Skip to Content


OIG Supplemental Compliance Program Guidance for Hospitals

Document Details

Information about this document as published in the Federal Register.

Document Statistics
Document page views are updated periodically throughout the day and are cumulative counts for this document including its time on Public Inspection. Counts are subject to sampling, reprocessing and revision (up or down) throughout the day.
Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble Start Printed Page 4858


Office of Inspector General (OIG), HHS.




This Federal Register notice sets forth the Supplemental Compliance Program Guidance (CPG) for Hospitals developed by the Office of Inspector General (OIG). Through this notice, the OIG is supplementing its prior compliance program guidance for hospitals issued in 1998. The supplemental CPG contains new compliance recommendations and an expanded discussion of risk areas, taking into account recent changes to hospital payment systems and regulations, evolving industry practices, current enforcement priorities, and lessons learned in the area of corporate compliance. The supplemental CPG provides voluntary guidelines to assist hospitals and hospital systems in identifying significant risk areas and in evaluating and, as necessary, refining ongoing compliance efforts.

Start Further Info


Darlene M. Hampton, Office of Counsel to the Inspector General, (202) 619-0335.

End Further Info End Preamble Start Supplemental Information



Several years ago, the OIG embarked on a major initiative to engage the private health care community in preventing the submission of erroneous claims and in combating fraud and abuse in the Federal health care programs through voluntary compliance efforts. In the last several years, the OIG has developed a series of compliance program guidances (CPGs) directed at the following segments of the health care industry: hospitals; clinical laboratories; home health agencies; third-party billing companies; the durable medical equipment, prosthetics, orthotics, and supply industry; hospices; Medicare+Choice organizations; nursing facilities; physicians; ambulance suppliers; and pharmaceutical manufacturers. CPGs are intended to encourage the development and use of internal controls to monitor adherence to applicable statutes, regulations, and program requirements. The suggestions made in these CPGs are not mandatory, and the CPGs should not be viewed as exhaustive discussions of beneficial compliance practices or relevant risk areas. Copies of these CPGs can be found on the OIG Web page at

Supplementing the Compliance Program Guidance for Hospitals

The OIG originally published a CPG for the hospital industry on February 23, 1998. (See 63 FR 8987 (February 23, 1998), available on our Web page at​authorities/​docs/​cpghosp.pdf.) Since that time, there have been significant changes in the way hospitals deliver, and are reimbursed for, health care services. In response to these developments, on June 18, 2002, the OIG published a notice in the Federal Register, soliciting public suggestions for revising the hospital CPG. (See 67 FR 41433 (June 18, 2002), available on our Web page at​authorities/​docs/​cpghospitalsolicitationnotice.pdf.) After consideration of the public comments and the issues raised, the OIG published a draft supplemental compliance program guidance for hospitals in the Federal Register on June 8, 2004, to ensure that all parties had a reasonable and meaningful opportunity to provide input into the final product. (See 69 FR 32012 (June 8, 2004), available on our Web page at​authorities/​docs/​04/​060804hospitaldraftsuppCPGFR.pdf.) The OIG received comments from a variety of parties with interests in the hospital industry and diverse points of view. These comments were carefully considered during the development of this final supplemental CPG. While some commenters preferred a replacement CPG, for efficiency and to create a concise product of particular use to hospitals with existing compliance programs, we have decided to supplement, rather than replace, the 1998 guidance.

Many public commenters sought guidance on the application of specific Medicare rules and regulations related to payment and coverage, an area beyond the scope of this OIG guidance. Hospitals with questions about the interpretation or application of payment and coverage rules or regulations should contact their Fiscal Intermediaries (FIs) or the Centers for Medicare & Medicaid Services, as appropriate.

Supplemental Compliance Program Guidance for Hospitals

I. Introduction

Continuing its efforts to promote voluntary compliance programs for the health care industry, the Office of Inspector General (OIG) of the Department of Health and Human Services (the Department) publishes this Supplemental Compliance Program Guidance (CPG) for Hospitals.[1] This document supplements, rather than replaces, the OIG's 1998 CPG for the hospital industry (63 FR 8987; February 23, 1998), which addressed the fundamentals of establishing an effective compliance program.[2] Neither this supplemental CPG, nor the original 1998 CPG, is a model compliance program. Rather, collectively the two documents offer a set of guidelines that hospitals should consider when developing and implementing a new compliance program or evaluating an existing one.

We are mindful that many hospitals have already devoted substantial time and resources to compliance efforts. We believe that those efforts demonstrate the industry's good faith commitment to ensuring and promoting integrity. For those hospitals with existing compliance programs, this document may serve as a benchmark or comparison against which to measure ongoing efforts and as a roadmap for updating or refining their compliance plans.

In crafting this supplemental CPG, we considered, among other things, the public comments received in response to the solicitation notice published in the Federal Register[3] and the draft supplemental CPG,[4] as well as relevant OIG and Centers for Medicare & Medicaid Services (CMS) statutory and regulatory authorities (including the Federal anti-kickback statute, together with the safe harbor regulations and Start Printed Page 4859preambles,[5] and CMS transmittals and program memoranda); other OIG guidance (such as OIG advisory opinions, special fraud alerts, bulletins, and other guidance); experience gained from investigations conducted by the OIG's Office of Investigations, the Department of Justice (DoJ), and the State Medicaid Fraud Units; and relevant reports issued by the OIG's Office of Audit Services and Office of Evaluation and Inspections.[6] We also consulted generally with CMS, the Department's Office for Civil Rights, and DoJ.

A. Benefits of a Compliance Program

A successful compliance program addresses the public and private sectors' mutual goals of reducing fraud and abuse; enhancing health care providers' operations; improving the quality of health care services; and reducing the overall cost of health care services. Attaining these goals benefits the hospital industry, the government, and patients alike. Compliance programs help hospitals fulfill their legal duty to refrain from submitting false or inaccurate claims or cost information to the Federal health care programs [7] or engaging in other illegal practices. A hospital may gain important additional benefits by voluntarily implementing a compliance program, including:

  • Demonstrating the hospital's commitment to honest and responsible corporate conduct;
  • Increasing the likelihood of preventing, identifying, and correcting unlawful and unethical behavior at an early stage;
  • Encouraging employees to report potential problems to allow for appropriate internal inquiry and corrective action; and
  • Through early detection and reporting, minimizing any financial loss to government and taxpayers, as well as any corresponding financial loss to the hospital.

The OIG recognizes that implementation of a compliance program may not entirely eliminate improper or unethical conduct from the operations of health care providers. However, an effective compliance program demonstrates a hospital's good faith effort to comply with applicable statutes, regulations, and other Federal health care program requirements, and may significantly reduce the risk of unlawful conduct and corresponding sanctions.

B. Application of Compliance Program Guidance

Given the diversity of the hospital industry, there is no single “best” hospital compliance program. The OIG recognizes the complexities of the hospital industry and the differences among hospitals and hospital systems. Some hospital entities are small and may have limited resources to devote to compliance measures; others are affiliated with well-established, large, multi-facility organizations with a widely dispersed work force and significant resources to devote to compliance.

Accordingly, this supplemental CPG is not intended to be one-size-fits-all guidance. Rather, the OIG strongly encourages hospitals to identify and focus their compliance efforts on those areas of potential concern or risk that are most relevant to their individual organizations. Compliance measures adopted by a hospital to address identified risk areas should be tailored to fit the unique environment of the organization (including its structure, operations, resources, and prior enforcement experience). In short, the OIG recommends that each hospital adapt the objectives and principles underlying this guidance to its own particular circumstances.

In section II below, titled “Fraud and Abuse Risk Areas,” we present several fraud and abuse risk areas that are particularly relevant to the hospital industry. Each hospital should carefully examine these risk areas and identify those that potentially impact the hospital. Next, in section III, “Hospital Compliance Program Effectiveness,” we offer recommendations for assessing and improving an existing compliance program to better address identified risk areas. Finally, in section IV, “Self-Reporting,” we set forth the actions hospitals should take if they discover credible evidence of misconduct.

II. Fraud and Abuse Risk Areas

This section is intended to help hospitals identify areas of their operations that present a potential risk of liability under several key Federal fraud and abuse statutes and regulations. This section focuses on areas that are currently of concern to the enforcement community and is not intended to address all potential risk areas for hospitals. Importantly, the identification of a particular practice or activity in this section is not intended to imply that the practice or activity is necessarily illegal in all circumstances or that it may not have a valid or lawful purpose underlying it.

This section addresses the following areas of significant concern for hospitals: (A) Submission of accurate claims and information; (B) the referral statutes; (C) payments to reduce or limit services; (D) the Emergency Medical Treatment and Labor Act (EMTALA); (E) substandard care; (F) relationships with Federal health care beneficiaries; (G) HIPAA Privacy and Security Rules; and (H) billing Medicare or Medicaid substantially in excess of usual charges. In addition, a final section (I) addresses several areas of general interest that, while not necessarily matters of significant risk, have been of continuing interest to the hospital community. This guidance does not create any new law or legal obligations, and the discussions in this guidance are not intended to present detailed or comprehensive summaries of lawful and unlawful activity. Nor is this guidance intended as a substitute for consultation with CMS or a hospital's Fiscal Intermediary (FI) with respect to the application and interpretation of Medicare payment and coverage provisions, which are subject to change. Rather, this guidance should be used as a starting point for a hospital's legal review of its particular practices and for development or refinement of policies and procedures to reduce or eliminate potential risk.

A. Submission of Accurate Claims and Information

Perhaps the single biggest risk area for hospitals is the preparation and submission of claims or other requests for payment from the Federal health care programs. It is axiomatic that all claims and requests for reimbursement from the Federal health care programs—and all documentation supporting such claims or requests—must be complete and accurate and must reflect reasonable and necessary services ordered by an appropriately licensed medical professional who is a participating provider in the health care program from which the individual or entity is seeking reimbursement. Hospitals must disclose and return any overpayments that result from mistaken Start Printed Page 4860or erroneous claims.[8] Moreover, the knowing submission of a false, fraudulent, or misleading statement or claim is actionable. A hospital may be liable under the False Claims Act [9] or other statutes imposing sanctions for the submission of false claims or statements, including liability for civil money penalties (CMPs) or exclusion.[10] Underlying assumptions used in connection with claims submission should be reasoned, consistent, and appropriately documented, and hospitals should retain all relevant records reflecting their efforts to comply with Federal health care program requirements.

