform reasonable 
administrative or limited clinical duties directly related to the 
hospital-based professional services at no or a reduced charge would 
not violate the anti-kickback statute, provided that the overall 
arrangement is consistent with fair market value in an arm's-length 
transaction, taking into account the value attributable to the 
exclusivity. Depending on the circumstances, examples of directly-
related administrative or clinical duties include, without limitation: 
participation on hospital committees, tumor boards, or similar hospital 
entities; participation in on-call rotation; and performance of quality 
assurance and oversight activities. Notwithstanding, whether the scope 
and volume of the required services in a particular arrangement 
reasonably reflect the value of the exclusivity will depend on the 
facts and circumstances of the arrangement.
    Nothing in this supplemental CPG should be construed as requiring 
hospital-based physicians to perform administrative or clinical 
services at no or a reduced charge. Uncompensated or below-market 
arrangements for goods or services will be subject to close scrutiny 
for compliance with the statute.
c. Relationships With Other Health Care Entities
    As addressed in the preceding subsection, hospitals may obtain 
referrals of Federal health care program business from a variety of 
health care professionals and entities. In addition, when furnishing 
inpatient, outpatient, and related services, hospitals often direct or 
influence referrals for items

[[Page 4868]]

and services reimbursable by Federal health care programs. For example, 
hospitals may refer patients to, or order items or services from, home 
health agencies,\54\ skilled nursing facilities, durable medical 
equipment companies, laboratories, pharmaceutical companies, and other 
hospitals. In cases where a hospital is the referral source for other 
providers or suppliers, it would be prudent for the hospital to 
scrutinize carefully any remuneration flowing to the hospital from the 
provider or supplier to ensure compliance with the anti-kickback 
statute, using the principles outlined above. Remuneration may include, 
for example, free or below-market-value items and services or the 
relief of a financial obligation.
---------------------------------------------------------------------------

    \54\ When referring to home health agencies and skilled nursing 
facilities, hospitals must comply with section 1861(ee)(2)(D) and 
(H) of the Act, requiring that Medicare participating hospitals, as 
part of the discharge planning process, (i) share with each 
beneficiary a list of Medicare-certified home health agencies or 
skilled nursing facilities, as applicable, that serve the 
beneficiary's geographic area, and (ii) identify any home health 
agency or skilled nursing facility in which the hospital has a 
disclosable financial interest or that has a financial interest in 
the hospital. See also 42 CFR 482.43.
---------------------------------------------------------------------------

    Hospitals should also review their managed care arrangements to 
ensure compliance with the anti-kickback statute. Managed care 
arrangements that do not fit within one of the managed care and risk 
sharing safe harbors at 42 CFR 1001.952(m), (t), or (u) must be 
evaluated on a case-by-case basis.
d. Recruitment Arrangements
    Many hospitals provide incentives to recruit a physician or other 
health care professional to join the hospital's medical staff and 
provide medical services to the surrounding community. When used to 
bring needed physicians to an underserved community, these arrangements 
can benefit patients. However, recruitment arrangements pose 
substantial fraud and abuse risk.
    In most cases, the recruited physician establishes a private 
practice in the community instead of becoming a hospital employee.\55\ 
Such arrangements potentially implicate the anti-kickback statute if 
one purpose of the recruitment arrangement is to induce referrals to 
the recruiting hospital. Safe harbor protection is available for 
certain recruitment arrangements offered by hospitals to attract 
primary care physicians and practitioners to health professional 
shortage areas (HPSAs), as defined in regulations issued by the 
Department.\56\ The scope of this safe harbor is very limited. In 
particular, the safe harbor does not protect (a) recruitment 
arrangements in areas that are not designated as HPSAs, (b) recruitment 
of specialists, or (c) joint recruitment with existing physician 
practices in the area.
---------------------------------------------------------------------------

    \55\ When paid pursuant to a properly structured employment 
arrangement, payments to physicians who become hospital employees 
may be protected by the employee safe harbor at 42 CFR 1001.952(i).
    \56\ See 42 CFR 1001.952(n).
---------------------------------------------------------------------------

    Because of the significant risk of fraud and abuse posed by 
improper recruitment arrangements, hospitals should scrutinize these 
arrangements with care. When assessing the degree of risk associated 
with recruitment arrangements, hospitals should examine the following 
factors, among others:
     The size and value of the recruitment benefit. Does the 
benefit exceed what is reasonably necessary to attract a qualified 
physician to the particular community? Has the hospital previously 
tried and failed to recruit or retain physicians?
     The duration of payout of the recruitment benefit. Total 
benefit payout periods extending longer than three years from the 
initial recruitment agreement should trigger heightened scrutiny.
     The practice of the existing physician. Is the physician a 
new physician with few or no patients or an established practitioner 
with a ready stream of referrals? Is the physician relocating from a 
substantial distance so that referrals are unlikely to follow or is it 
possible for the physician to bring an established patient base?
     The need for the recruitment. Is the recruited physician's 
specialty necessary to provide adequate access to medically necessary 
care for patients in the community? Do patients already have reasonable 
access to comparable services from other providers or practitioners in 
or near the community? An assessment of community need based wholly or 
partially on the competitive interests of the recruiting hospital or 
existing physician practices would subject the recruitment payments to 
heightened scrutiny under the statute.
    Significantly, hospitals should be aware that the practitioner 
recruitment safe harbor excludes any arrangement that directly or 
indirectly benefits any existing or potential referral source other 
than the recruited physician. Accordingly, the safe harbor does not 
protect ``joint recruitment'' arrangements between hospitals and other 
entities or individuals, such as solo practitioners, group practices, 
or managed care organizations, pursuant to which the hospital makes 
payments directly or indirectly to the other entity or individual. 
These joint recruitment arrangements present a high risk of fraud and 
abuse and have been the subject of recent government investigations and 
prosecutions. These arrangements can easily be used as vehicles to 
disguise payments from the hospital to an existing referral source--
typically an existing physician practice--in exchange for the existing 
practice's referrals to the hospital. Suspect payments to existing 
referral sources may include, among other things, income guarantees 
that shift costs from the existing referral source to the recruited 
physician and overhead and build-out costs funded for the benefit of 
the existing referral source. Hospitals should review all ``joint 
recruiting'' arrangements to ensure that remuneration does not inure in 
whole or in part to the benefit of any party other than the recruited 
physician.
e. Discounts
    Public policy favors open and legitimate price competition in 
health care. Thus, the anti-kickback statute contains an exception for 
discounts offered to customers that submit claims to the Federal health 
care programs, if the discounts are properly disclosed and accurately 
reported.\57\ However, to qualify for the exception, the discount must 
be in the form of a reduction in the price of the good or service based 
on an arm's-length transaction. In other words, the exception covers 
only reductions in the product's price. Moreover, the regulation 
provides that the discount must be given at the time of sale or, in 
certain cases, set at the time of sale, even if finally determined 
subsequent to the time of sale (i.e., a rebate).
---------------------------------------------------------------------------

    \57\ See 42 U.S.C. 1320a-7b(b)(3)(A); 42 CFR 1001.952(h).
---------------------------------------------------------------------------

    In conducting business, hospitals sell and purchase items and 
services reimbursable by Federal health care programs. Therefore, 
hospitals should thoroughly familiarize themselves with the discount 
safe harbor at 42 CFR 1001.952(h). In particular, depending on their 
role in the arrangement, hospitals should pay attention to the discount 
safe harbor requirements applicable to ``buyers,'' ``sellers,'' or 
``offerors.'' Compliance with the safe harbor is determined separately 
for each party. In general, hospitals should ensure that all 
discounts--including rebates--are properly disclosed and accurately 
reflected on hospital cost reports. If a hospital offers a discount on 
an item or service to a buyer, it should ensure that the discount is 
properly disclosed on the invoice or other documentation for the item 
or service.

