1. INTRODUCTION

On June 22, 1999, the Office of Inspector General ("OIG") of the Department of Health and Human Services released its final "Compliance Program Guidance for the Durable Medical Equipment, Prosthetics, Orthotics and Supply Industry." (fn1) As in the draft guidance released in January 1999, (fn2) the final guidance reflects the specific elements that the OIG believes each supplier should consider when developing and implementing an effective compliance program. The text of the guidance is available on the OIG internet page, http://www.dhhs.gov/progorg/oig/new.html, or you can obtain it from our office.

The final guidance is very similar to the January 1999 draft guidance, which we discussed in detail in a February 19, 1999 Reed Smith Client Memorandum. (fn3) Like the draft version, the final compliance plan guidance is extremely detailed and prescriptive. The OIG does appear to have responded to some extent to industry concerns, however, by placing greater emphasis on the needs of small suppliers. The OIG also has clarified a number of instances in which it had misstated or overstated actual Medicare program requirements.

Because of the similarities between the draft and final versions of the compliance program guidance, and our comprehensive treatment of the draft guidance in our February 1999 Client Memorandum, this Memorandum only discusses significant changes between the two versions of the document. Please feel free to contact us, however, if you would like additional information about any aspect of the final compliance program guidance.

2. OVERVIEW OF FINAL GUIDANCE

As in the draft version, the final compliance program guidance identifies seven elements that the OIG characterizes as fundamental to any effective compliance program:

• The development and distribution of written standards of conduct, as well as written policies and procedures that promote the supplier’s commitment to compliance and address specific areas of potential fraud;
• The designation of a compliance officer and other appropriate bodies charged with the responsibility for operating and monitoring the compliance program, and who report directly to the chief executive officer and the governing body;
• The development and implementation of regular, effective education and training for all affected employees;
• The development of effective lines of communication between the compliance officer and all employees, including a process, such as a hotline or other reporting system, to receive complaints, and the adoption of procedures to protect the anonymity of complainants and to protect callers from retaliation;
• The use of audits and/or other risk evaluation techniques to monitor compliance, identify problem areas, and assist in the reduction of identified problem areas;
• The development of appropriate disciplinary mechanisms to enforce standards and the development of policies addressing (i) employees who have violated internal compliance policies, applicable statutes, regulations, or federal, state, or private payor health care program requirements and (ii) the employment of sanctioned and other specified individuals; and
• The development of policies to respond to detected offenses and to initiate corrective action to prevent similar offenses.

In addition to the seven basic elements, the compliance program guidance addresses 47 compliance risk areas specific to suppliers of durable medical equipment, prosthetics, orthotics and supplies ("DMEPOS") that are of particular concern to the OIG. Such risk areas include: billing for items or services not provided, billing for excessive amounts of supplies, falsifying documents in order to receive improper payment, continuing to bill for rental items after they are no longer medically necessary, and paying kickbacks for referrals.

1. MAJOR DIFFERENCES BETWEEN THE DRAFT AND FINAL VERSIONS
1. Requirements For Small Businesses

As in the draft guidance, the final version states the OIG’s belief "that every DMEPOS supplier can and should strive to accomplish the objectives and principles underlying all of the compliance policies and procedures recommended within this guidance." Throughout the document, however, the OIG has added suggestions for ways small employers could address the various requirements. (fn4)

For instance, in the section on standards of conduct, the OIG now "recognizes that small DMEPOS suppliers may not have formal written standards of conduct." Unwritten standards of conduct, however, "should be relayed to each employee," and "[e]mployees should attest, in writing, that they understand and will abide by these standards." Likewise, with regard to compliance being an element of a performance evaluation, the OIG now suggests that if a small supplier does not have a formal performance evaluation structure, the supplier should "informally convey the employee’s compliance responsibilities and the importance of these responsibilities."

On the other hand, in clarifying its expectations regarding small businesses, the OIG has added language throughout the "Responding to Detected Offenses" section confirming that all DMEPOS suppliers, regardless of size, should ensure that they are: responsive to allegations of potential misconduct; reporting results of any overpayments or violations to the appropriate entity; and taking corrective action to remedy identified deficiencies.

Other changes pertaining to small businesses are discussed below.

2. Written Policies For Risk Areas

As noted above, the final compliance program guidance identifies 47 compliance risk areas specific to suppliers for which written policies and procedures should be developed. The draft guidance included 48 risk areas; the final version does not include "situations where conflict of interest may result due to referrals by physicians that own or have compensation arrangements with DMEPOS supply companies" (although "billing for items or services furnished pursuant to a prohibited referral under the Stark physician self-referral law" remains a risk factor).