Common and longstanding risks associated with claims preparation and submission include inaccurate or incorrect coding, upcoding, unbundling of services, billing for medically unnecessary services or other services not covered by the relevant health care program, billing for services not provided, duplicate billing, insufficient documentation, and false or fraudulent cost reports. While hospitals should continue to be vigilant with respect to these important risk areas, we believe these risk areas are relatively well-understood in the industry and, therefore, they are not generally addressed in this section.[11] Rather, the following discussion highlights evolving risks or risks that appear to the OIG to be under-appreciated by the industry. The risks are grouped under the following topics: Outpatient procedure coding; admissions and discharges; supplemental payment considerations; and use of information technology. By necessity, this discussion is illustrative, not exhaustive, of risks associated with the submission of claims or other information. In all cases, hospitals should consult the applicable laws, rules, and regulations.

1. Outpatient Procedure Coding

The implementation of Medicare's Hospital Outpatient Prospective Payment System (OPPS) [12] increased the importance of accurate procedure coding for hospital outpatient services. Previously, hospital coding concerns mainly consisted of ensuring accurate ICD-9-CM diagnosis and procedure coding for reimbursement under the inpatient prospective payment system (PPS). Hospitals reported procedure codes for outpatient services, but were reimbursed for outpatient services based on their charges for services. With the OPPS, procedure codes effectively became the basis for Medicare reimbursement. Under the OPPS, each reported procedure code is assigned to a corresponding Ambulatory Payment Classification (APC) code. Hospitals are then reimbursed a predetermined amount for each APC, irrespective of the specific level of resources used to furnish the individual service. In implementing the OPPS, CMS developed new rules governing the use of procedure code modifiers for outpatient coding.[13] Because incorrect procedure coding may lead to overpayments and subject a hospital to liability for the submission of false claims, hospitals need to pay close attention to coder training and qualifications.

Hospitals should also review their outpatient documentation practices to ensure that claims are based on complete medical records and that the medical records support the levels of service claimed. Under the OPPS, hospitals must generally include on a single claim all services provided to the same patient on the same day. Coding from incomplete medical records may create problems in complying with this claim submission requirement. Moreover, submitting claims for services that are not supported by the medical record may also result in the submission of improper claims.

In addition to the coding risk areas noted above and in the 1998 hospital CPG, other specific risk areas associated with incorrect outpatient procedure coding include the following:

  • Billing on an outpatient basis for “inpatient-only” procedures—CMS has identified procedures for which reimbursement is typically allowed only if the service is performed in an inpatient setting.[14]
  • Submitting claims for medically unnecessary services by failing to follow the FI's local policies—Each FI publishes local policies, including local medical review polices (LMRPs) and local coverage determinations (LCDs), that identify certain procedures that are only reimbursable when specific conditions are present.[15] In addition to relying on a physician's sound clinical judgment with respect to the appropriateness of a proposed course of treatment, hospitals should regularly review and become familiar with their individual FI's LMRPs and LCDs. LMRPs and LCDs should be incorporated into a hospital's regular coding and billing operations.[16]
  • Submitting duplicate claims or otherwise not following the National Correct Coding Initiative guidelines—CMS developed the National Correct Coding Initiative (NCCI) to promote correct coding methodologies. The NCCI identifies certain codes that should not be used together because they are either mutually exclusive or one is a component of another. If a hospital uses code pairs that are listed in the NCCI and those codes are not detected by the editing routines in the hospital's billing system, the hospital may submit duplicate or unbundled claims. Intentional manipulation of code assignments to maximize payments and avoid NCCI edits constitutes fraud. Unintentional misapplication of NCCI coding and billing guidelines may also give rise to overpayments or civil liability for hospitals that have developed a pattern of inappropriate billing. To minimize risk, hospitals Start Printed Page 4861should ensure that their coding software includes up-to-date NCCI edit files.[17]
  • Submitting incorrect claims for ancillary services because of outdated Charge Description Masters—Charge Description Masters (CDMs) list all of a hospital's charges for items and services and include the underlying procedure codes necessary to bill for those items and services. Outdated CDMs create significant compliance risk for hospitals. Because the Healthcare Common Procedure Coding System (HCPCS) codes and APCs are updated regularly, hospitals should pay particular attention to the task of updating the CDM to ensure the assignment of correct codes to outpatient claims. This should include timely updates, proper use of modifiers, and correct associations between procedure codes and revenue codes.[18]
  • Circumventing the multiple procedure discounting rules—A surgical procedure performed in connection with another surgical procedure may be discounted. However, certain surgical procedures are designated as non-discounted, even when performed with another surgical procedure. Hospitals should ensure that the procedure codes selected represent the actual services provided, irrespective of the discounting status. They should also review the annual OPPS rule update to understand more fully CMS's multiple procedure discounting rule.[19]
  • Improper evaluation and management code selection—Hospitals should use proper codes to describe the evaluation and management (E/M) services they provide. A hospital's E/M coding guidelines should ensure that services are medically necessary and sufficiently documented and that the codes accurately reflect the intensity of hospital resources required to deliver the services.
  • Improperly billing for observation services—In certain circumstances, Medicare provides a separate APC payment for observation services for patients with diagnoses of chest pain, asthma, or congestive heart failure. Claims for these observation services must correctly reflect the diagnosis and meet certain other requirements. Seeking a separate payment for observation services in situations that do not satisfy the requirements is inappropriate and may result in hospital liability. Hospitals should become familiar with CMS's detailed policies for the submission of claims for observation services.[20]

2. Admissions and Discharges

Often, the status of patients at the time of admission or discharge significantly influences the amount and method of reimbursement hospitals receive. Therefore, hospitals have a duty to ensure that admission and discharge policies are updated and reflect current CMS rules. Risk areas with respect to the admission and discharge processes include the following:

  • Failure to follow the “same-day rule”—The OPPS rules require hospitals to include on the same claim all OPPS services provided at the same hospital, to the same patient, on the same day, unless certain conditions are met. Hospitals should review internal billing systems and procedures to ensure that they are not submitting multiple claims for OPPS services delivered to the same patient on the same day.[21]
  • Abuse of partial hospitalization payments—Under the OPPS, Medicare provides a per diem payment for specific hospital services rendered to behavioral and mental health patients on a partial hospitalization basis. Examples of improper billing under the partial hospitalization program include, without limitation: reducing the range of services offered; withholding services that are medically appropriate; billing for services not covered; and billing for services without a certificate of medical necessity.[22]
  • Same-day discharges and readmissions—Same-day discharges and readmissions may indicate premature discharges, medically unnecessary readmissions, or incorrect discharge coding. Hospitals should have procedures in place to review discharges and admissions carefully to ensure that they reflect prudent clinical decision-making and are properly coded.[23]
  • Violation of Medicare's post-acute care transfer policy—The post-acute care transfer policy provides that, for certain designated Diagnosis Related Groups (DRGs), a hospital will receive a per diem transfer payment, rather than the full DRG payment, if the patient is discharged to certain post-acute care settings.[24] CMS may periodically revise the list of designated DRGs that are subject to its post-acute care transfer policy.[25] To avoid improperly billing for discharges, hospitals should pay particular attention to CMS's post-acute care transfer policy and keep an accurate list of all designated DRGs subject to that policy.
  • Improper churning of patients by long-term care hospitals co-located in acute care hospitals—Long term care hospitals that are co-located within acute care hospitals may qualify for PPS-exempt status if certain regulatory requirements are satisfied.[26] Hospitals should not engage in the practice of churning, or inappropriately transferring, patients between the host hospital and the hospital-within-a-hospital.

3. Supplemental Payment Considerations

Under the Medicare program, in certain limited situations, hospitals may claim payments in addition to, or in some cases in lieu of, the normal reimbursement available to hospitals under the regular payment systems. Eligibility for these payments depends on compliance with specific criteria. Hospitals that claim supplemental payments improperly are liable for fines and penalties under Federal law. Examples of specific risks that hospitals should address include the following:

  • Improper reporting of the costs of “pass-through” items—“Pass-through” items are certain items of new technology and drugs for which Medicare will reimburse the hospital Start Printed Page 4862based on costs during a limited transitional period.[27]
  • Abuse of DRG outlier payments—Recent investigations revealed substantial abuse of outlier payments by hospitals with Medicare patients. Hospital management, compliance staff, and counsel should familiarize themselves with CMS's new outlier rules and requirements intended to curb abuses.[28]
  • Improper claims for incorrectly designated “provider-based” entities—Certain hospital-affiliated entities and clinics can be designated as “provider-based,” which allows for a higher level of reimbursement for certain services.[29] Hospitals should take steps to ensure that facilities or organizations are only designated as provider-based if they satisfy the criteria set forth in the regulations.
  • Improper claims for clinical trials—Since September 2000, Medicare has covered items and services furnished during certain clinical trials, as long as those items and services would typically be covered for Medicare beneficiaries, but for the fact that they are provided in an experimental or clinical trial setting. Hospitals that participate in clinical trials should review the requirements for submitting claims for patients participating in clinical trials.[30]
  • Improper claims for organ acquisition costs—Hospitals that are approved transplantation centers may receive reimbursement on a reasonable cost basis to cover the costs of acquisition of certain organs.[31] Organ acquisition costs are only reimbursable if a hospital satisfies several requirements, such as having adequate cost information, supporting documentation, and supporting medical records.[32] Hospitals must also ensure that expenses not related to organ acquisition, such as transplant and post-transplant activities and costs from other cost centers, are not included in the hospital's organ acquisition costs.[33]
  • Improper claims for cardiac rehabilitation services—Medicare covers reasonable and necessary cardiac rehabilitation services under the hospital “incident-to” benefit, which requires that the services of nonphysician personnel be furnished under a physician's direct supervision. In addition to satisfying the supervision requirement, hospitals must ensure that cardiac rehabilitation services are reasonable and necessary.[34]
  • Failure to follow Medicare rules regarding payment for costs related to educational activities[35] —Hospitals should pay particular attention to these rules when implementing dental or other education programs, particularly those not historically operated at the hospital.

4. Use of Information Technology

The implementation of the OPPS increased the need for hospitals to pay particular attention to their computerized billing, coding, and information systems. Billing and coding under the OPPS is more data intensive than billing and coding under the inpatient PPS. When the OPPS began, many hospitals' existing systems were unable to accommodate the new requirements and required adjustments.

As the health care industry moves forward, hospitals will increasingly rely on information technology. For example, HIPAA Privacy and Security Rules (discussed below in section II.G), electronic claims submission,[36] electronic prescribing, networked information sharing among providers, and systems for the tracking and reduction of medical errors, among others, will require hospitals to depend more on information technologies. Information technology presents new opportunities to advance health care efficiency, but also new challenges to ensuring the accuracy of claims and the information used to generate claims. It may be difficult for purchasers of computer systems and software to know exactly how the system operates and generates information. Prudent hospitals will take steps to ensure that they thoroughly assess all new computer systems and software that impact coding, billing, or the generation or transmission of information related to the Federal health care programs or their beneficiaries.