[[Page 4869]]

    The discount safe harbor does not protect a discount offered to one 
payor but not to the Federal health care programs. Accordingly, in 
negotiating discounts for items and services paid from a hospital's 
pocket (such as those reimbursed under the Medicare Part A prospective 
payment system), the hospital should ensure that there is no link or 
connection, explicit or implicit, between discounts offered or 
solicited for that business and the hospital's referral of business 
billable by the seller directly to Medicare or another Federal health 
care program. For example, a hospital should not engage in ``swapping'' 
by accepting from a supplier an unreasonably low price on Part A 
services that the hospital pays for out of its own pocket in exchange 
for hospital referrals that are billable by the supplier directly to 
Part B (e.g., ambulance services). Suspect arrangements include below-
cost arrangements or arrangements at prices lower than the prices 
offered by the supplier to other customers with similar volumes of 
business, but without Federal health care program referrals.
    Hospitals may also receive discounts on items and services 
purchased through group purchasing organizations (GPOs). Discounts 
received from a vendor in connection with a GPO to which a hospital 
belongs should be properly disclosed and accurately reported on the 
hospital cost reports. Although there is a safe harbor for payments 
made by a vendor to a GPO as part of an agreement to furnish items or 
services to a group of individuals or entities (42 CFR 1001.952(j)), 
the safe harbor does not protect the discount received by the 
individual or entity.\58\
---------------------------------------------------------------------------

    \58\ To preclude improper shifting of discounts, the safe harbor 
excludes GPOs that wholly own their members or have members that are 
subsidiaries of the parent company that wholly owns the GPO. 
Hospitals with affiliated GPOs should be mindful of these 
limitations.
---------------------------------------------------------------------------

f. Medical Staff Credentialing
    Certain medical staff credentialing practices may implicate the 
anti-kickback statute.\59\ For example, conditioning privileges on a 
particular number of referrals or requiring the performance of a 
particular number of procedures, beyond volumes necessary to ensure 
clinical proficiency, potentially raise substantial risks under the 
statute. On the other hand, a credentialing policy that categorically 
refuses privileges to physicians with significant conflicts of interest 
would not appear to implicate the statute in most situations. Whether a 
particular credentialing policy runs afoul of the anti-kickback statute 
would depend on the specific facts and circumstances, including the 
intent of the parties. Hospitals are advised to examine their 
credentialing practices to ensure that they do not run afoul of the 
anti-kickback statute. The OIG has solicited comments about, and is 
considering, whether further guidance in this area is appropriate.\60\
---------------------------------------------------------------------------

    \59\ In addition to the anti-kickback statute, hospitals should 
make sure that their credentialing policies comply with all other 
applicable Federal and State laws and regulations, some of which may 
prohibit or limit economic credentialing.
    \60\ See our ``Solicitation of New Safe Harbors and Special 
Fraud Alerts'' (67 FR 72894; December 9, 2002), available on our Web 
page at http://oig.hhs.gov/authorities/docs/solicitationannsafeharbor.pdf.
---------------------------------------------------------------------------

g. Malpractice Insurance Subsidies
    The OIG historically has been concerned that a hospital's subsidy 
of malpractice insurance premiums for potential referral sources, 
including hospital medical staff, may be suspect under the anti-
kickback statute, because the payments may be used to influence 
referrals. The OIG has established a safe harbor for medical 
malpractice premium subsidies provided to obstetrical care 
practitioners in health professional shortage areas.\61\ Depending on 
the circumstances, premium support may also be structured to fit in 
other safe harbors.
---------------------------------------------------------------------------

    \61\ See 42 CFR 1001.952(o).
---------------------------------------------------------------------------

    We are aware of the current disruption (i.e., dramatic premium 
increases, insurers' withdrawals from certain markets, and/or sudden 
termination of coverage based upon factors other than the physicians' 
claims history) in the medical malpractice liability insurance markets 
in some geographic areas.\62\ Notwithstanding, hospitals should review 
malpractice insurance subsidy arrangements closely to ensure that there 
is no improper inducement to referral sources. Relevant factors 
include, without limitation:
---------------------------------------------------------------------------

    \62\ See the OIG's letter on a hospital corporaiton's medical 
malpractice insurance assistance program, available on our Web page 
at http://oig.hhs.gov/fraud/docs/alertsandbulletins/MalpracticeProgram.pdf
---------------------------------------------------------------------------

     Whether the subsidy is being provided on an interim basis 
(e.g., until an unrelated insurer is commercially available) for a 
reasonable fixed period in a geographic area experiencing severe access 
or affordability problems;
     Whether the subsidy is being offered only to current 
active medical staff (or physicians new to the locality or in practice 
less than a year, i.e., physicians with no or few established 
patients);
     Whether the criteria for receiving a subsidy is unrelated 
to the volume or value of referrals or other business generated by the 
subsidized physician or his practice;
     Whether physicians receiving subsidies are paying at least 
as much as they currently pay for malpractice insurance (i.e., are 
windfalls to physicians avoided);
     Whether physicians are required to perform services or 
relinquish rights, which have a value equal to the fair market value of 
the insurance assistance; and
     Whether the insurance is available regardless of the 
location at which the physician provides services, including, but not 
limited to, other hospitals.
    No one of these factors is determinative, and this list is 
illustrative, not exhaustive, of potential considerations in connection 
with the provision of malpractice insurance subsidies. Parties 
contemplating malpractice subsidy programs that do not fit into one of 
the safe harbors may want to consider obtaining an advisory opinion. 
Parties should also be mindful that these subsidy arrangements also 
implicate the Stark law.
C. Payments To Reduce or Limit Services: Gainsharing Arrangements
    The CMP set forth in section 1128A(b)(1) of the Act prohibits a 
hospital from knowingly making a payment directly or indirectly to a 
physician as an inducement to reduce or limit items or services 
furnished to Medicare or Medicaid beneficiaries under the physician's 
direct care.\63\ Hospitals that make (and physicians that receive) such 
payments are liable for CMPs of up to $2,000 per patient covered by the 
payments.\64\ The statutory proscription is very broad. The payment 
need not be tied to an actual diminution in care, so long as the 
hospital knows that the payment may influence the physician to reduce 
or limit services to his or her patients. There is no requirement that 
the prohibited payment be tied to a specific patient or to a reduction 
in medically necessary care. In short, any hospital incentive plan that 
encourages physicians through payments to reduce

[[Page 4870]]

or limit clinical services directly or indirectly violates the statute.
---------------------------------------------------------------------------

    \63\ The prohibition applies only to reductions or limitations 
of items or services provided to Medicare and Medicaid fee-for-
service beneficiaries. See section 1128A(b)(1)(A) of the Act. See 
also our August 19, 1999 letter regarding ``Social Security Act 
sections 1128A(b)(1) and (2) and hospital-physician incentive plans 
for Medicare or Medicaid beneficiaries enrolled in managed care 
plans,'' available on our Web page at http://oig.hhs.gov/fraud/docs/alertsandbulletins/gsletter.htm.
    \64\ See sections 1128A(b)(1)(B) and (b)(2) of the Act.
---------------------------------------------------------------------------