In addition, the OIG has added language to this section suggesting that small suppliers create a manual containing specific statutes, regulations, and Durable Medical Equipment Regional Carrier ("DMERC") instructions and bulletins that address the supplier’s risk areas. The manual should be accessible to all employees.

Furthermore, as discussed in our February 1999 Client Memorandum, in a number of cases the OIG’s suggested policies in the draft compliance program guidance did not necessarily reflect actual supplier obligations under current statutes, regulations, and manual requirements. The final compliance program guidance corrects several of these provisions. For instance, in the draft version, the OIG identified as a risk area, "[u]sing a billing agent whose compensation is based on the dollar amounts billed or based on the actual collection of payment; since DMEPOS supplier billing agents may only receive payment based on a fixed fee." The OIG now has clarified this to read "using a billing agent whose compensation arrangement violates the reassignment rule," since the fixed fee restriction applies only to billing arrangements under which reimbursement is made directly to the billing agent.

The OIG also has modified its description of many of the risk factors. Among other things, the OIG now includes in the description of "billing for items or services not provided" situations in which a supplier does not fulfill a contractual agreement, such as when the supplier agrees to service rental equipment and then does not fulfill this obligation. The OIG also has expanded on its concerns regarding "supply closet arrangements," in which a physician allows a supplier to stock inventory in a physician’s office. The OIG now notes that these arrangements could raise anti-kickback and self-referral issues, "particularly when the DMEPOS supplier pays the physician an amount above fair market value to rent the space."

In a number of cases, the OIG has altered its recommendations to reflect its understanding that suppliers cannot make medical necessity determinations. There are steps the OIG expects suppliers to take, however, to minimize the risk of abuse in these cases. For instance, in the footnote on "continuing to bill for rental items after they are no longer medically necessary," the OIG acknowledges that "suppliers cannot make medical necessity determinations and may not be aware that a rental item is no longer medically necessary for a particular patient." The OIG therefore recommends that suppliers "periodically contact the treating physician or other authorized person to ensure the rental item continues to be medically necessary. . . . If the DMEPOS supplier bills for a rental item after it is no longer medically necessary, the DMEPOS supplier is financially responsible for that item and must remit any overpayments for that item." Likewise, if a supplier provides and/or bills for substantially excessive amounts of items or supplies, the supplier is financially responsible for remitting any related overpayments, the OIG points out. The guidance therefore "recommends that if a DMEPOS supplier is providing and billing for a large number of items or supplies for the same patient, it may periodically want to contact the treating physician or other authorized person to confirm the medical necessity of the items or supplies." Such contact should be documented. Similar recommendations are provided related to "failure to monitor medical necessity on an on-going basis."

3. Claims Development And Submission
1. Medical Necessity

The final guidance adds language warning suppliers that "Medicare may deny payment for an item or service that the treating physician or other authorized person believes is appropriate, but which does not meet the Medicare coverage criteria or where the documentation does not support that the item or service was reasonable and necessary for the patient." The guidance therefore suggests that suppliers advise their clients that claims submitted for federal, state, or private payor reimbursement must meet program requirements or the claims could be denied.

2. Certificate Of Medical Necessity

The OIG has included language in the final guidance reflecting a new Health Care Financing Administration ("HCFA") policy on faxed certificates of medical necessity ("CMNs"). According to the OIG, while faxed CMNs are permitted in order to submit the claim, the DMERCs have the authority to request the original CMN from the supplier at any time. (fn5) It also adds language specifying that suppliers should not submit a claim for items or services prior to receiving a written order or CMN from the treating physician or other authorized person.

The OIG also removes language in this section and in a later section on cover letters that had prohibited the inclusion of diagnostic information in a cover letter attached to a CMN. As we pointed out in our February 1999 Client Memorandum, HCFA policy on this issue contains no prohibition against including diagnostic information in a cover letter.

3. Mail Order Suppliers

The draft compliance program guidance stated that mail order DMEPOS suppliers should maintain an accurate inventory list and should not bill for or commit to sending items that are not part of its inventory. This provision was dropped from the final version.

4. Routine Waiver Of Deductibles And Coinsurance

In the final compliance program guidance, the OIG expands its discussion of the circumstances in which suppliers are permitted to waive the Medicare coinsurance amounts in cases of indigency. While the OIG notes that "what constitutes ‘financial need’ varies depending on the circumstances," it believes a supplier should "make determinations of financial need on an individualized, case by case, basis in accordance with a reasonable set of income guidelines uniformly applied in all cases." The income guidelines should be based on objective criteria and be appropriate for the applicable locality. The OIG adds that suppliers should not "apply inflated income guidelines that result in waivers of copayments for persons not in genuine financial need."

In another change, the OIG has removed a recommendation that suppliers prohibit their personnel from charging Medicare beneficiaries more than other patients for similar services and items, or collecting deductibles and coinsurance only when a patient has a certain insurance.