B. The Referral Statutes: The Physician Self-Referral Law (the “Stark” Law) and the Federal Anti-Kickback Statute

1. The Physician Self-Referral Law

From a hospital compliance perspective, the physician self-referral law (section 1877 of the Social Security Act (Act), commonly known as the “Stark” law) should be viewed as a threshold statute. The statute prohibits hospitals from submitting—and Medicare from paying—any claim for a “designated health service” (DHS) if the referral of the DHS comes from a physician with whom the hospital has a prohibited financial relationship.[37] This is true even if the prohibited financial relationship is the result of inadvertence or error. In addition, hospitals and physicians that knowingly violate the statute may be subject to CMPs and exclusion from the Federal health care programs. Furthermore, under certain circumstances, a knowing violation of the Stark law may also give rise to liability under the False Claims Act. Because all inpatient and outpatient hospital services furnished to Medicare or Medicaid patients Start Printed Page 4863(including services furnished directly by a hospital or by others “under arrangements” with a hospital) are DHS under the statute,[38] hospitals must diligently review all financial relationships with referring physicians for compliance with the Stark law. Simply put, hospitals face significant financial exposure unless their financial relationships with referring physicians fit squarely in statutory or regulatory exceptions to the Stark law.

For purposes of analyzing a financial relationship under the Stark law, the following three-part inquiry is useful:

  • Is there a referral from a physician for a designated health service? If not, then there is no Stark law issue (although other fraud and abuse authorities, such as the anti-kickback statute, may be implicated). If the answer is “yes,” the next inquiry is:
  • Does the physician (or an immediate family member) have a financial relationship with the entity furnishing the DHS (e.g., the hospital)? Again, if the answer is no, the Stark law is not implicated. However, if the answer is “yes,” the third inquiry is:
  • Does the financial relationship fit in an exception? If not, the statute has been violated.

Detailed definitions of the highlighted terms are set forth in regulations at 42 CFR 411.351 through 411.361 (substantial additional explanatory material appears in the regulatory preambles to the final regulations: 66 FR 856 (January 4, 2001); 69 FR 16054 (March 26, 2004); and 69 FR 17933 (April 6, 2004)). Importantly, a financial relationship can be almost any kind of direct or indirect ownership or investment relationship (e.g., stock ownership, a partnership interest, or secured debt) or direct or indirect compensation arrangement, whether in cash or in-kind (e.g., a rental contract, personal services contract, salary, gift, or gratuity), between a referring physician (or immediate family member) and a hospital. Moreover, the financial relationship need not relate to the provision of DHS (e.g., a joint venture between a hospital and a physician to operate a hospice would create an indirect compensation relationship between the hospital and the physician for Stark law purposes).

The statutory and regulatory exceptions are the key to compliance with the Stark law. Any financial relationship between the hospital and a physician who refers to the hospital must fit in an exception. Exceptions exist in the statute and regulations for many common types of business arrangements. To fit in an exception, an arrangement must squarely meet all of the conditions set forth in the exception. Importantly, it is the actual relationship between the parties, and not merely the paperwork, that must fit in an exception. Unlike the anti-kickback safe harbors, which are voluntary, fitting in an exception is mandatory under the Stark law.

Compliance with a Stark law exception does not immunize an arrangement under the anti-kickback statute. Rather, the Stark law sets a minimum standard for arrangements between physicians and hospitals. Even if a hospital-physician relationship qualifies for a Stark law exception, it should still be reviewed for compliance with the anti-kickback statute. The anti-kickback statute is discussed in greater detail in the next subsection.

Because of the significant exposure for hospitals under the Stark law, we recommend that hospitals implement systems to ensure that all conditions in the exceptions upon which they rely are fully satisfied. For example, many of the exceptions, such as the rental and personal services exceptions, require signed, written agreements with physicians. We are aware of numerous instances in which hospitals failed to maintain these signed written agreements, often inadvertently (e.g., a holdover lease without a written lease amendment; a physician hired as an independent contractor for a short-term project without a signed agreement). To avoid a large overpayment, hospitals should ensure frequent and thorough review of their contracting and leasing processes. The final regulations contain a new limited exception for certain inadvertent, temporary instances of noncompliance with another exception. This exception may only be used on an occasional basis. Hospitals should be mindful that this exception is not a substitute for vigilant contracting and leasing oversight. In addition, hospitals should review the new reporting requirements at 42 CFR 411.361, which generally require hospitals to retain records that the hospitals know or should know about in the course of prudently conducting business. Hospitals should ensure that they have policies and procedures in place to address these reporting requirements.

In addition, because many exceptions to the Stark law require fair market value compensation for items or services actually needed and rendered, hospitals should have appropriate processes for making and documenting reasonable, consistent, and objective determinations of fair market value and for ensuring that needed items and services are furnished or rendered. Other areas that may require careful monitoring include, without limitation, the total value of nonmonetary compensation provided annually to each referring physician, the value of medical staff incidental benefits, and the provision of professional courtesy.[39] As discussed further in the anti-kickback section below, hospitals should exercise care when recruiting physicians. Importantly, while the final regulations contain a limited exception for certain joint recruiting by hospitals and existing group practices, the exception strictly forbids the use of income guarantees that shift group practice overhead or expenses to the hospital or any payment structure that otherwise transfers remuneration to the group practice.

Further information about the Stark law and applicable regulations can be found on CMS's Web page at​medlearn/​refphys.asp. Information regarding CMS's Stark advisory opinion process can be found at​physicians/​aop/​default.asp.

2. The Federal Anti-Kickback Statute

Hospitals should also be aware of the Federal anti-kickback statute, section 1128B(b) of the Act, and the constraints it places on business arrangements related directly or indirectly to items or services reimbursable by any Federal health care program, including, but not limited to, Medicare and Medicaid. The anti-kickback statute prohibits in the health care industry some practices that are common in other business sectors, such as offering gifts to reward past or potential new referrals.

The anti-kickback statute is a criminal prohibition against payments (in any form, whether the payments are direct Start Printed Page 4864or indirect) made purposefully to induce or reward the referral or generation of Federal health care program business. The anti-kickback statute addresses not only the offer or payment of anything of value for patient referrals, but also the offer or payment of anything of value in return for purchasing, leasing, ordering, or arranging for or recommending the purchase, lease, or ordering of any item or service reimbursable in whole or in part by a Federal health care program. The statute extends equally to the solicitation or acceptance of remuneration for referrals or the generation of other business payable by a Federal health care program. Liability under the anti-kickback statute is determined separately for each party involved. In addition to criminal penalties, violators may be subject to CMPs and exclusion from the Federal health care programs. Hospitals should also be mindful that compliance with the anti-kickback statute is a condition of payment under Medicare and other Federal health care programs. See, e.g., Medicare Federal Health Care Provider/Supplier Application, CMS Form 855A, Certification Statement at section 15, paragraph A.3, available on CMS's Web page at​providers/​enrollment/​forms/​. As such, liability may arise under the False Claims Act where the anti-kickback statute violation results in the submission of a claim for payment under a Federal health care program.

Although liability under the anti-kickback statute ultimately turns on a party's intent, it is possible to identify arrangements or practices that may present a significant potential for abuse. For purposes of analyzing an arrangement or practice under the anti-kickback statute, the following two inquiries are useful:

  • Does the hospital have any remunerative relationship between itself (or its affiliates or representatives) and persons or entities in a position to generate Federal health care program business for the hospital (or its affiliates) directly or indirectly? Persons or entities in a position to generate Federal health care program business for a hospital include, for example, physicians and other health care professionals, ambulance companies, clinics, hospices, home health agencies, nursing facilities, and other hospitals.
  • With respect to any remunerative relationship so identified, could one purpose of the remuneration be to induce or reward the referral or recommendation of business payable in whole or in part by a Federal health care program? Importantly, under the anti-kickback statute, neither a legitimate business purpose for the arrangement, nor a fair market value payment, will legitimize a payment if there is also an illegal purpose (i.e., inducing Federal health care program business).

Although any arrangement satisfying both tests implicates the anti-kickback statute and requires careful scrutiny by a hospital, the courts have identified several potentially aggravating considerations that can be useful in identifying arrangements at greatest risk of prosecution. In particular, hospitals should ask the following questions, among others, about any potentially problematic arrangements or practices they identify:

  • Does the arrangement or practice have a potential to interfere with, or skew, clinical decision-making?
  • Does the arrangement or practice have a potential to increase costs to Federal health care programs, beneficiaries, or enrollees?
  • Does the arrangement or practice have a potential to increase the risk of overutilization or inappropriate utilization?
  • Does the arrangement or practice raise patient safety or quality of care concerns?

Hospitals that have identified potentially problematic arrangements or practices can take a number of steps to reduce or eliminate the risk of an anti-kickback violation. Detailed guidance relating to a number of specific practices is available from several sources. Most importantly, the anti-kickback statute and the corresponding regulations establish a number of “safe harbors” for common business arrangements. The following safe harbors are of most relevance to hospitals:

Safe harbor protection requires strict compliance with all applicable conditions set out in the relevant safe harbor.[41] Although compliance with a safe harbor is voluntary and failure to comply with a safe harbor does not mean an arrangement is illegal per se, we recommend that hospitals structure arrangements to fit in a safe harbor whenever possible. Arrangements that do not fit in a safe harbor must be evaluated on a case-by-case basis.

Other available guidance includes special fraud alerts and advisory bulletins issued by the OIG identifying and discussing particular practices or issues of concern and OIG advisory opinions issued to specific parties about their particular business arrangements.[42] A hospital concerned about an existing or proposed arrangement may request a binding OIG advisory opinion regarding whether the arrangement violates the Federal anti-kickback statute or other OIG fraud and abuse authorities, using the procedures set out at 42 CFR part 1008. The safe harbor regulations (and accompanying Federal Register preambles), fraud alerts and bulletins, advisory opinions (and instructions for obtaining them, including a list of frequently asked questions), and other guidance are Start Printed Page 4865available on the OIG Web page at

The following discussion highlights several known areas of potential risk under the anti-kickback statute. The propriety of any particular arrangement can only be determined after a detailed examination of the attendant facts and circumstances. The identification of a given practice or activity as “suspect” or as an area of “risk” does not mean it is necessarily illegal or unlawful, or that it cannot be properly structured to fit in a safe harbor; nor does it mean that the practice or activity is not beneficial from a clinical, cost, or other perspective. Rather, the areas identified below are areas of activity that have a potential for abuse and that should receive close scrutiny from hospitals. The discussion highlights potential risks under the anti-kickback statute arising from hospitals' relationships in the following seven categories: (a) Joint ventures; (b) compensation arrangements with physicians; (c) relationships with other health care entities; (d) recruitment arrangements; (e) discounts; (f) medical staff credentialing; and (g) malpractice insurance subsidies. (In addition, the kickback risks associated with gainsharing arrangements are discussed below in section II.C of this guidance.)