    We are aware that a number of hospitals are engaged in, or 
considering entering into, incentive arrangements commonly called 
``gainsharing.'' While there is no fixed definition of a 
``gainsharing'' arrangement, the term typically refers to an 
arrangement in which a hospital gives physicians a percentage share of 
any reduction in the hospital's costs for patient care attributable in 
part to the physicians' efforts. We recognize that, properly 
structured, gainsharing arrangements can serve legitimate business and 
medical purposes, such as increasing efficiency, reducing waste, and, 
thereby, potentially increasing a hospital's profitability. However, 
the plain language of section 1128A(b)(1) of the Act prohibits tying 
the physicians' compensation for services to reductions or limitations 
in items or services provided to patients under the physicians' 
clinical care.\65\
---------------------------------------------------------------------------

    \65\ A detailed discussion of gainsharing can be found in our 
July 1999 Special Advisory Bulletin titled ``Gainsharing 
Arrangements and CMPs for Hospital Payments to Physicians to Reduce 
or Limit Services to Beneficiaries,'' available on our Web page at 
http://oig.hhs.gov/fraud/docs/altersandbulletins/gainsh.htm.
---------------------------------------------------------------------------

    In addition to the CMP risks described above, gainsharing 
arrangements can also implicate the anti-kickback statute if the cost-
savings payments are used to influence referrals. For example, the 
statute is potentially implicated if a gainsharing arrangement is 
intended to influence physicians to ``cherry pick'' healthy patients 
for the hospital offering gainsharing payments and steer sicker (and 
more costly) patients to hospitals that do not offer gainsharing 
payments. Similarly, the statute may be implicated if a hospital offers 
a cost-sharing program with the intent to foster physician loyalty and 
attract more referrals. In addition, we have serious concerns about 
overly broad arrangements under which a physician continues for an 
extended time to reap the benefits of previously-achieved savings or 
receives cost-savings payments unrelated to anything done by the 
physician, whether work, services, or other undertaking (e.g., a change 
in the way the physician practices).
    Wherever possible, hospitals should consider structuring cost-
saving arrangements to fit in the personal services safe harbor. 
However, in many cases, protection under the personal services safe 
harbor is not available because gainsharing arrangements typically 
involve a percentage payment (i.e., the aggregate fee will not be set 
in advance, as required by the safe harbor). Finally, gainsharing 
arrangements may also implicate the Stark law.
D. Emergency Medical Treatment and Labor Act (EMTALA)
    Hospitals should review their obligations under EMTALA (section 
1867 of the Act) to evaluate and treat individuals who come to their 
emergency departments and, in some circumstances, other facilities. 
Hospitals should pay particular attention to when an individual must 
receive a medical screening exam to determine whether that individual 
is suffering from an emergency medical condition. When such a screening 
or treatment of an emergency medical condition is required, it cannot 
be delayed to inquire about an individual's method of payment or 
insurance status. If the hospital's emergency department (ED) is ``on 
diversion'' and an individual comes to the ED for evaluation or 
treatment of a medical condition, the hospital is required to provide 
such services despite its diversionary status.
    Generally, hospital emergency departments may not transfer an 
individual with an unstable emergency medical condition unless a 
physician certifies that the benefits outweigh the risks. In such 
circumstances, the hospital must provide stabilizing treatment to 
minimize the risks of transfer. Further, the hospital must ensure that 
the receiving facility has available space and qualified personnel to 
treat the individual and has agreed to accept transfer of that 
individual. Moreover, certain medical records must accompany the 
individual and a hospital that has specialized capabilities or 
facilities must accept an appropriate transfer of an individual who 
requires such specialized capabilities or facilities if the hospital 
has the capacity to treat the individual.
    A hospital must provide appropriate screening and treatment 
services within the full capabilities of its staff and facilities. This 
includes access to specialists who are on call. Thus, hospital policies 
and procedures should be clear on how to access the full services of 
the hospital, and all staff should understand the hospital's 
obligations to individuals under EMTALA. In particular, on-call 
physicians need to be educated as to their responsibilities under 
EMTALA, including the responsibility to accept appropriately 
transferred individuals from other facilities. In addition, all persons 
working in emergency departments should be periodically trained and 
reminded of the hospital's EMTALA obligations and hospital policies and 
procedures designed to ensure that such obligations are met.
    For further information about EMTALA, hospitals are directed to: 
(i) The EMTALA statute at section 1867 of the Act; (ii) the EMTALA 
statute's implementing regulations at 42 CFR part 489; (iii) our 1999 
Special Advisory Bulletin on the Patient Anti-Dumping Statute (64 FR 
61353; November 10, 1999), available on our Web page at http://oig.hhs.gov/fraud/docs/alertsandbulletins/frdump.pdf; and (iv) CMS's 
EMTALA resource Web page located at http://www.cms.gov/providers/emtala/emtala.asp.
E. Substandard Care
    The OIG has authority to exclude any individual or entity from 
participation in Federal health care programs if the individual or 
entity provides unnecessary items or services (i.e., items or services 
in excess of the needs of a patient) or substandard items or services 
(i.e., items or services of a quality which fails to meet 
professionally recognized standards of health care).\66\ Significantly, 
neither knowledge nor intent is required for exclusion under this 
provision. The exclusion can be based upon unnecessary or substandard 
items or services provided to any patient, even if that patient is not 
a Medicare or Medicaid beneficiary.
---------------------------------------------------------------------------

    \66\ See section 1128(b)(6)(B) of the Act, which is available 
through the Internet at http://www4.law.cornell.edu/uscode/42/1320a-7.html.
---------------------------------------------------------------------------

    We are mindful that the vast majority of hospitals are fully 
committed to providing quality care to their patients. To achieve their 
quality-related goals, hospitals should continually measure their 
performance against comprehensive standards. Medicare participating 
hospitals must meet all of the Medicare hospital conditions of 
participation (COPs), including without limitation, the COP pertaining 
to a quality assessment and performance improvement program at 42 CFR 
482.21 and the hospital COP pertaining to the medical staff at 42 CFR 
482.22. Compliance with the COPs is determined by State survey agencies 
or accreditation organizations, such as the Joint Commission on 
Accreditation of Healthcare Organizations or the American Osteopathic 
Association. In addition, hospitals should develop their own quality of 
care protocols and implement mechanisms for evaluating compliance with 
those protocols.
    In reviewing the quality of care provided, hospitals must not limit 
their review to the quality of their nursing and other ancillary 
services. Hospitals must monitor the quality of medical

[[Page 4871]]

services provided at the hospital by appropriately overseeing the 
credentialing and peer review of their medical staffs.
F. Relationships With Federal Health Care Beneficiaries
    Hospitals' relationships with Federal health care beneficiaries may 
also implicate the fraud and abuse laws. In particular, hospitals 
should be aware that section 1128A(a)(5) of the Act authorizes the OIG 
to impose CMPs on hospitals (and others) that offer or transfer 
remuneration to a Medicare or Medicaid beneficiary that the offeror 
knows or should know is likely to influence the beneficiary to order or 
receive items or services from a particular provider, practitioner, or 
supplier for which payment may be made under the Medicare or Medicaid 
programs. The definition of ``remuneration'' expressly includes the 
offer or transfer of items or services for free or other than fair 
market value, including the waiver of all or part of a Medicare or 
Medicaid cost-sharing amount.\67\ In other words, hospitals may not 
offer valuable items or services to Medicare or Medicaid beneficiaries 
to attract their business. In this regard, hospitals should familiarize 
themselves with the OIG's August 2002 Special Advisory Bulletin on 
Offering Gifts and Other Inducements to Beneficiaries.\68\
---------------------------------------------------------------------------

    \67\ See section 1128A(i)(6) of the Act.
    \68\ The Special Advisory Bulletin on Offering Gifts and Other 
Inducements to Beneficiaries (67 FR 55855; August 30, 2002) is 
available on our Web page at http://oig.hhs.gov/fraud/docs/alertsandbulletins/SABGiftsandInducements.pdf.
---------------------------------------------------------------------------