5. Capped Rentals And The Purchase Option

The OIG also provides additional details on its policy regarding the prohibition on suppliers submitting claims for rental equipment when the beneficiary is residing in an institution (i.e., a hospital or skilled nursing facility). The OIG observes that some suppliers bring DMEPOS items to beneficiaries residing in an institution, just prior to discharge, to train the beneficiary in the use of the item or to fit the item for the beneficiary. Once the supplier has trained or fitted the beneficiary, however, the supplier should take the item and deliver it to the beneficiary’s home on the date of discharge, and the claim for this item should mark the date of delivery/date of service as the date of the beneficiary’s discharge from the institution. According to the OIG, if the supplier delivers the item for use by the beneficiary while in the institution, the item should be included in the institution’s cost and the supplier should not submit the claim.

6. Cover Letters

In the final compliance program guidance, the OIG notes that the "cover letter is not a form required or regulated by the Government. As a result, the DMERCs do not base Medicare denials solely on what may be considered inappropriate use of cover letters." While the OIG voices its concern "that cover letters may influence or direct a physician’s or other authorized person’s answers on the CMN, particularly the questions relating to the patient’s medical condition," the OIG has deleted language stating that cover letters may not (i) lead physicians to order medically unnecessary items or supplies, or (ii) include diagnostic information. The OIG also has dropped (i) its prohibition on a supplier distributing completed "sample" CMNs to physicians, and (ii) its requirement that suppliers maintain on file a copy of the cover letter sent to physicians.

In addition, the OIG points out that "[i]t is the treating physician’s or other authorized person’s responsibility to determine both the medical need for, and the utilization of, health care services." The OIG encourages suppliers to include language in their cover letters reminding treating physicians and other authorized persons of their "responsibilities in properly completing CMNs."

Nevertheless, the OIG warns that "[e]ncouraging physicians or other authorized persons to order unwanted items or supplies may result in submitting claims for items or services that are not reasonable or necessary. The OIG is aware of instances where the DMEPOS supplier has copied the CMN, completed section B of the copy, and used this completed copy as its cover letter to physicians."

7. Communication

The OIG has removed an earlier recommendation that suppliers consider adopting a mechanism whereby the physician immediately informs the supplier when equipment is no longer medically necessary.

8. Oxygen And Oxygen Equipment

In the draft compliance program guidance, the OIG required suppliers to have independent diagnostic treatment facilities submit all raw test results -- not just a summary of the results -- to the ordering physician. Since, as we observed in our February 1999 client memo, this is not actually a program requirement, the final version notes that this is an OIG recommendation.

The OIG also has added a recommendation that, for patient safety purposes, the rental of oxygen include established maintenance safeguards. Steps also should be taken to ensure the equipment is properly maintained, since maintenance is included in the rental price, the OIG states.

4. Anti-Kickback And Self-Referral Concerns

As noted above, the final compliance program guidance includes a provision that a supplier should not offer a physician or other referral source more than fair market value for space rented to store items or supplies (i.e., the "consignment closet" or "supply closet" issue).

With regard to small suppliers, the OIG states that all suppliers, regardless of size, should be knowledgeable about, and compliant with, the anti-kickback statute and the Stark physician self-referral law, along with other relevant federal and state statutes or regulations. The OIG recognizes, however, that small suppliers may not have the resources to implement the OIG’s suggestions to the same extent as a larger supplier. The OIG therefore acknowledges that the smaller supplier may need to use a slightly different mechanism to ensure compliance, such as choosing a sample of contracts or financial arrangements to review on a periodic basis.

5. Marketing

The draft version of the compliance program guidance asserted that "[s]ince a DMEPOS supplier has no control over the means by which a non-employee sales or other representative might contact a Medicare beneficiary regarding the furnishing of such items, DMEPOS suppliers may not accept any referral from a sales or other representative who is not an employee of the DMEPOS supplier, regardless of the means allegedly used to contact the beneficiary." In response to industry comments pointing out that there currently is no prohibition on a supplier having independent sales representatives, the final version does not include this language.

This section also includes language reflecting the OIG’s expectation that all suppliers, regardless of size, should employ marketing strategies that are "clear, correct, honest, straightforward, non-deceptive and fully informative." While small suppliers may not have extensive written policies and procedures, each supplier should inform their sales force of applicable statutes in this area and ensure that its employees understand what marketing activities are permitted and prohibited.

6. Retention Of Records

The OIG has added language specifying that all suppliers, regardless of size, must retain documents required by the health plans in which they participate. Moreover, "[i]n case of a future Government investigation, the OIG recommends that all DMEPOS suppliers retain documents relating to the implementation of their compliance programs."