Physicians are the primary referral source for hospitals, and, therefore, most of the discussion below focuses on hospitals' relationships with physicians. Notwithstanding, hospitals also receive referrals from other health care professionals, including physician assistants and nurse practitioners, and from other providers and suppliers (such as ambulance companies, clinics, hospices, home health agencies, nursing facilities, and other hospitals). Therefore, in addition to reviewing their relationships with physicians, hospitals should also review their relationships with nonphysician referral sources to ensure that the relationships do not violate the anti-kickback statute. The principles described in the following discussions can be used to assess the risk associated with relationships with both physician and nonphysician referral sources.

a. Joint Ventures

The OIG has a long-standing concern about joint venture arrangements between those in a position to refer or generate Federal health care program business and those providing items or services reimbursable by Federal health care programs.[43] In the context of joint ventures, our chief concern is that remuneration from a joint venture might be a disguised payment for past or future referrals to the venture or to one or more of its participants. Such remuneration may take a variety of forms, including dividends, profit distributions, or, with respect to contractual joint ventures, the economic benefit received under the terms of the operative contracts.

When scrutinizing joint ventures under the anti-kickback statute, hospitals should examine the following factors, among others:

  • The manner in which joint venture participants are selected and retained. If participants are selected or retained in a manner that takes into account, directly or indirectly, the value or volume of referrals, the joint venture is suspect. The existence of one or more of the following indicators suggests that there might be an improper nexus between the selection or retention of participants and the value or volume of their referrals:

—A substantial number of participants are in a position to make or influence referrals to the venture, other participants, or both;

—Participants that are expected to make a large number of referrals are offered a greater or more favorable investment or business opportunity in the joint venture than those anticipated to make fewer referrals;

—Participants are actively encouraged or required to make referrals to the joint venture;

—Participants are encouraged or required to divest their ownership interest if they fail to sustain an “acceptable” level of referrals;

—The venture (or its participants) tracks its sources of referrals and distributes this information to the participants; or

—The investment interests are nontransferable or subject to transfer restrictions related to referrals.

  • The manner in which the joint venture is structured. The structure of the joint venture is suspect if a participant is already engaged in the line of business to be conducted by the joint venture, and that participant will own all or most of the equipment, provide or perform all or most of the items or services, or take responsibility for all or most of the day-to-day operations. With this kind of structure, the co-participant's primary contribution is typically as a captive referral base.
  • The manner in which the investments are financed and profits are distributed. The existence of one or more of the following indicators suggests that the joint venture may be a vehicle to disguise referrals:

—Participants are offered investment shares for a nominal or no capital contribution;

—The amount of capital that participants invest is disproportionately small, and the returns on the investment are disproportionately large, when compared to a typical investment in a new business enterprise;

—Participants are permitted to borrow their capital investments from another participant or from the joint venture, and to pay back the loan through deductions from profit distributions, thus eliminating even the need to contribute cash;

—Participants are paid extraordinary returns on the investment in comparison with the risk involved; or

—A substantial portion of the gross revenues of the venture are derived from participant-driven referrals.

In light of the obvious risk inherent in joint ventures, whenever possible, hospitals should structure joint ventures to fit squarely in one of the following safe harbors for investment interests:

  • The “small entity” investment safe harbor (42 CFR 1001.952(a)(2)), which applies to returns on investments as long as no more than 40 percent of the investment interests are held by investors who are in a position to make or influence referrals to, furnish items or services to, or otherwise generate business for the venture (interested investors), no more than 40 percent of revenues come from referrals or business otherwise generated from investors, and all other conditions are satisfied; [44]
  • The safe harbor for investment interests in an entity located in an underserved area (42 CFR 1001.952(a)(3)), which applies to ventures located in medically underserved areas (as defined in regulations issued by the Department and set forth at 42 CFR part 51c), as long as no more than 50 percent of the investment interests are held by interested investors and all other conditions are satisfied; or
  • The hospital-physician ambulatory surgical center (ASC) safe harbor (42 CFR 1001.952(r)(4)). This safe harbor only protects investments in Medicare-certified ASCs owned by hospitals and certain qualifying physicians. Importantly, it does not protect Start Printed Page 4866investments by hospitals and physicians in non-ASC clinical joint ventures, including, for example, cardiac catheterization or vascular laboratories, oncology centers, and dialysis facilities. Investors in such clinical ventures should look to other safe harbors and to the factors noted above.

These safe harbors protect remuneration in the form of returns on investment interests (i.e., money paid by an entity to its owners or investors as dividends, profit distributions, or the like). However, they do not protect payments made by participating investors to a venture or payments made by the venture to other parties, such as vendors, contractors, or employees (although in some cases these arrangements may fit in other safe harbors).

As we originally observed in our 1989 Special Fraud Alert on Joint Venture Arrangements,[45] joint ventures may take a variety of forms, including a contractual arrangement between two or more parties to cooperate in a common and distinct enterprise providing items or services, thereby creating a “contractual joint venture.” We elaborated more fully on contractual joint ventures in our 2003 Special Advisory Bulletin on Contractual Joint Ventures.[46] Contractual joint ventures pose the same kinds of risks as equity joint ventures and should be analyzed similarly. Factors to consider include, for example, whether the hospital is expanding into a new line of business created predominately or exclusively to serve the hospital's existing patient base, whether a would-be competitor of the new line of business is providing all or most of the key services, and whether the hospital assumes little or no bona fide business risk. An example of a potentially problematic contractual joint venture would be a hospital contracting with an existing durable medical equipment (DME) supplier to operate the hospital's newly formed DME subsidiary (with its own DME supplier number) on essentially a turnkey basis, with the hospital primarily furnishing referrals and assuming little or no business risk.[47]

Hospitals should be aware that, for reasons described in our 2003 Special Advisory Bulletin on Contractual Joint Ventures,[48] safe harbor protection may not be available for contractual joint ventures, and attempts to carve out separate contracts and qualify each separately for safe harbor protection may be ineffectual and leave the parties at risk under the statute.[49]

If a hospital is planning to participate, directly or indirectly, in a joint venture involving referring physicians and the venture does not qualify for safe harbor protection, the hospital should scrutinize the venture with care, taking into account the factors noted above, and consider obtaining advice from an experienced attorney. At a minimum, to reduce (but not necessarily eliminate) the risk of abuse, hospitals should consider (i) barring physicians employed by the hospital or its affiliates from referring to the joint venture; (ii) taking steps to ensure that medical staff and other affiliated physicians are not encouraged in any manner to refer to the joint venture; (iii) notifying physicians annually in writing of the preceding policy; (iv) refraining from tracking in any manner the volume of referrals attributable to particular referrals sources; (v) ensuring that no physician compensation is tied in any manner to the volume or value of referrals to, or other business generated for, the venture; (vi) disclosing all financial interests to patients; [50] and (vii) requiring that other participants in the joint venture adopt similar steps.

b. Compensation Arrangements With Physicians

Hospitals enter into a variety of compensation arrangements with physicians whereby physicians provide items or services to, or on behalf of, the hospital. Conversely, in some arrangements, hospitals provide items or services to physicians. Examples of these compensation arrangements include, without limitation, medical director agreements, personal or management services agreements, space or equipment leases, and agreements for the provision of billing, nursing, or other staff services. Although many compensation arrangements are legitimate business arrangements, compensation arrangements may violate the anti-kickback statute if one purpose of the arrangement is to compensate physicians for past or future referrals.[51]

The general rule of thumb is that any remuneration flowing between hospitals and physicians should be at fair market value for actual and necessary items furnished or services rendered based upon an arm's-length transaction and should not take into account, directly or indirectly, the value or volume of any past or future referrals or other business generated between the parties. Arrangements under which hospitals (i) provide physicians with items or services for free or less than fair market value, (ii) relieve physicians of financial obligations they would otherwise incur, or (iii) inflate compensation paid to physicians for items or services pose significant risk. In such circumstances, an inference arises that the remuneration may be in exchange for generating business.

In particular, hospitals should review their physician compensation arrangements and carefully assess the risk of fraud and abuse using the following factors, among others:

  • Are the items and services obtained from a physician legitimate, commercially reasonable, and necessary to achieve a legitimate business purpose of the hospital (apart from obtaining referrals)? Assuming that the hospital needs the items and services, does the hospital have multiple arrangements with different physicians, so that in the aggregate the items or services provided by all physicians exceed the hospital's actual needs (apart from generating business)?
  • Does the compensation represent fair market value in an arm's-length transaction for the items and services? Could the hospital obtain the services from a non-referral source at a cheaper rate or under more favorable terms? Does the remuneration take into Start Printed Page 4867account, directly or indirectly, the value or volume of any past or future referrals or other business generated between the parties? Is the compensation tied, directly or indirectly, to Federal health care program reimbursement?
  • Is the determination of fair market value based upon a reasonable methodology that is uniformly applied and properly documented? If fair market value is based on comparables, the hospital should ensure that the market rate for the comparable services is not distorted (e.g., the market for ancillary services may be distorted if all providers of the service are controlled by physicians).
  • Is the compensation commensurate with the fair market value of a physician with the skill level and experience reasonably necessary to perform the contracted services?
  • Were the physicians selected to participate in the arrangement in whole or in part because of their past or anticipated referrals?
  • Is the arrangement properly and fully documented in writing? Are the physicians documenting the services they provide? Is the hospital monitoring the services?
  • In the case of physicians staffing hospital outpatient departments, are safeguards in place to ensure that the physicians do not use hospital outpatient space, equipment, or personnel to conduct their private practices? In addition, physicians working in outpatient departments must bill the appropriate site-of-service modifier. The hospital should take reasonable steps to ensure that physicians are aware of this requirement and should take appropriate action if it identifies physicians engaging in improper site-of-service billing.