1. Gifts and Gratuities
    Hospitals should scrutinize any offers of gifts or gratuities to 
beneficiaries for compliance with the CMP provision prohibiting 
inducements to Medicare and Medicaid beneficiaries. The key inquiry 
under the CMP is whether the remuneration is something that the 
hospital knows or should know is likely to influence the beneficiary's 
selection of a particular provider, practitioner, or supplier for 
Medicare or Medicaid payable services. As interpreted by the OIG, 
section 1128A(a)(5) of the Act does not apply to the provision of items 
or services valued at less than $10 per item and $50 per patient in the 
aggregate on an annual basis.\69\ A special exception for incentives to 
promote the delivery of preventive care services is discussed below at 
section II.I.2.
---------------------------------------------------------------------------

    \69\ See id.
---------------------------------------------------------------------------

2. Cost-Sharing Waivers
    In general, hospitals are obligated to collect cost-sharing amounts 
owed by Federal health care program beneficiaries. Waiving owed amounts 
may constitute prohibited remuneration to beneficiaries under section 
1128A(a)(5) of the Act or the anti-kickback statute. Certain waivers of 
Part A inpatient cost-sharing amounts may be protected by structuring 
them to fit in the safe harbor for waivers of beneficiary inpatient 
coinsurance and deductible amounts at 42 CFR 1001.952(k). In 
particular, under the safe harbor, waived amounts may not be claimed as 
bad debt; the waivers must be offered uniformly across the board 
without regard to the reason for admission, length of stay, or DRG; and 
waivers may not be made as part of any agreement with a third party 
payer, unless the third party payer is a Medicare SELECT plan under 
section 1882(t)(1) of the Act.\70\
---------------------------------------------------------------------------

    \70\ The OIG has proposed a rule to extend this safe harbor to 
protect waivers of Part B cost-sharing amounts pursuant to 
agreements with Medicare SELECT plans. See 67 FR 60202 (September 
25, 2002), available on our Web page at http://oig.hhs.gov/fraud/docs/safeharborregulations/MedicareSELECTNPRMFederalRegister.pdf. 
However, the OIG is still considering comments on this rule, and it 
has not been finalized.
---------------------------------------------------------------------------

    In addition, hospitals (and others) may waive cost-sharing amounts 
on the basis of a beneficiary's financial need, so long as the waiver 
is not routine, not advertised, and made pursuant to a good faith, 
individualized assessment of the beneficiary's financial need or after 
reasonable collection efforts have failed.\71\ The OIG recognizes that 
what constitutes a good faith determination of ``financial need'' may 
vary depending on the individual patient's circumstances and that 
hospitals should have flexibility to take into account relevant 
variables. These factors may include, for example:
---------------------------------------------------------------------------

    \71\ See section 1128A(i)(6)(A) of the Act.
---------------------------------------------------------------------------

     The local cost of living;
     A patient's income, assets, and expenses;
     A patient's family size; and
     The scope and extent of a patient's medical bills.
    Hospitals should use a reasonable set of financial need guidelines 
that are based on objective criteria and appropriate for the applicable 
locality. The guidelines should be applied uniformly in all cases. 
While hospitals have flexibility in making the determination of 
financial need, we do not believe it is appropriate to apply inflated 
income guidelines that result in waivers for beneficiaries who are not 
in genuine financial need. Hospitals should consider that the financial 
status of a patient may change over time and should recheck a patient's 
eligibility at reasonable intervals sufficient to ensure that the 
patient remains in financial need. For example, a patient who obtains 
outpatient hospital services several times a week would not need to be 
rechecked every visit. Hospitals should take reasonable measures to 
document their determinations of Medicare beneficiaries' financial 
need. We are aware that in some situations patients may be reluctant or 
unable to provide documentation of their financial status. In those 
cases, hospitals may be able to use other reasonable methods for 
determining financial need, including, for example, documented patient 
interviews or questionnaires.
    In sum, hospitals should review their waiver policies to ensure 
that the policies and the manner in which they are implemented comply 
with all applicable laws. For more information about cost-sharing 
waivers, hospitals should review our February 2, 2004 paper on 
``Hospital Discounts Offered To Patients Who Cannot Afford To Pay Their 
Hospital Bills,'' containing a section titled ``Reductions or Waivers 
of Cost-Sharing Amounts for Medicare Beneficiaries Experiencing 
Financial Hardship'' and available on our Web page at http://oig.hhs.gov/fraud/docs/alertsandbulletins/2004/FA021904hospitaldiscounts.pdf.\72\
---------------------------------------------------------------------------

    \72\ See also the OIG's Special Fraud Alert on Routine Waiver of 
Copayments or Deductibles Under Medicare Part B, issued May 1991, 
republished in the Federal Register at 59 FR 65372, 65374 (December 
19, 1994), and available on our Web page at http://oig.hhs.gov/fraud/docs/alertsandbulletins/121994.html.
---------------------------------------------------------------------------

3. Free Transportation
    The plain language of the CMP prohibits offering free 
transportation to Medicare or Medicaid beneficiaries to influence their 
selection of a particular provider, practitioner, or supplier. 
Notwithstanding, hospitals can offer free local transportation of low 
value (i.e., within the $10 per item and $50 annual limits).\73\ Luxury 
and specialized transportation, such as limousines or ambulances, would 
exceed the low value threshold and are problematic, as are arrangements 
tied in any manner to the volume or value of referrals and arrangements 
tied to particularly lucrative treatments or medical conditions. 
However, we have indicated that we are considering developing a 
regulatory exception for some complimentary local transportation 
provided to beneficiaries residing in a

[[Page 4872]]

hospital's primary service area.\74\ Accordingly, until such time as we 
promulgate a final rule on complimentary local transportation under 
section 1128A(a)(5) of the Act or indicate our intention not to proceed 
with such rule, we have indicated that we will not impose 
administrative sanctions for violations of section 1128A(a)(5) of the 
Act in connection with hospital-based complimentary transportation 
programs that meet the following conditions:
---------------------------------------------------------------------------

    \73\ Our position on local transportation of nominal value is 
more fully set forth in the preamble to the final rule enacting 42 
CFR 1003.102(b)(13). See 65 FR 24400, 24411 (April 26, 2000).
    \74\ See supra note 68.
---------------------------------------------------------------------------