7. Designation Of A Compliance Officer And A Compliance Committee

The final compliance program guidance acknowledges that a small supplier may not have the need or resources to hire a full-time compliance officer. The OIG maintains that each supplier should, however, have a person in its organization (perhaps with other responsibilities) who can oversee the supplier’s compliance with applicable rules.

The OIG also has modified its expectations for small suppliers regarding compliance committees. The OIG previously had stated that the compliance officer should fulfill the responsibilities of the committee for a small supplier. The OIG now recommends that in lieu of a corporate compliance committee, small suppliers should create a "taskforce," if appropriate, to address potential problems as they are identified. The members of the taskforce may vary depending on the issue.

8. Conducting Effective Training And Education

The draft compliance program guidance provided that at the end of initial training sessions, every employee, as well as physicians, independent contractors, and other significant agents, should be required to sign and date a statement that reflects their knowledge of and commitment to the supplier’s standards of conduct. For physicians, independent contractors, and other significant agents, the attestation would become part of the contract between the parties. In response to industry comments regarding the impracticality of binding the physician to the supplier’s policy, the final compliance program guidance does not include this requirement. Instead, the OIG suggests that suppliers may wish to offer compliance training sessions to interested independent contractors and physicians.

The OIG also has added language to the final compliance program guidance that all suppliers, regardless of size, should ensure that their employees are well trained and are abiding by the applicable statutes, regulations, and policies. Each employee should know the procedures or who to consult when confronted with a particular situation. The OIG recognizes, however, that the format of training programs will vary depending upon the suppliers’ resources. The OIG offers that a small supplier could create a video for each type of training session so new employees can receive training in a timely manner.

Moreover, the OIG recognizes that its general recommendation that suppliers regularly send employees to continuing education classes or publish newsletters may not be feasible for small suppliers. Alternatively, the OIG suggests that small suppliers have their employees meet on a regular basis to discuss information in the DMERC’s Medicare bulletin.

9. Auditing And Monitoring

The OIG has added language recognizing that small suppliers may not have the resources to audit their operations to the extent suggested in the OIG’s general recommendations. In such cases, the OIG recommends that, at a minimum, the small supplier conduct an internal audit, such as through a random review of a sample of claims based on the risk areas it identified. The OIG recommends that the supplier conduct an initial baseline audit and periodic follow-up audits. If problems were identified in the baseline audit, the OIG suggests that the supplier re-audit the same issue to assess the effectiveness of any corrective actions implemented pursuant to the compliance program. The supplier should document the results of all audits. The OIG also notes that suppliers could use the OIG’s Audit Process handbook to help design the audit. (fn6)

The OIG adds that "[t]he extent of a DMEPOS supplier’s audit should depend on the DMEPOS supplier’s identified risk areas and resources. If the DMEPOS supplier comes under Government scrutiny in the future, the Government will assess whether or not the DMEPOS supplier developed a comprehensive audit based upon identified risk areas and resources. If the Government determines that the DMEPOS supplier failed to develop an adequate audit program, given its resources," the OIG warns, "the Government will be less likely to afford the DMEPOS supplier favorable treatment under its various enforcement authorities."

10. Enforcing Standards Through Well-Publicized Disciplinary Guidelines

The OIG has added language recognizing that small suppliers may not have a written document detailing the disciplinary actions for non-compliance. The OIG expects all employees to be clearly informed of such consequences, however.

The OIG also expands its discussion regarding the treatment of employees who have been convicted of a criminal offense related to health care, or who have been debarred or excluded from federal programs. The OIG now states that if an independent contractor or a referring physician or other authorized person is debarred or excluded from participation in federal health care programs, and the supplier is aware of it, the supplier should not involve that individual/entity in the federal health care portion of its business.

The OIG also specifies that all suppliers, regardless of size, should ensure that they do not employ or contract with anyone who has been debarred, excluded, or is otherwise ineligible to participate in federal health care programs.

2. CONCLUSION

While the final compliance program guidance has been improved by the addition of alternatives for small businesses and the correction of a number of policy misstatements, it remains a highly prescriptive document that may be difficult for many suppliers to implement. Nevertheless, the adoption of a corporate compliance plan offers a number of benefits to suppliers, including the potential to reduce exposure to civil and criminal sanctions associated with false claims. Suppliers are advised, therefore, to carefully review the OIG’s recommendations to ensure that existing or planned compliance plans address issues of concern to the OIG.

Please do not hesitate to contact Elizabeth B. Carder (202/414-9213), Carol C. Loepere (202/414-9216), or any other member of the Reed Smith health care group with whom you work if you would like additional information or if you need assistance in developing or assessing a compliance program.

The contents of this Memorandum are for informational purposes only, and do not constitute legal advice.