Whenever possible, hospitals should structure their compensation arrangements with physicians to fit in a safe harbor. Potentially applicable are the space rental safe harbor (42 CFR 1001.952(b)), the equipment rental safe harbor (42 CFR 1001.952(c)), the personal services and management contracts safe harbor (42 CFR 1001.952(d)), the sale of practice safe harbor (42 CFR 1001.952(e)), the referral services safe harbor (42 CFR 1001.952(f)), the employee safe harbor (42 CFR 1001.952(i)), the practitioner recruitment safe harbor (42 CFR 1001.952(n)), and the obstetrical malpractice insurance subsidies safe harbor (42 CFR 1001.952(o)). An arrangement must fit squarely in a safe harbor to be protected. Arrangements that do not fit in a safe harbor should be reviewed in light of the totality of all facts and circumstances. At minimum, hospitals should develop policies and procedures requiring physicians to document, and the hospital to monitor, the services or items provided under compensation arrangements (including, for example, by using written time reports). In some cases, particularly rentals, hospitals should consider obtaining an independent fair market valuation using appropriate health care valuation standards.

Arrangements between hospitals and traditional hospital-based physicians (e.g., anesthesiologists, radiologists, and pathologists) raise some different concerns.[52] In these arrangements, it is typically the hospitals that are in a position to influence the flow of business to the physicians, rather than the physicians making referrals to the hospitals.[53] Such arrangements may violate the anti-kickback statute if the hospital solicits or receives something of value—or the physicians offer or pay something of value—in exchange for access to the hospital's Federal health care program business. Illegal kickbacks between hospitals and hospital-based physicians may take a variety of forms, including, without limitation:

  • A hospital requiring physicians to pay more than the fair market value for services provided to the hospital-based physicians by the hospital; or
  • A hospital compensating physicians less than the fair market value for goods or services provided to the hospital by the physicians.

Accordingly, arrangements that require physicians to provide Medicare Part A supervision and management services for token or no payment in exchange for the ability to provide physician-billable Medicare Part B services at the hospital potentially violate the anti-kickback statute and should be closely scrutinized.

We are aware that hospitals have long provided for the delivery of certain hospital-based physician services through the grant of an exclusive contract to a physician or physician group, which includes management, staffing, and other administrative functions, and in some cases limited clinical duties. These exclusive arrangements affect the cash and non-cash value of the overall arrangement to the respective parties.

Depending on the circumstances, an exclusive contract can have substantial value to the hospital-based physician or group, as well as to the hospital, that may well have nothing to do with the value or volume of business flowing between the hospital and the physicians. By way of example only, an exclusive arrangement may reduce the costs a physician or group would otherwise incur for business development and may eliminate administrative costs otherwise incurred by the hospital. In an appropriate context, an exclusive arrangement that requires a hospital-based physician or physician group to perform reasonable administrative or limited clinical duties directly related to the hospital-based professional services at no or a reduced charge would not violate the anti-kickback statute, provided that the overall arrangement is consistent with fair market value in an arm's-length transaction, taking into account the value attributable to the exclusivity. Depending on the circumstances, examples of directly-related administrative or clinical duties include, without limitation: participation on hospital committees, tumor boards, or similar hospital entities; participation in on-call rotation; and performance of quality assurance and oversight activities. Notwithstanding, whether the scope and volume of the required services in a particular arrangement reasonably reflect the value of the exclusivity will depend on the facts and circumstances of the arrangement.

Nothing in this supplemental CPG should be construed as requiring hospital-based physicians to perform administrative or clinical services at no or a reduced charge. Uncompensated or below-market arrangements for goods or services will be subject to close scrutiny for compliance with the statute.

c. Relationships With Other Health Care Entities

As addressed in the preceding subsection, hospitals may obtain referrals of Federal health care program business from a variety of health care professionals and entities. In addition, when furnishing inpatient, outpatient, and related services, hospitals often direct or influence referrals for items Start Printed Page 4868and services reimbursable by Federal health care programs. For example, hospitals may refer patients to, or order items or services from, home health agencies,[54] skilled nursing facilities, durable medical equipment companies, laboratories, pharmaceutical companies, and other hospitals. In cases where a hospital is the referral source for other providers or suppliers, it would be prudent for the hospital to scrutinize carefully any remuneration flowing to the hospital from the provider or supplier to ensure compliance with the anti-kickback statute, using the principles outlined above. Remuneration may include, for example, free or below-market-value items and services or the relief of a financial obligation.

Hospitals should also review their managed care arrangements to ensure compliance with the anti-kickback statute. Managed care arrangements that do not fit within one of the managed care and risk sharing safe harbors at 42 CFR 1001.952(m), (t), or (u) must be evaluated on a case-by-case basis.

d. Recruitment Arrangements

Many hospitals provide incentives to recruit a physician or other health care professional to join the hospital's medical staff and provide medical services to the surrounding community. When used to bring needed physicians to an underserved community, these arrangements can benefit patients. However, recruitment arrangements pose substantial fraud and abuse risk.

In most cases, the recruited physician establishes a private practice in the community instead of becoming a hospital employee.[55] Such arrangements potentially implicate the anti-kickback statute if one purpose of the recruitment arrangement is to induce referrals to the recruiting hospital. Safe harbor protection is available for certain recruitment arrangements offered by hospitals to attract primary care physicians and practitioners to health professional shortage areas (HPSAs), as defined in regulations issued by the Department.[56] The scope of this safe harbor is very limited. In particular, the safe harbor does not protect (a) recruitment arrangements in areas that are not designated as HPSAs, (b) recruitment of specialists, or (c) joint recruitment with existing physician practices in the area.

Because of the significant risk of fraud and abuse posed by improper recruitment arrangements, hospitals should scrutinize these arrangements with care. When assessing the degree of risk associated with recruitment arrangements, hospitals should examine the following factors, among others:

  • The size and value of the recruitment benefit. Does the benefit exceed what is reasonably necessary to attract a qualified physician to the particular community? Has the hospital previously tried and failed to recruit or retain physicians?
  • The duration of payout of the recruitment benefit. Total benefit payout periods extending longer than three years from the initial recruitment agreement should trigger heightened scrutiny.
  • The practice of the existing physician. Is the physician a new physician with few or no patients or an established practitioner with a ready stream of referrals? Is the physician relocating from a substantial distance so that referrals are unlikely to follow or is it possible for the physician to bring an established patient base?
  • The need for the recruitment. Is the recruited physician's specialty necessary to provide adequate access to medically necessary care for patients in the community? Do patients already have reasonable access to comparable services from other providers or practitioners in or near the community? An assessment of community need based wholly or partially on the competitive interests of the recruiting hospital or existing physician practices would subject the recruitment payments to heightened scrutiny under the statute.

Significantly, hospitals should be aware that the practitioner recruitment safe harbor excludes any arrangement that directly or indirectly benefits any existing or potential referral source other than the recruited physician. Accordingly, the safe harbor does not protect “joint recruitment” arrangements between hospitals and other entities or individuals, such as solo practitioners, group practices, or managed care organizations, pursuant to which the hospital makes payments directly or indirectly to the other entity or individual. These joint recruitment arrangements present a high risk of fraud and abuse and have been the subject of recent government investigations and prosecutions. These arrangements can easily be used as vehicles to disguise payments from the hospital to an existing referral source—typically an existing physician practice—in exchange for the existing practice's referrals to the hospital. Suspect payments to existing referral sources may include, among other things, income guarantees that shift costs from the existing referral source to the recruited physician and overhead and build-out costs funded for the benefit of the existing referral source. Hospitals should review all “joint recruiting” arrangements to ensure that remuneration does not inure in whole or in part to the benefit of any party other than the recruited physician.

e. Discounts

Public policy favors open and legitimate price competition in health care. Thus, the anti-kickback statute contains an exception for discounts offered to customers that submit claims to the Federal health care programs, if the discounts are properly disclosed and accurately reported.[57] However, to qualify for the exception, the discount must be in the form of a reduction in the price of the good or service based on an arm's-length transaction. In other words, the exception covers only reductions in the product's price. Moreover, the regulation provides that the discount must be given at the time of sale or, in certain cases, set at the time of sale, even if finally determined subsequent to the time of sale (i.e., a rebate).

In conducting business, hospitals sell and purchase items and services reimbursable by Federal health care programs. Therefore, hospitals should thoroughly familiarize themselves with the discount safe harbor at 42 CFR 1001.952(h). In particular, depending on their role in the arrangement, hospitals should pay attention to the discount safe harbor requirements applicable to “buyers,” “sellers,” or “offerors.” Compliance with the safe harbor is determined separately for each party. In general, hospitals should ensure that all discounts—including rebates—are properly disclosed and accurately reflected on hospital cost reports. If a hospital offers a discount on an item or service to a buyer, it should ensure that the discount is properly disclosed on the invoice or other documentation for the item or service.Start Printed Page 4869

The discount safe harbor does not protect a discount offered to one payor but not to the Federal health care programs. Accordingly, in negotiating discounts for items and services paid from a hospital's pocket (such as those reimbursed under the Medicare Part A prospective payment system), the hospital should ensure that there is no link or connection, explicit or implicit, between discounts offered or solicited for that business and the hospital's referral of business billable by the seller directly to Medicare or another Federal health care program. For example, a hospital should not engage in “swapping” by accepting from a supplier an unreasonably low price on Part A services that the hospital pays for out of its own pocket in exchange for hospital referrals that are billable by the supplier directly to Part B (e.g., ambulance services). Suspect arrangements include below-cost arrangements or arrangements at prices lower than the prices offered by the supplier to other customers with similar volumes of business, but without Federal health care program referrals.

Hospitals may also receive discounts on items and services purchased through group purchasing organizations (GPOs). Discounts received from a vendor in connection with a GPO to which a hospital belongs should be properly disclosed and accurately reported on the hospital cost reports. Although there is a safe harbor for payments made by a vendor to a GPO as part of an agreement to furnish items or services to a group of individuals or entities (42 CFR 1001.952(j)), the safe harbor does not protect the discount received by the individual or entity.[58]

f. Medical Staff Credentialing

Certain medical staff credentialing practices may implicate the anti-kickback statute.[59] For example, conditioning privileges on a particular number of referrals or requiring the performance of a particular number of procedures, beyond volumes necessary to ensure clinical proficiency, potentially raise substantial risks under the statute. On the other hand, a credentialing policy that categorically refuses privileges to physicians with significant conflicts of interest would not appear to implicate the statute in most situations. Whether a particular credentialing policy runs afoul of the anti-kickback statute would depend on the specific facts and circumstances, including the intent of the parties. Hospitals are advised to examine their credentialing practices to ensure that they do not run afoul of the anti-kickback statute. The OIG has solicited comments about, and is considering, whether further guidance in this area is appropriate.[60]

g. Malpractice Insurance Subsidies

The OIG historically has been concerned that a hospital's subsidy of malpractice insurance premiums for potential referral sources, including hospital medical staff, may be suspect under the anti-kickback statute, because the payments may be used to influence referrals. The OIG has established a safe harbor for medical malpractice premium subsidies provided to obstetrical care practitioners in health professional shortage areas.[61] Depending on the circumstances, premium support may also be structured to fit in other safe harbors.