     The program was in existence prior to August 30, 2002, the 
date of publication of the Special Advisory Bulletin on Offering Gifts 
and Other Inducements to Beneficiaries.
     Transportation is offered uniformly and without charge or 
at reduced charge to all patients of the hospital or hospital-owned 
ambulatory surgical center (and may also be made available to their 
families).
     The transportation is only provided to and from the 
hospital or a hospital-owned ambulatory surgical center and is for the 
purpose of receiving hospital or ambulatory surgical center services 
(or, in the case of family members, accompanying or visiting hospital 
or ambulatory surgical center patients).
     The transportation is provided only within the hospital's 
or ambulatory surgical center's primary service area.
     The costs of the transportation are not claimed directly 
or indirectly by any Federal health care program cost report or claim 
and are not otherwise shifted to any Federal health care program.
     The transportation does not include ambulance 
transportation.
    Other arrangements are subject to a case-by-case review under the 
statute to ensure that no improper inducement exists.
G. HIPAA Privacy and Security Rules
    As of April 14, 2003, all hospitals that conduct electronic 
transactions for which standards have been adopted under the Health 
Insurance Portability and Accountability Act of 1996 (HIPAA) were 
required to comply with the Privacy Rule promulgated pursuant to HIPAA. 
Generally, the HIPAA Privacy Rule addresses the use and disclosure of 
individuals' identifiable health information (protected health 
information or PHI) by covered hospitals and other covered entities, as 
well as standards for individuals' privacy rights to understand and 
control how their health information is used. The Privacy Rule (45 CFR 
parts 160 and 164, subparts A and E) and other helpful information 
about how it applies, including frequently asked questions, can be 
found on the Web page of the Department's Office for Civil Rights (OCR) 
at http://www.hhs.gov/ocr/hipaa/ hipaa/. Questions about the privacy rule 
should be submitted to OCR. Hospitals can contact OCR by following the 
instructions on its Web page, http://www.hhs.gov/ocr/contact.html, or 
by calling the HIPAA toll-free number, (866) 627-7748.
    To ease the burden of complying with the new requirements, the 
Privacy Rule gives covered hospitals and other covered entities some 
flexibility to create their own privacy procedures. Each hospital 
should make sure that it is compliant with all applicable provisions of 
the Privacy Rule, including provisions pertaining to required 
disclosures (such as required disclosures to the Department when it is 
undertaking a Privacy Rule investigation or compliance review) in 
developing its privacy procedures that are tailored to fit its 
particular size and needs.
    The final HIPAA Security Rule (45 CFR parts 160 and 164, subparts A 
and C) was published in the Federal Register on February 20, 2003. It 
is available on CMS's Web page at http://www.cms.gov/hipaa/hipaa2. The 
Security Rule specifies a series of administrative, technical, and 
physical security safeguards for hospitals that are covered entities 
and other covered entities to use to assure, among other provisions, 
the confidentiality of electronic PHI. Hospitals that are covered 
entities must be compliant with the Security Rule by April 20, 2005. 
The Security Rule requirements are flexible and scalable, which allows 
each covered entity to tailor its approach to compliance based on its 
own unique circumstances. Covered entities can consider their 
organization and capabilities, as well as costs, in designing their 
security plans and procedures. Questions about the HIPAA Security Rule 
should be submitted to CMS. Hospitals can contact CMS by following the 
instructions on its Web page, http://www.cms.gov/hipaa/hipaa2/contact, 
or by calling the HIPAA toll-free number, (866) 627-7748.
H. Billing Medicare or Medicaid Substantially in Excess of Usual 
Charges
    Section 1128(b)(6)(A) of the Act provides for the permissive 
exclusion from Federal health care programs of any provider or supplier 
that submits a claim based on costs or charges to the Medicare or 
Medicaid programs that is ``substantially in excess'' of its usual 
charge or cost, unless the Secretary finds there is ``good cause'' for 
the higher charge or cost. The exclusion provision does not require a 
provider to charge everyone the same price; nor does it require a 
provider to offer Medicare or Medicaid its ``best price.'' However, 
providers cannot routinely charge Medicare or Medicaid substantially 
more than they usually charge others. Hospitals have raised concerns 
regarding the impact of the exclusion authority on hospital services, 
and the OIG is considering those concerns in the context of the 
rulemaking process.\75\ The OIG's policy regarding application of the 
exclusion authority to discounts offered to uninsured and underinsured 
patients is discussed below.
---------------------------------------------------------------------------

    \75\ See Notice of Proposed Rulemaking regarding ``Clarification 
of Terms and Application of Program Exclusion Authority for 
Submitting Claims Containing Excessive Charges'' (68 FR 53939; 
September 15, 2003), available on our Web page at http://oig.hhs.gov/authorities/docs/FRSIENPRM.pdf.
---------------------------------------------------------------------------

I. Areas of General Interest
    Although in most cases the following areas do not pose significant 
fraud and abuse risk, the OIG has received numerous inquiries from 
hospitals and others on these topics. Therefore, we offer the following 
guidance to assist hospitals in their review of these arrangements.
1. Discounts to Uninsured Patients
    No OIG authority, including the Federal anti-kickback statute, 
prohibits or restricts hospitals from offering discounts to uninsured 
patients who are unable to pay their hospital bills.\76\ In addition, 
the OIG has never excluded or attempted to exclude any provider or 
supplier for offering discounts to uninsured or underinsured patients 
under the permissive exclusion authority at section 1128(b)(6)(A) of 
the Act. However, to provide additional assurance to the industry, the 
OIG recently proposed regulations that would define key terms in the 
statute.\77\ Among other things, the proposed regulations would make 
clear that free or substantially reduced charges to

[[Page 4873]]

uninsured persons would not affect the calculation of a provider's or 
supplier's ``usual'' charges, as the term ``usual charges'' is used in 
the exclusion provision. The OIG is currently reviewing the public 
comments to the proposed regulations. Until such time as a final 
regulation is promulgated or the OIG indicates its intention not to 
promulgate a final rule, it will continue to be the OIG's enforcement 
policy that when calculating their ``usual charges'' for purposes of 
section 1128(b)(6)(A) of the Act, individuals and entities do not need 
to consider free or substantially reduced charges to (i) uninsured 
patients or (ii) underinsured patients who are self-paying patients for 
the items or services furnished. In offering such discounts, a hospital 
should report full uniform charges, rather than the discounted amounts, 
on its Medicare cost report and make the FI aware that it has reported 
its full charges.\78\
---------------------------------------------------------------------------

    \76\ Discounts offered to underinsured patients potentially 
raise a more significant concern under the anti-kickback statute, 
and hospitals should exercise care to ensure that such discounts are 
not tied directly or indirectly to the furnishing of items or 
services payable by a Federal health care program. For more 
information, see our February 2, 2004 paper on ``Hospital Discounts 
Offered To Patients Who Cannot Afford To Pay Their Hospital Bills,'' 
available on our Web page at http://oig.hhs.gov/fraud/docs/alertsandbulletins/2004/FA021904hospitaldiscounts.pdf, and CMS's 
paper titled ``Questions On Charges For The Uninsured,'' dated 
February 17, 2004, and available on CMS's Web page at http://www.cms.gov/FAQ_Uninsured.pdf.
    \77\ See 68 FR 53939 (September 15, 2003), available on our Web 
page at http://oig.hhs.gov/authorities/docs/FRSIENPRM.pdf.
    \78\ For more information, see CMS's paper titled ``Questions On 
Charges For The Uninsured,'' dated February 17, 2004, and available 
on CMS's Web page at http://www.cms.gov/FAQ_Uninsured.pdf.
---------------------------------------------------------------------------

    Under CMS rules, Medicare generally reimburses a hospital for a 
percentage of its ``bad debt'' (i.e., uncollectible Medicare deductible 
or coinsurance amounts), but only if the hospital bills the Medicare 
patient for unpaid amounts first, and engages in reasonable, good faith 
collection efforts that are consistent with the degree of effort 
applied to collecting similar debts from non-Medicare patients.\79\ 
However, as explained in CMS's paper titled ``Questions On Charges For 
The Uninsured,'' a hospital can forgo collection efforts aimed at a 
Medicare patient, if the hospital, using its customary methods, 
documents that the patient is indigent or medically indigent \80\ and 
that no source other than the patient is legally responsible for the 
unpaid deductibles and coinsurance.
---------------------------------------------------------------------------

