Compliance through Lessons Learned
Written by Joanne Byron, BS, LPN, CCA, CHA, CHCO, CHBS, CHCM, CIFHA, CMDP, OHCC, ICDCT-CM/PCS
This article is provided by the American Institute of Healthcare Compliance in support of the healthcare Compliance Officer, Director and C-Suite Executive and the many challenges faced in today’s environment when building a culture of compliance to mitigate risk.
Reviewing the Office of Inspector General's (OIG) enforcement actions is important for compliance officers because it can help them understand the OIG's focus and priorities, and how to comply with federal health care laws and regulations.
The OIG and prosecutors look for evidence of “lessons learned”, as outlined in an the U.S. Department of Justice (DOJ) Criminal Divisions’ Evaluation of Corporate Compliance Programs (ECCP) – Updated just this month, September 2024. On page 3 of the ECCP, it states “Prosecutors may credit the quality and effectiveness of a risk-based compliance program that devotes appropriate attention and resources to high-risk transactions, even if it fails to prevent an infraction. Prosecutors should therefore consider, as an indicator of risk-tailoring, “revisions to corporate compliance programs in light of lessons learned.” Justice Manual 9-28.800.
- Lessons Learned – Does the company have a process for tracking and incorporating into its periodic risk assessment lessons learned either from the company’s own prior issues or from those of other companies operating in the same industry and/or geographical region.
There is value in learning from another organization’s lessons publicly posted by a government authority, such as the Department of Justice (DOJ), Centers for Medicare & Medicaid Services (CMS), the HIPAA enforcement agency, the Office of Civil Rights (OCR) or the Federal Bureau of Investigations (FBI). Government agencies expect your organization to stay informed.
Common Forms of Health Care Fraud
According to the FBI, the more common forms of health care fraud can be broken down into the following categories:
Fraud Committed by Medical Providers
- Double billing: Submitting multiple claims for the same service
- Phantom billing: Billing for a service visit or supplies the patient never received
- Unbundling: Submitting multiple bills for the same service
- Upcoding: Billing for a more expensive service than the patient actually received
Fraud Committed by Patients and Other Individuals
- Bogus marketing: Convincing people to provide their health insurance identification number and other personal information to bill for non-rendered services, steal their identity, or enroll them in a fake benefit plan
- Identity theft/identity swapping: Using another person’s health insurance or allowing another person to use your insurance
- Impersonating a health care professional: Providing or billing for health services or equipment without a license
Fraud Involving Prescriptions
- Forgery: Creating or using forged prescriptions
- Diversion: Diverting legal prescriptions for illegal uses, such as selling your prescription medication
- Doctor shopping: Visiting multiple providers to get prescriptions for controlled substances or getting prescriptions from medical offices that engage in unethical practices
EMTALA Enforcement Actions – Posted on the OIG Website
Do You Know – the OIG posts selected Emergency Medical Treatment and Labor Act (EMTALA) patient dumping settlements made with hospitals? The OIG can seek a Civil Monetary Penalty or CMP against any hospital which has negligently violated their obligations under EMTALA.
Here is how it work, in a nutshell: CMS assesses a Medicare-participating hospital's compliance with EMTALA under the hospital's Medicare Provider Agreement. CMS reviews and investigates EMTALA complaints and then determines whether a hospital is in compliance with its Medicare Provider Agreement. Then, the OIG receives referrals of potential CMP cases under EMTALA from CMS. The OIG EMTALA enforcement involves the OIG bringing a legal action against a hospital for a CMP.
Enforcement actions are predicated on an evaluation of legal liability and the appropriate assessment of the penalty amount. Hospitals have a right to request a hearing before an Administrative Law Judge challenging both the OIG's finding of a negligent violation of EMTALA and the amount of the CMP. Notable cases in 2024 are:
- Jackson Health System Agreed to Pay $233,000 for Allegedly Violating Patient Dumping Statute
- UF Health Shands Hospital Agreed to Pay $119,000 for Allegedly Violating Patient Dumping Statute
- Starr Regional Medical Center Agreed to Pay $100,000 f or Allegedly Violating Patient Dumping Statute
Because these settlements are made public, these allegations can damage the hospital’s reputation. Auditing and monitoring emergency department compliance should be part of every compliance program.
Stay Informed Through Training & Education
Engage by receiving news through ListServ offered by organizations such as AIHC, CMS, OIG, etc. These are free ways to stay informed of lessons learned.
- The American Institute of Healthcare Compliance (AIHC), a Licensing/Certification partner with CMS, provides periodic news blasts highlighting noteworthy cases of fraud, waste, abuse and other violations. Subscribe to Our Email – go to our homepage www.aihc-assn.org, scroll down to enter your name and email address. You may unsubscribe at any time.
Enroll in Low-Cost Short Courses. The perfect way to get introduced to a new topic or boost your knowledge in a particular area, such as SDOH, EMTALA, No Surprise Billing Allowed, to name a few short courses offered by AIHC.
Register for online training to certify in various areas of compliance. AIHC is a licensing/certification partner with CMS and just a few offering to certify in compliance are: Corporate Compliance Officer, HIPAA Privacy/Security Officer, Healthcare Auditor, Conducting Internal Forensic Audits and Investigations.
- These courses are also approved for CEUs by both AIHC and AHIMA: HIPAA Privacy Officer and HIPAA Right of Access Compliance.
About the Author
Joanne Byron, BS, LPN, CCA, CHA, CHCO, CHBS, CHCM, CIFHA, CMDP, OHCC, ICDCT-CM/PCS serves as the Board Chair of the American Institute of Healthcare Compliance (AIHC) and oversees the Volunteer Education Committee.
Copyright © 2024 American Institute of Healthcare Compliance All Rights Reserved