We are aware of the current disruption (i.e., dramatic premium increases, insurers' withdrawals from certain markets, and/or sudden termination of coverage based upon factors other than the physicians' claims history) in the medical malpractice liability insurance markets in some geographic areas.[62] Notwithstanding, hospitals should review malpractice insurance subsidy arrangements closely to ensure that there is no improper inducement to referral sources. Relevant factors include, without limitation:

  • Whether the subsidy is being provided on an interim basis (e.g., until an unrelated insurer is commercially available) for a reasonable fixed period in a geographic area experiencing severe access or affordability problems;
  • Whether the subsidy is being offered only to current active medical staff (or physicians new to the locality or in practice less than a year, i.e., physicians with no or few established patients);
  • Whether the criteria for receiving a subsidy is unrelated to the volume or value of referrals or other business generated by the subsidized physician or his practice;
  • Whether physicians receiving subsidies are paying at least as much as they currently pay for malpractice insurance (i.e., are windfalls to physicians avoided);
  • Whether physicians are required to perform services or relinquish rights, which have a value equal to the fair market value of the insurance assistance; and
  • Whether the insurance is available regardless of the location at which the physician provides services, including, but not limited to, other hospitals.

No one of these factors is determinative, and this list is illustrative, not exhaustive, of potential considerations in connection with the provision of malpractice insurance subsidies. Parties contemplating malpractice subsidy programs that do not fit into one of the safe harbors may want to consider obtaining an advisory opinion. Parties should also be mindful that these subsidy arrangements also implicate the Stark law.

C. Payments To Reduce or Limit Services: Gainsharing Arrangements

The CMP set forth in section 1128A(b)(1) of the Act prohibits a hospital from knowingly making a payment directly or indirectly to a physician as an inducement to reduce or limit items or services furnished to Medicare or Medicaid beneficiaries under the physician's direct care.[63] Hospitals that make (and physicians that receive) such payments are liable for CMPs of up to $2,000 per patient covered by the payments.[64] The statutory proscription is very broad. The payment need not be tied to an actual diminution in care, so long as the hospital knows that the payment may influence the physician to reduce or limit services to his or her patients. There is no requirement that the prohibited payment be tied to a specific patient or to a reduction in medically necessary care. In short, any hospital incentive plan that encourages physicians through payments to reduce Start Printed Page 4870or limit clinical services directly or indirectly violates the statute.

We are aware that a number of hospitals are engaged in, or considering entering into, incentive arrangements commonly called “gainsharing.” While there is no fixed definition of a “gainsharing” arrangement, the term typically refers to an arrangement in which a hospital gives physicians a percentage share of any reduction in the hospital's costs for patient care attributable in part to the physicians' efforts. We recognize that, properly structured, gainsharing arrangements can serve legitimate business and medical purposes, such as increasing efficiency, reducing waste, and, thereby, potentially increasing a hospital's profitability. However, the plain language of section 1128A(b)(1) of the Act prohibits tying the physicians' compensation for services to reductions or limitations in items or services provided to patients under the physicians' clinical care.[65]

In addition to the CMP risks described above, gainsharing arrangements can also implicate the anti-kickback statute if the cost-savings payments are used to influence referrals. For example, the statute is potentially implicated if a gainsharing arrangement is intended to influence physicians to “cherry pick” healthy patients for the hospital offering gainsharing payments and steer sicker (and more costly) patients to hospitals that do not offer gainsharing payments. Similarly, the statute may be implicated if a hospital offers a cost-sharing program with the intent to foster physician loyalty and attract more referrals. In addition, we have serious concerns about overly broad arrangements under which a physician continues for an extended time to reap the benefits of previously-achieved savings or receives cost-savings payments unrelated to anything done by the physician, whether work, services, or other undertaking (e.g., a change in the way the physician practices).

Wherever possible, hospitals should consider structuring cost-saving arrangements to fit in the personal services safe harbor. However, in many cases, protection under the personal services safe harbor is not available because gainsharing arrangements typically involve a percentage payment (i.e., the aggregate fee will not be set in advance, as required by the safe harbor). Finally, gainsharing arrangements may also implicate the Stark law.

D. Emergency Medical Treatment and Labor Act (EMTALA)

Hospitals should review their obligations under EMTALA (section 1867 of the Act) to evaluate and treat individuals who come to their emergency departments and, in some circumstances, other facilities. Hospitals should pay particular attention to when an individual must receive a medical screening exam to determine whether that individual is suffering from an emergency medical condition. When such a screening or treatment of an emergency medical condition is required, it cannot be delayed to inquire about an individual's method of payment or insurance status. If the hospital's emergency department (ED) is “on diversion” and an individual comes to the ED for evaluation or treatment of a medical condition, the hospital is required to provide such services despite its diversionary status.

Generally, hospital emergency departments may not transfer an individual with an unstable emergency medical condition unless a physician certifies that the benefits outweigh the risks. In such circumstances, the hospital must provide stabilizing treatment to minimize the risks of transfer. Further, the hospital must ensure that the receiving facility has available space and qualified personnel to treat the individual and has agreed to accept transfer of that individual. Moreover, certain medical records must accompany the individual and a hospital that has specialized capabilities or facilities must accept an appropriate transfer of an individual who requires such specialized capabilities or facilities if the hospital has the capacity to treat the individual.

A hospital must provide appropriate screening and treatment services within the full capabilities of its staff and facilities. This includes access to specialists who are on call. Thus, hospital policies and procedures should be clear on how to access the full services of the hospital, and all staff should understand the hospital's obligations to individuals under EMTALA. In particular, on-call physicians need to be educated as to their responsibilities under EMTALA, including the responsibility to accept appropriately transferred individuals from other facilities. In addition, all persons working in emergency departments should be periodically trained and reminded of the hospital's EMTALA obligations and hospital policies and procedures designed to ensure that such obligations are met.

For further information about EMTALA, hospitals are directed to: (i) The EMTALA statute at section 1867 of the Act; (ii) the EMTALA statute's implementing regulations at 42 CFR part 489; (iii) our 1999 Special Advisory Bulletin on the Patient Anti-Dumping Statute (64 FR 61353; November 10, 1999), available on our Web page at​fraud/​docs/​alertsandbulletins/​frdump.pdf;​ and (iv) CMS's EMTALA resource Web page located at​providers/​emtala/​emtala.asp.

E. Substandard Care

The OIG has authority to exclude any individual or entity from participation in Federal health care programs if the individual or entity provides unnecessary items or services (i.e., items or services in excess of the needs of a patient) or substandard items or services (i.e., items or services of a quality which fails to meet professionally recognized standards of health care).[66] Significantly, neither knowledge nor intent is required for exclusion under this provision. The exclusion can be based upon unnecessary or substandard items or services provided to any patient, even if that patient is not a Medicare or Medicaid beneficiary.

We are mindful that the vast majority of hospitals are fully committed to providing quality care to their patients. To achieve their quality-related goals, hospitals should continually measure their performance against comprehensive standards. Medicare participating hospitals must meet all of the Medicare hospital conditions of participation (COPs), including without limitation, the COP pertaining to a quality assessment and performance improvement program at 42 CFR 482.21 and the hospital COP pertaining to the medical staff at 42 CFR 482.22. Compliance with the COPs is determined by State survey agencies or accreditation organizations, such as the Joint Commission on Accreditation of Healthcare Organizations or the American Osteopathic Association. In addition, hospitals should develop their own quality of care protocols and implement mechanisms for evaluating compliance with those protocols.

In reviewing the quality of care provided, hospitals must not limit their review to the quality of their nursing and other ancillary services. Hospitals must monitor the quality of medical Start Printed Page 4871services provided at the hospital by appropriately overseeing the credentialing and peer review of their medical staffs.

F. Relationships With Federal Health Care Beneficiaries

Hospitals' relationships with Federal health care beneficiaries may also implicate the fraud and abuse laws. In particular, hospitals should be aware that section 1128A(a)(5) of the Act authorizes the OIG to impose CMPs on hospitals (and others) that offer or transfer remuneration to a Medicare or Medicaid beneficiary that the offeror knows or should know is likely to influence the beneficiary to order or receive items or services from a particular provider, practitioner, or supplier for which payment may be made under the Medicare or Medicaid programs. The definition of “remuneration” expressly includes the offer or transfer of items or services for free or other than fair market value, including the waiver of all or part of a Medicare or Medicaid cost-sharing amount.[67] In other words, hospitals may not offer valuable items or services to Medicare or Medicaid beneficiaries to attract their business. In this regard, hospitals should familiarize themselves with the OIG's August 2002 Special Advisory Bulletin on Offering Gifts and Other Inducements to Beneficiaries.[68]

1. Gifts and Gratuities

Hospitals should scrutinize any offers of gifts or gratuities to beneficiaries for compliance with the CMP provision prohibiting inducements to Medicare and Medicaid beneficiaries. The key inquiry under the CMP is whether the remuneration is something that the hospital knows or should know is likely to influence the beneficiary's selection of a particular provider, practitioner, or supplier for Medicare or Medicaid payable services. As interpreted by the OIG, section 1128A(a)(5) of the Act does not apply to the provision of items or services valued at less than $10 per item and $50 per patient in the aggregate on an annual basis.[69] A special exception for incentives to promote the delivery of preventive care services is discussed below at section II.I.2.

2. Cost-Sharing Waivers

In general, hospitals are obligated to collect cost-sharing amounts owed by Federal health care program beneficiaries. Waiving owed amounts may constitute prohibited remuneration to beneficiaries under section 1128A(a)(5) of the Act or the anti-kickback statute. Certain waivers of Part A inpatient cost-sharing amounts may be protected by structuring them to fit in the safe harbor for waivers of beneficiary inpatient coinsurance and deductible amounts at 42 CFR 1001.952(k). In particular, under the safe harbor, waived amounts may not be claimed as bad debt; the waivers must be offered uniformly across the board without regard to the reason for admission, length of stay, or DRG; and waivers may not be made as part of any agreement with a third party payer, unless the third party payer is a Medicare SELECT plan under section 1882(t)(1) of the Act.[70]

In addition, hospitals (and others) may waive cost-sharing amounts on the basis of a beneficiary's financial need, so long as the waiver is not routine, not advertised, and made pursuant to a good faith, individualized assessment of the beneficiary's financial need or after reasonable collection efforts have failed.[71] The OIG recognizes that what constitutes a good faith determination of “financial need” may vary depending on the individual patient's circumstances and that hospitals should have flexibility to take into account relevant variables. These factors may include, for example:

  • The local cost of living;
  • A patient's income, assets, and expenses;
  • A patient's family size; and
  • The scope and extent of a patient's medical bills.