    \79\ See 42 CFR 413.89 and Medicare's Provider Reimbursement 
Manual, Part I, Chapter 3, Section 310, available on CMS's Web page 
at http://www.cms.hhs.gov/manuals/pub151/PUB_15_1.asp; see also 
Provider Reimbursement Manual, Part II, chapter 11, section 
1102.3.L, available on CMS's Web page at http://www.cms.gov/manuals/pub152/PUB_15_2.asp.
    \80\ See ``Questions On Charges For The Uninsured,'' dated 
February 17, 2004 and available on CMS's Web page at http://www.cms.gov/FAQ_Uninsured.pdf. In the paper, CMS further explains 
that hospitals may, but are not required to, determine a patient's 
indigency using a sliding scale. In this type of arrangement, the 
provider would agree to deem the patient indigent with respect to a 
portion of the patient's account (e.g., a flat percentage of the 
debt based on the patient's income, assets, or the size of the 
patient's liability relative to income). In the case of a Medicare 
patient who is determined to be indigent using this method, the 
amount the hospital decides, pursuant to its policy, not to collect 
from the patient can be claimed by the provider as Medicare bad 
debt. The hospital must, however, engage in a reasonable collection 
effort to collect the remaining balance before claiming such balance 
as reimbursable bad debt. Id.
---------------------------------------------------------------------------

    CMS Medicare bad debt reimbursement guidelines provide that a 
hospital should apply its customary indigency criteria to Medicare 
patients; however, the hospital must document such determination for 
such patients. To claim Medicare bad debt reimbursement, the hospital 
must follow the guidance laid out in sections 310, 312, and 322 of the 
Provider Reimbursement Manual.\81\ A hospital should examine a 
patient's total resources, which could include, but are not limited to, 
an analysis of assets, liabilities, income, expenses, and any 
extenuating circumstances that would affect the determination. The 
hospital should document the method by which it determined the 
indigency and include all backup information used to substantiate the 
determination. If, instead of making such a determination, a hospital 
attempts to collect the outstanding amounts from the Medicare 
beneficiary, such efforts must be documented in the patient's file with 
copies of the bill(s), follow-up letters, and reports of telephone and 
personal contacts. In the case of a dually-eligible patient (i.e., a 
patient entitled to both Medicare and Medicaid), the hospital should 
document the bad debt claim by including a denial of payment from the 
State.
---------------------------------------------------------------------------

    \81\ See Medicare's Provider Reimbursement Manual, Part I, 
chapter 3, available on CMS's Web page at http://www.cms.hhs.gov/manuals/pub151/PUB_15_1.asp.
---------------------------------------------------------------------------

2. Preventive Care Services
    Hospitals frequently participate in community-based efforts to 
deliver preventive care services. The Medicare and Medicaid programs 
encourage patients to access preventive care services. The prohibition 
against beneficiary inducements at section 1128A(a)(5) of the Act does 
not apply to incentives offered to promote the delivery of certain 
preventive care services, if the programs are structured in accordance 
with the regulatory requirements at 42 CFR 1003.101. Generally, to fit 
within the preventive care exception, a service must be a prenatal 
service or post-natal well-baby visit or a specific clinical service 
described in the current U.S. Preventive Services Task Force's Guide to 
Clinical Preventive Services \82\ that is reimbursed by Medicare or 
Medicaid. Obtaining the service may not be tied directly or indirectly 
to the provision of other Medicare or Medicaid services. In addition, 
the incentives may not be in the form of cash or cash equivalents and 
may not be disproportionate to the value of the preventive care 
provided. From an anti-kickback perspective, the chief concern is 
whether an arrangement to induce patients to obtain preventive care 
services is intended to induce other business payable by a Federal 
health care program. Relevant factors in making this evaluation would 
include, but not be limited to: the nature and scope of the preventive 
care services; whether the preventive care services are tied directly 
or indirectly to the provision of other items or services and, if so, 
the nature and scope of the other services; the basis on which patients 
are selected to receive the free or discounted services; and whether 
the patient is able to afford the services.
---------------------------------------------------------------------------

    \82\ Available on the Internet at http://www.ahrq.gov/clinic/cps3dix.htm.
---------------------------------------------------------------------------

3. Professional Courtesy
    Although historically ``professional courtesy'' referred to the 
practice of physicians waiving the entire professional fee for other 
physicians, the term is variously used in the industry now to describe 
a range of practices involving free or discounted services (including 
``insurance only'' billing) furnished to physicians and their families 
and staff. Some hospitals have used the term ``professional courtesy'' 
to describe various programs that offer free or discounted hospital 
services to medical staff, employees, community physicians, and their 
families and staff. Although many professional courtesy programs are 
unlikely to pose a significant risk of abuse (and many may be 
legitimate employee benefits programs eligible for the employee safe 
harbor), some hospital-sponsored ``professional courtesy'' programs may 
implicate the fraud and abuse statutes.
    In general, whether a professional courtesy program runs afoul of 
the anti-kickback statute turns on whether the recipients of the 
professional courtesy are selected in a manner that takes into account, 
directly or indirectly, any recipient's ability to refer to, or 
otherwise generate business for, the hospital. Also relevant is whether 
the physicians have solicited the professional courtesy in return for 
referrals. With respect to the Stark law, the key inquiry is whether 
the arrangement fits in the exception for professional courtesy at 42 
CFR 411.357(s). Finally, hospitals should evaluate the method by which 
the courtesy is granted. For example, ``insurance only'' billing 
offered to a Federal program beneficiary potentially implicates the 
anti-kickback statute, the False Claims Act, and the CMP

[[Page 4874]]

provision prohibiting inducements to Medicare and Medicaid 
beneficiaries (discussed in section II.F above). Notably, the Stark law 
exception for professional courtesy requires that insurers be notified 
if ``professional courtesy'' includes ``insurance only'' billing.

III. Hospital Compliance Program Effectiveness

    Hospitals with an organizational culture that values compliance are 
more likely to have effective compliance programs and, thus, are better 
able to prevent, detect, and correct problems. Building and sustaining 
a successful compliance program rarely follows the same formula from 
organization to organization. However, such programs generally include: 
The commitment of the hospital's governance and management at the 
highest levels; structures and processes that create effective internal 
controls; and regular self-assessment and enhancement of the existing 
compliance program. The 1998 CPG provided guidance for hospitals on 
establishing sound internal controls.\83\ This section discusses the 
important roles of corporate leadership and self-assessment of 
compliance programs.
---------------------------------------------------------------------------

    \83\ Among other things, the 1998 hospital CPG includes a 
detailed discussion of the structure and processes that make up the 
recommended seven elements of a compliance program. The seven basic 
elements of a compliance program are: Designation of a compliance 
officer and compliance committee; development of compliance policies 
and procedures, including standards of conduct; development of open 
lines of communication; appropriate training and education; response 
to detected offenses; internal monitoring and auditing; and 
enforcement of disciplinary standards.
---------------------------------------------------------------------------

A. Code of Conduct
    Every effective compliance program necessarily begins with a formal 
commitment to compliance by the hospital's governing body and senior 
management. Evidence of that commitment should include active 
involvement of the organizational leadership, allocation of adequate 
resources, a reasonable timetable for implementation of the compliance 
measures, and the identification of a compliance officer and compliance 
committee vested with sufficient autonomy, authority, and 
accountability to implement and enforce appropriate compliance 
measures. A hospital's leadership should foster an organizational 
culture that values, and even rewards, the prevention, detection, and 
resolution of problems. Moreover, hospitals' leadership and management 
should ensure that policies and procedures, including, for example, 
compensation structures, do not create undue pressure to pursue profit 
over compliance. In short, the hospital should endeavor to develop a 
culture that values compliance from the top down and fosters compliance 
from the bottom up. Such an organizational culture is the foundation of 
an effective compliance program.
    Although a clear statement of detailed and substantive policies and 
procedures--and the periodic evaluation of their effectiveness--is at 
the core of a compliance program, the OIG recommends that hospitals 
also develop a general organizational statement of ethical and 
compliance principles that will guide the entity's operations. One 
common expression of this statement of principles is a code of conduct. 
The code should function in the same fashion as a constitution, i.e., 
as a document that details the fundamental principles, values, and 
framework for action within an organization. The code of conduct for a 
hospital should articulate a commitment to compliance by management, 
employees, and contractors, and should summarize the broad ethical and 
legal principles under which the hospital must operate. The Code of 
Conduct should also include a requirement that professionals follow the 
ethical standards dictated by their respective professional 
organizations. Unlike the more detailed policies and procedures, the 
code of conduct should be brief, easily readable, and cover general 
principles applicable to all members of the organization.
    As appropriate, the OIG strongly encourages the participation and 
involvement of the hospital's board of directors, officers (including 
the chief executive officer (CEO)), members of senior management, 
representatives from the medical and clinical staffs, and other 
personnel from various levels of the organizational structure in the 
development of all aspects of the compliance program, especially the 
code of conduct. Management and employee involvement in this process 
communicates a strong and explicit commitment by management to foster 
compliance with applicable Federal health care program requirements. It 
also communicates the need for all directors, officers, managers, 
employees, contractors, and medical and clinical staff members to 
comply with the organization's code of conduct and policies and 
procedures.
B. Regular Review of Compliance Program Effectiveness
    Hospitals should regularly review the implementation and execution 
of their compliance program elements. This review should be conducted 
at least annually and should include an assessment of each of the basic 
elements individually, as well as the overall success of the program. 
This review should help the hospital identify any weaknesses in its 
compliance program and implement appropriate changes.
    A common method of assessing compliance program effectiveness is 
measurement of various outcomes indicators (e.g., billing and coding 
error rates, identified overpayments, and audit results). However, we 
have observed that exclusive reliance on these indicators may cause an 
organization to miss crucial underlying weaknesses. We recommend that 
hospitals examine program outcomes and assess the underlying structure 
and process of each compliance program element. We have identified a 
number of factors that may be useful when evaluating the effectiveness 
of basic compliance program elements. Hospitals should consider these 
factors, as well as others, when developing a strategy for assessing 
their compliance programs. While no one factor is determinative of 
program effectiveness, the following factors are often observed in 
effective compliance programs.
1. Designation of a Compliance Officer and Compliance Committee
    The compliance department is the backbone of the hospital's 
compliance program. The compliance department should be led by a well-
qualified compliance officer, who is a member of senior management, and 
should be supported by a compliance committee. The purpose of the 
compliance department is to implement the hospital's compliance program 
and to ensure that the hospital complies with all applicable Federal 
health care program requirements. To ensure that the compliance 
department is meeting this objective, each hospital should conduct an 
annual review of its compliance department. Some factors that the 
organization may wish to consider in its evaluation include the 
following:
     Does the compliance department have a clear, well-crafted 
mission?
     Is the compliance department properly organized?
     Does the compliance department have sufficient resources 
(staff and budget), training, authority, and autonomy to carry out its 
mission?
     Is the relationship between the compliance function and 
the general counsel function appropriate to achieve the purpose of 
each?
     Is there an active compliance committee, comprised of 
trained

[[Page 4875]]

representatives of each of the relevant functional departments, as well 
as senior management?
     Are ad hoc groups or task forces assigned to carry out any 
special missions, such as conducting an investigation or evaluating a 
proposed enhancement to the compliance program?
     Does the compliance officer have direct access to the 
governing body, the president or CEO, all senior management, and legal 
counsel?
     Does the compliance officer have independent authority to 
retain outside legal counsel?
     Does the compliance officer have a good working 
relationship with other key operational areas, such as internal audit, 
coding, billing, and clinical departments?
     Does the compliance officer make regular reports to the 
board of directors and other hospital management concerning different 
aspects of the hospital's compliance program?
2. Development of Compliance Policies and Procedures, Including 
Standards of Conduct
    The purpose of compliance policies and procedures is to establish 
bright-line rules that help employees carry out their job functions in 
a manner that ensures compliance with Federal health care program 
requirements and furthers the mission and objective of the hospital 
itself. Typically, policies and procedures are written to address 
identified risk areas for the organization. As hospitals conduct a 
review of their written policies and procedures, some of the following 
factors may be considered:
     Are policies and procedures clearly written, relevant to 
day-to-day responsibilities, readily available to those who need them, 
and re-evaluated on a regular basis?
     Does the hospital monitor staff compliance with internal 
policies and procedures?
     Have the standards of conduct been distributed to all 
directors, officers, managers, employees, contractors, and medical and 
clinical staff members?
     Has the hospital developed a risk assessment tool, which 
is re-evaluated on a regular basis, to assess and identify weaknesses 
and risks in operations?
     Does the risk assessment tool include an evaluation of 
Federal health care program requirements, as well as other 
publications, such as the OIG's CPGs, work plans, special advisory 
bulletins, and special fraud alerts?
3. Developing Open Lines of Communication
    Open communication is essential to maintaining an effective 
compliance program. The purpose of developing open communication is to 
increase the hospital's ability to identify and respond to compliance 
problems. Generally, open communication is a product of organizational 
culture and internal mechanisms for reporting instances of potential 
fraud and abuse. When assessing a hospital's ability to communicate 
potential compliance issues effectively, a hospital may wish to 
consider the following factors:
     Has the hospital fostered an organizational culture that 
encourages open communication, without fear of retaliation?
     Has the hospital established an anonymous hotline or other 
similar mechanism so that staff, contractors, patients, visitors, and 
medical and clinical staff members can report potential compliance 
issues?
     How well is the hotline publicized; how many and what 
types of calls are received; are calls logged and tracked (to establish 
possible patterns); and is the caller informed of the hospital's 
actions?
     Are all instances of potential fraud and abuse 
investigated?
     Are the results of internal investigations shared with the 
hospital governing body and relevant departments on a regular basis?
     Is the governing body actively engaged in pursuing 
appropriate remedies to institutional or recurring problems?
     Does the hospital utilize alternative communication 
methods, such as a periodic newsletter or compliance intranet website?
4. Appropriate Training and Education
    Hospitals that fail to train and educate their staff adequately 
risk liability for the violation of health care fraud and abuse laws. 
The purpose of conducting a training and education program is to ensure 
that each employee, contractor, or any other individual that functions 
on behalf of the hospital is fully capable of executing his or her role 
in compliance with rules, regulations, and other standards. In 
reviewing their training and education programs, hospitals may consider 
the following factors:
     Does the hospital provide qualified trainers to conduct 
annual compliance training for its staff, including both general and 
specific training pertinent to the staff's responsibilities?
     Has the hospital evaluated the content of its training and 
education program on an annual basis and determined that the subject 
content is appropriate and sufficient to cover the range of issues 
confronting its employees?
     Has the hospital kept up-to-date with any changes in 
Federal health care program requirements and adapted its education and 
training program accordingly?
     Has the hospital formulated the content of its education 
and training program to consider results from its audits and 
investigations; results from previous training and education programs; 
trends in hotline reports; and OIG, CMS, or other agency guidance or 
advisories?
     Has the hospital evaluated the appropriateness of its 
training format by reviewing the length of the training sessions; 
whether training is delivered via live instructors or via computer-
based training programs; the frequency of training sessions; and the 
need for general and specific training sessions?
     Does the hospital seek feedback after each session to 
identify shortcomings in the training program, and does it administer 
post-training testing to ensure attendees understand and retain the 
subject matter delivered?
     Has the hospital's governing body been provided with 
appropriate training on fraud and abuse laws?
     Has the hospital documented who has completed the required 
training?
     Has the hospital assessed whether to impose sanctions for 
failing to attend training or to offer appropriate incentives for 
attending training?
5. Internal Monitoring and Auditing
    Effective auditing and monitoring plans will help hospitals avoid 
the submission of incorrect claims to Federal health care program 
payors. Hospitals should develop detailed annual audit plans designed 
to minimize the risks associated with improper claims and billing 
practices. Some factors hospitals may wish to consider include the 
following:
     Is the audit plan re-evaluated annually, and does it 
address the proper areas of concern, considering, for example, findings 
from previous years' audits, risk areas identified as part of the 
annual risk assessment, and high volume services?
     Does the audit plan include an assessment of billing 
systems, in addition to claims accuracy, in an effort to identify the 
root cause of billing errors?
     Is the role of the auditors clearly established and are 
coding and audit personnel independent and qualified, with the 
requisite certifications?