Hospitals should use a reasonable set of financial need guidelines that are based on objective criteria and appropriate for the applicable locality. The guidelines should be applied uniformly in all cases. While hospitals have flexibility in making the determination of financial need, we do not believe it is appropriate to apply inflated income guidelines that result in waivers for beneficiaries who are not in genuine financial need. Hospitals should consider that the financial status of a patient may change over time and should recheck a patient's eligibility at reasonable intervals sufficient to ensure that the patient remains in financial need. For example, a patient who obtains outpatient hospital services several times a week would not need to be rechecked every visit. Hospitals should take reasonable measures to document their determinations of Medicare beneficiaries' financial need. We are aware that in some situations patients may be reluctant or unable to provide documentation of their financial status. In those cases, hospitals may be able to use other reasonable methods for determining financial need, including, for example, documented patient interviews or questionnaires.

In sum, hospitals should review their waiver policies to ensure that the policies and the manner in which they are implemented comply with all applicable laws. For more information about cost-sharing waivers, hospitals should review our February 2, 2004 paper on “Hospital Discounts Offered To Patients Who Cannot Afford To Pay Their Hospital Bills,” containing a section titled “Reductions or Waivers of Cost-Sharing Amounts for Medicare Beneficiaries Experiencing Financial Hardship” and available on our Web page at​fraud/​docs/​alertsandbulletins/​2004/​FA021904hospitaldiscounts.pdf.[72]

3. Free Transportation

The plain language of the CMP prohibits offering free transportation to Medicare or Medicaid beneficiaries to influence their selection of a particular provider, practitioner, or supplier. Notwithstanding, hospitals can offer free local transportation of low value (i.e., within the $10 per item and $50 annual limits).[73] Luxury and specialized transportation, such as limousines or ambulances, would exceed the low value threshold and are problematic, as are arrangements tied in any manner to the volume or value of referrals and arrangements tied to particularly lucrative treatments or medical conditions. However, we have indicated that we are considering developing a regulatory exception for some complimentary local transportation provided to beneficiaries residing in a Start Printed Page 4872hospital's primary service area.[74] Accordingly, until such time as we promulgate a final rule on complimentary local transportation under section 1128A(a)(5) of the Act or indicate our intention not to proceed with such rule, we have indicated that we will not impose administrative sanctions for violations of section 1128A(a)(5) of the Act in connection with hospital-based complimentary transportation programs that meet the following conditions:

  • The program was in existence prior to August 30, 2002, the date of publication of the Special Advisory Bulletin on Offering Gifts and Other Inducements to Beneficiaries.
  • Transportation is offered uniformly and without charge or at reduced charge to all patients of the hospital or hospital-owned ambulatory surgical center (and may also be made available to their families).
  • The transportation is only provided to and from the hospital or a hospital-owned ambulatory surgical center and is for the purpose of receiving hospital or ambulatory surgical center services (or, in the case of family members, accompanying or visiting hospital or ambulatory surgical center patients).
  • The transportation is provided only within the hospital's or ambulatory surgical center's primary service area.
  • The costs of the transportation are not claimed directly or indirectly by any Federal health care program cost report or claim and are not otherwise shifted to any Federal health care program.
  • The transportation does not include ambulance transportation.

Other arrangements are subject to a case-by-case review under the statute to ensure that no improper inducement exists.

G. HIPAA Privacy and Security Rules

As of April 14, 2003, all hospitals that conduct electronic transactions for which standards have been adopted under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) were required to comply with the Privacy Rule promulgated pursuant to HIPAA. Generally, the HIPAA Privacy Rule addresses the use and disclosure of individuals' identifiable health information (protected health information or PHI) by covered hospitals and other covered entities, as well as standards for individuals' privacy rights to understand and control how their health information is used. The Privacy Rule (45 CFR parts 160 and 164, subparts A and E) and other helpful information about how it applies, including frequently asked questions, can be found on the Web page of the Department's Office for Civil Rights (OCR) at​ocr/​hipaa/​. Questions about the privacy rule should be submitted to OCR. Hospitals can contact OCR by following the instructions on its Web page,​ocr/​contact.html, or by calling the HIPAA toll-free number, (866) 627-7748.

To ease the burden of complying with the new requirements, the Privacy Rule gives covered hospitals and other covered entities some flexibility to create their own privacy procedures. Each hospital should make sure that it is compliant with all applicable provisions of the Privacy Rule, including provisions pertaining to required disclosures (such as required disclosures to the Department when it is undertaking a Privacy Rule investigation or compliance review) in developing its privacy procedures that are tailored to fit its particular size and needs.

The final HIPAA Security Rule (45 CFR parts 160 and 164, subparts A and C) was published in the Federal Register on February 20, 2003. It is available on CMS's Web page at​hipaa/​hipaa2. The Security Rule specifies a series of administrative, technical, and physical security safeguards for hospitals that are covered entities and other covered entities to use to assure, among other provisions, the confidentiality of electronic PHI. Hospitals that are covered entities must be compliant with the Security Rule by April 20, 2005. The Security Rule requirements are flexible and scalable, which allows each covered entity to tailor its approach to compliance based on its own unique circumstances. Covered entities can consider their organization and capabilities, as well as costs, in designing their security plans and procedures. Questions about the HIPAA Security Rule should be submitted to CMS. Hospitals can contact CMS by following the instructions on its Web page,​hipaa/​hipaa2/​contact, or by calling the HIPAA toll-free number, (866) 627-7748.

H. Billing Medicare or Medicaid Substantially in Excess of Usual Charges

Section 1128(b)(6)(A) of the Act provides for the permissive exclusion from Federal health care programs of any provider or supplier that submits a claim based on costs or charges to the Medicare or Medicaid programs that is “substantially in excess” of its usual charge or cost, unless the Secretary finds there is “good cause” for the higher charge or cost. The exclusion provision does not require a provider to charge everyone the same price; nor does it require a provider to offer Medicare or Medicaid its “best price.” However, providers cannot routinely charge Medicare or Medicaid substantially more than they usually charge others. Hospitals have raised concerns regarding the impact of the exclusion authority on hospital services, and the OIG is considering those concerns in the context of the rulemaking process.[75] The OIG's policy regarding application of the exclusion authority to discounts offered to uninsured and underinsured patients is discussed below.

I. Areas of General Interest

Although in most cases the following areas do not pose significant fraud and abuse risk, the OIG has received numerous inquiries from hospitals and others on these topics. Therefore, we offer the following guidance to assist hospitals in their review of these arrangements.

1. Discounts to Uninsured Patients

No OIG authority, including the Federal anti-kickback statute, prohibits or restricts hospitals from offering discounts to uninsured patients who are unable to pay their hospital bills.[76] In addition, the OIG has never excluded or attempted to exclude any provider or supplier for offering discounts to uninsured or underinsured patients under the permissive exclusion authority at section 1128(b)(6)(A) of the Act. However, to provide additional assurance to the industry, the OIG recently proposed regulations that would define key terms in the statute.[77] Among other things, the proposed regulations would make clear that free or substantially reduced charges to Start Printed Page 4873uninsured persons would not affect the calculation of a provider's or supplier's “usual” charges, as the term “usual charges” is used in the exclusion provision. The OIG is currently reviewing the public comments to the proposed regulations. Until such time as a final regulation is promulgated or the OIG indicates its intention not to promulgate a final rule, it will continue to be the OIG's enforcement policy that when calculating their “usual charges” for purposes of section 1128(b)(6)(A) of the Act, individuals and entities do not need to consider free or substantially reduced charges to (i) uninsured patients or (ii) underinsured patients who are self-paying patients for the items or services furnished. In offering such discounts, a hospital should report full uniform charges, rather than the discounted amounts, on its Medicare cost report and make the FI aware that it has reported its full charges.[78]

Under CMS rules, Medicare generally reimburses a hospital for a percentage of its “bad debt” (i.e., uncollectible Medicare deductible or coinsurance amounts), but only if the hospital bills the Medicare patient for unpaid amounts first, and engages in reasonable, good faith collection efforts that are consistent with the degree of effort applied to collecting similar debts from non-Medicare patients.[79] However, as explained in CMS's paper titled “Questions On Charges For The Uninsured,” a hospital can forgo collection efforts aimed at a Medicare patient, if the hospital, using its customary methods, documents that the patient is indigent or medically indigent [80] and that no source other than the patient is legally responsible for the unpaid deductibles and coinsurance.

CMS Medicare bad debt reimbursement guidelines provide that a hospital should apply its customary indigency criteria to Medicare patients; however, the hospital must document such determination for such patients. To claim Medicare bad debt reimbursement, the hospital must follow the guidance laid out in sections 310, 312, and 322 of the Provider Reimbursement Manual.[81] A hospital should examine a patient's total resources, which could include, but are not limited to, an analysis of assets, liabilities, income, expenses, and any extenuating circumstances that would affect the determination. The hospital should document the method by which it determined the indigency and include all backup information used to substantiate the determination. If, instead of making such a determination, a hospital attempts to collect the outstanding amounts from the Medicare beneficiary, such efforts must be documented in the patient's file with copies of the bill(s), follow-up letters, and reports of telephone and personal contacts. In the case of a dually-eligible patient (i.e., a patient entitled to both Medicare and Medicaid), the hospital should document the bad debt claim by including a denial of payment from the State.

2. Preventive Care Services

Hospitals frequently participate in community-based efforts to deliver preventive care services. The Medicare and Medicaid programs encourage patients to access preventive care services. The prohibition against beneficiary inducements at section 1128A(a)(5) of the Act does not apply to incentives offered to promote the delivery of certain preventive care services, if the programs are structured in accordance with the regulatory requirements at 42 CFR 1003.101. Generally, to fit within the preventive care exception, a service must be a prenatal service or post-natal well-baby visit or a specific clinical service described in the current U.S. Preventive Services Task Force's Guide to Clinical Preventive Services[82] that is reimbursed by Medicare or Medicaid. Obtaining the service may not be tied directly or indirectly to the provision of other Medicare or Medicaid services. In addition, the incentives may not be in the form of cash or cash equivalents and may not be disproportionate to the value of the preventive care provided. From an anti-kickback perspective, the chief concern is whether an arrangement to induce patients to obtain preventive care services is intended to induce other business payable by a Federal health care program. Relevant factors in making this evaluation would include, but not be limited to: the nature and scope of the preventive care services; whether the preventive care services are tied directly or indirectly to the provision of other items or services and, if so, the nature and scope of the other services; the basis on which patients are selected to receive the free or discounted services; and whether the patient is able to afford the services.