[[Page 4876]]

     Is the audit department available to conduct unscheduled 
reviews and does a mechanism exist that allows the compliance 
department to request additional audits or monitoring should the need 
arise?
     Has the hospital evaluated the error rates identified in 
the annual audits?
     If the error rates are not decreasing, has the hospital 
conducted a further investigation into other aspects of the hospital 
compliance program in an effort to determine hidden weaknesses and 
deficiencies?
     Does the audit include a review of all billing 
documentation, including clinical documentation, in support of the 
claim?
6. Response to Detected Deficiencies
    By consistently responding to detected deficiencies, hospitals can 
develop effective corrective action plans and prevent further losses to 
Federal health care programs. Some factors a hospital may wish to 
consider when evaluating the manner in which it responds to detected 
deficiencies include the following:
     Has the hospital created a response team, consisting of 
representatives from the compliance, audit, and any other relevant 
functional areas, which may be able to evaluate any detected 
deficiencies quickly?
     Are all matters thoroughly and promptly investigated?
     Are corrective action plans developed that take into 
account the root causes of each potential violation?
     Are periodic reviews of problem areas conducted to verify 
that the corrective action that was implemented successfully eliminated 
existing deficiencies?
     When a detected deficiency results in an identified 
overpayment to the hospital, are overpayments promptly reported and 
repaid to the FI?
     If a matter results in a probable violation of law, does 
the hospital promptly disclose the matter to the appropriate law 
enforcement agency? \84\
---------------------------------------------------------------------------

    \84\ For more information on when to self-report, see section 
IV, below.
---------------------------------------------------------------------------

7. Enforcement of Disciplinary Standards
    By enforcing disciplinary standards, hospitals help create an 
organizational culture that emphasizes ethical behavior. Hospitals may 
consider the following factors when assessing the effectiveness of 
internal disciplinary efforts:
     Are disciplinary standards well-publicized and readily 
available to all hospital personnel?
     Are disciplinary standards enforced consistently across 
the organization?
     Is each instance involving the enforcement of disciplinary 
standards thoroughly documented?
     Are employees, contractors and medical and clinical staff 
members checked routinely (e.g., at least annually) against government 
sanctions lists, including the OIG's List of Excluded Individuals/
Entities (LEIE) \85\ and the General Services Administration's Excluded 
Parties Listing System.
---------------------------------------------------------------------------

    \85\ See http://oig.hhs.gov/fraud/exclusions.html. The OIG also 
makes available Monthly Supplements for Standard LEIE, which can be 
compared to existing hospital personnel lists.
---------------------------------------------------------------------------

    In sum, while no single factor is conclusive of an effective 
compliance program, the preceding seven areas form a useful starting 
point for developing and maintaining an effective compliance program.

IV. Self-Reporting

    Where the compliance officer, compliance committee, or a member of 
senior management discovers credible evidence of misconduct from any 
source and, after a reasonable inquiry, believes that the misconduct 
may violate criminal, civil, or administrative law, the hospital should 
promptly report the existence of misconduct to the appropriate Federal 
and State authorities \86\ within a reasonable period, but not more 
than 60 days,\87\ after determining that there is credible evidence of 
a violation.\88\ Prompt voluntary reporting will demonstrate the 
hospital's good faith and willingness to work with governmental 
authorities to correct and remedy the problem. In addition, reporting 
such conduct will be considered a mitigating factor by the OIG in 
determining administrative sanctions (e.g., penalties, assessments, and 
exclusion), if the reporting hospital becomes the subject of an OIG 
investigation.\89\ To encourage providers to make voluntary 
disclosures, the OIG published the Provider Self-Disclosure 
Protocol.\90\
---------------------------------------------------------------------------

    \86\ Appropriate Federal and State authorities include the OIG, 
CMS, the Criminal and Civil Divisions of the Department of Justice, 
the U.S. Attorney in relevant districts, the Food and Drug 
Administration, the Department's Office for Civil Rights, the 
Federal Trade Commission, the Drug Enforcement Administration, the 
Federal Bureau of Investigation, and the other investigative arms 
for the agencies administering the affected Federal or State health 
care programs, such as the State Medicaid Fraud Control Unit, the 
Defense Criminal Investigative Service, the Department of Veterans 
Affairs, the Health Resources and Services Administration, and the 
Office of Personnel Management (which administers the Federal 
Employee Health Benefits Program).
    \87\ In contrast, to qualify for the ``not less than double 
damages'' provision of the False Claims Act, the provider must 
provide the report to the government within 30 days after the date 
when the provider first obtained the information. See 31 U.S.C. 
3729(a).
    \88\ Some violations may be so serious that they warrant 
immediate notification to governmental authorities prior to, or 
simultaneous with, commencing an internal investigation. By way of 
example, the OIG believes a provider should immediately report 
misconduct that: (i) Is a clear violation of administrative, civil, 
or criminal laws; (ii) has a significant adverse effect on the 
quality of care provided to Federal health care program 
beneficiaries; or (iii) indicates evidence of a systemic failure to 
comply with applicable laws or an existing corporate integrity 
agreement, regardless of the financial impact on Federal health care 
programs.
    \89\ The OIG has published criteria setting forth those factors 
that the OIG takes into consideration in determining whether it is 
appropriate to exclude an individual or entity from program 
participation pursuant to 42 U.S.C. 1320a-7(b)(7) for violations of 
various fraud and abuse laws. See 62 FR 67392 (December 24, 1997).
    \90\ See 63 FR 58399 (October 30, 1998), available on our Web 
page at http://oig.hhs.gov/authorities/docs/selfdisclosure.pdf.
---------------------------------------------------------------------------

    When reporting to the government, a hospital should provide all 
information relevant to the alleged violation of applicable Federal or 
State law(s)and the potential financial or other impact of the alleged 
violation. The compliance officer, under advice of counsel and with 
guidance from the governmental authorities, could be requested to 
continue to investigate the reported violation. Once the investigation 
is completed, and especially if the investigation ultimately reveals 
that criminal, civil, or administrative violations have occurred, the 
compliance officer should notify the appropriate governmental authority 
of the outcome of the investigation, including a description of the 
impact of the alleged violation on the applicable Federal health care 
programs or their beneficiaries.

V. Conclusion

    In today's environment of increased scrutiny of corporate conduct 
and increasingly large expenditures for health care, it is imperative 
for hospitals to establish and maintain effective compliance programs. 
These programs should foster a culture of compliance that begins at the 
highest levels and extends throughout the organization. This 
supplemental CPG is intended as a resource for hospitals to help them 
operate effective compliance programs that decrease errors, fraud, and 
abuse and increase compliance with Federal health care program 
requirements for the benefit of the hospitals and public alike.

[FR Doc. 05-1620 Filed 1-27-05; 8:45 am]
BILLING CODE 4150-01-P