3. Professional Courtesy

Although historically “professional courtesy” referred to the practice of physicians waiving the entire professional fee for other physicians, the term is variously used in the industry now to describe a range of practices involving free or discounted services (including “insurance only” billing) furnished to physicians and their families and staff. Some hospitals have used the term “professional courtesy” to describe various programs that offer free or discounted hospital services to medical staff, employees, community physicians, and their families and staff. Although many professional courtesy programs are unlikely to pose a significant risk of abuse (and many may be legitimate employee benefits programs eligible for the employee safe harbor), some hospital-sponsored “professional courtesy” programs may implicate the fraud and abuse statutes.

In general, whether a professional courtesy program runs afoul of the anti-kickback statute turns on whether the recipients of the professional courtesy are selected in a manner that takes into account, directly or indirectly, any recipient's ability to refer to, or otherwise generate business for, the hospital. Also relevant is whether the physicians have solicited the professional courtesy in return for referrals. With respect to the Stark law, the key inquiry is whether the arrangement fits in the exception for professional courtesy at 42 CFR 411.357(s). Finally, hospitals should evaluate the method by which the courtesy is granted. For example, “insurance only” billing offered to a Federal program beneficiary potentially implicates the anti-kickback statute, the False Claims Act, and the CMP Start Printed Page 4874provision prohibiting inducements to Medicare and Medicaid beneficiaries (discussed in section II.F above). Notably, the Stark law exception for professional courtesy requires that insurers be notified if “professional courtesy” includes “insurance only” billing.

III. Hospital Compliance Program Effectiveness

Hospitals with an organizational culture that values compliance are more likely to have effective compliance programs and, thus, are better able to prevent, detect, and correct problems. Building and sustaining a successful compliance program rarely follows the same formula from organization to organization. However, such programs generally include: The commitment of the hospital's governance and management at the highest levels; structures and processes that create effective internal controls; and regular self-assessment and enhancement of the existing compliance program. The 1998 CPG provided guidance for hospitals on establishing sound internal controls.[83] This section discusses the important roles of corporate leadership and self-assessment of compliance programs.

A. Code of Conduct

Every effective compliance program necessarily begins with a formal commitment to compliance by the hospital's governing body and senior management. Evidence of that commitment should include active involvement of the organizational leadership, allocation of adequate resources, a reasonable timetable for implementation of the compliance measures, and the identification of a compliance officer and compliance committee vested with sufficient autonomy, authority, and accountability to implement and enforce appropriate compliance measures. A hospital's leadership should foster an organizational culture that values, and even rewards, the prevention, detection, and resolution of problems. Moreover, hospitals' leadership and management should ensure that policies and procedures, including, for example, compensation structures, do not create undue pressure to pursue profit over compliance. In short, the hospital should endeavor to develop a culture that values compliance from the top down and fosters compliance from the bottom up. Such an organizational culture is the foundation of an effective compliance program.

Although a clear statement of detailed and substantive policies and procedures—and the periodic evaluation of their effectiveness—is at the core of a compliance program, the OIG recommends that hospitals also develop a general organizational statement of ethical and compliance principles that will guide the entity's operations. One common expression of this statement of principles is a code of conduct. The code should function in the same fashion as a constitution, i.e., as a document that details the fundamental principles, values, and framework for action within an organization. The code of conduct for a hospital should articulate a commitment to compliance by management, employees, and contractors, and should summarize the broad ethical and legal principles under which the hospital must operate. The Code of Conduct should also include a requirement that professionals follow the ethical standards dictated by their respective professional organizations. Unlike the more detailed policies and procedures, the code of conduct should be brief, easily readable, and cover general principles applicable to all members of the organization.

As appropriate, the OIG strongly encourages the participation and involvement of the hospital's board of directors, officers (including the chief executive officer (CEO)), members of senior management, representatives from the medical and clinical staffs, and other personnel from various levels of the organizational structure in the development of all aspects of the compliance program, especially the code of conduct. Management and employee involvement in this process communicates a strong and explicit commitment by management to foster compliance with applicable Federal health care program requirements. It also communicates the need for all directors, officers, managers, employees, contractors, and medical and clinical staff members to comply with the organization's code of conduct and policies and procedures.

B. Regular Review of Compliance Program Effectiveness

Hospitals should regularly review the implementation and execution of their compliance program elements. This review should be conducted at least annually and should include an assessment of each of the basic elements individually, as well as the overall success of the program. This review should help the hospital identify any weaknesses in its compliance program and implement appropriate changes.

A common method of assessing compliance program effectiveness is measurement of various outcomes indicators (e.g., billing and coding error rates, identified overpayments, and audit results). However, we have observed that exclusive reliance on these indicators may cause an organization to miss crucial underlying weaknesses. We recommend that hospitals examine program outcomes and assess the underlying structure and process of each compliance program element. We have identified a number of factors that may be useful when evaluating the effectiveness of basic compliance program elements. Hospitals should consider these factors, as well as others, when developing a strategy for assessing their compliance programs. While no one factor is determinative of program effectiveness, the following factors are often observed in effective compliance programs.

1. Designation of a Compliance Officer and Compliance Committee

The compliance department is the backbone of the hospital's compliance program. The compliance department should be led by a well-qualified compliance officer, who is a member of senior management, and should be supported by a compliance committee. The purpose of the compliance department is to implement the hospital's compliance program and to ensure that the hospital complies with all applicable Federal health care program requirements. To ensure that the compliance department is meeting this objective, each hospital should conduct an annual review of its compliance department. Some factors that the organization may wish to consider in its evaluation include the following:

  • Does the compliance department have a clear, well-crafted mission?
  • Is the compliance department properly organized?
  • Does the compliance department have sufficient resources (staff and budget), training, authority, and autonomy to carry out its mission?
  • Is the relationship between the compliance function and the general counsel function appropriate to achieve the purpose of each?
  • Is there an active compliance committee, comprised of trained Start Printed Page 4875representatives of each of the relevant functional departments, as well as senior management?
  • Are ad hoc groups or task forces assigned to carry out any special missions, such as conducting an investigation or evaluating a proposed enhancement to the compliance program?
  • Does the compliance officer have direct access to the governing body, the president or CEO, all senior management, and legal counsel?
  • Does the compliance officer have independent authority to retain outside legal counsel?
  • Does the compliance officer have a good working relationship with other key operational areas, such as internal audit, coding, billing, and clinical departments?
  • Does the compliance officer make regular reports to the board of directors and other hospital management concerning different aspects of the hospital's compliance program?

2. Development of Compliance Policies and Procedures, Including Standards of Conduct

The purpose of compliance policies and procedures is to establish bright-line rules that help employees carry out their job functions in a manner that ensures compliance with Federal health care program requirements and furthers the mission and objective of the hospital itself. Typically, policies and procedures are written to address identified risk areas for the organization. As hospitals conduct a review of their written policies and procedures, some of the following factors may be considered:

  • Are policies and procedures clearly written, relevant to day-to-day responsibilities, readily available to those who need them, and re-evaluated on a regular basis?
  • Does the hospital monitor staff compliance with internal policies and procedures?
  • Have the standards of conduct been distributed to all directors, officers, managers, employees, contractors, and medical and clinical staff members?
  • Has the hospital developed a risk assessment tool, which is re-evaluated on a regular basis, to assess and identify weaknesses and risks in operations?
  • Does the risk assessment tool include an evaluation of Federal health care program requirements, as well as other publications, such as the OIG's CPGs, work plans, special advisory bulletins, and special fraud alerts?

3. Developing Open Lines of Communication

Open communication is essential to maintaining an effective compliance program. The purpose of developing open communication is to increase the hospital's ability to identify and respond to compliance problems. Generally, open communication is a product of organizational culture and internal mechanisms for reporting instances of potential fraud and abuse. When assessing a hospital's ability to communicate potential compliance issues effectively, a hospital may wish to consider the following factors:

  • Has the hospital fostered an organizational culture that encourages open communication, without fear of retaliation?
  • Has the hospital established an anonymous hotline or other similar mechanism so that staff, contractors, patients, visitors, and medical and clinical staff members can report potential compliance issues?
  • How well is the hotline publicized; how many and what types of calls are received; are calls logged and tracked (to establish possible patterns); and is the caller informed of the hospital's actions?
  • Are all instances of potential fraud and abuse investigated?
  • Are the results of internal investigations shared with the hospital governing body and relevant departments on a regular basis?
  • Is the governing body actively engaged in pursuing appropriate remedies to institutional or recurring problems?
  • Does the hospital utilize alternative communication methods, such as a periodic newsletter or compliance intranet website?

4. Appropriate Training and Education

Hospitals that fail to train and educate their staff adequately risk liability for the violation of health care fraud and abuse laws. The purpose of conducting a training and education program is to ensure that each employee, contractor, or any other individual that functions on behalf of the hospital is fully capable of executing his or her role in compliance with rules, regulations, and other standards. In reviewing their training and education programs, hospitals may consider the following factors:

  • Does the hospital provide qualified trainers to conduct annual compliance training for its staff, including both general and specific training pertinent to the staff's responsibilities?
  • Has the hospital evaluated the content of its training and education program on an annual basis and determined that the subject content is appropriate and sufficient to cover the range of issues confronting its employees?
  • Has the hospital kept up-to-date with any changes in Federal health care program requirements and adapted its education and training program accordingly?
  • Has the hospital formulated the content of its education and training program to consider results from its audits and investigations; results from previous training and education programs; trends in hotline reports; and OIG, CMS, or other agency guidance or advisories?
  • Has the hospital evaluated the appropriateness of its training format by reviewing the length of the training sessions; whether training is delivered via live instructors or via computer-based training programs; the frequency of training sessions; and the need for general and specific training sessions?
  • Does the hospital seek feedback after each session to identify shortcomings in the training program, and does it administer post-training testing to ensure attendees understand and retain the subject matter delivered?
  • Has the hospital's governing body been provided with appropriate training on fraud and abuse laws?
  • Has the hospital documented who has completed the required training?
  • Has the hospital assessed whether to impose sanctions for failing to attend training or to offer appropriate incentives for attending training?

5. Internal Monitoring and Auditing

Effective auditing and monitoring plans will help hospitals avoid the submission of incorrect claims to Federal health care program payors. Hospitals should develop detailed annual audit plans designed to minimize the risks associated with improper claims and billing practices. Some factors hospitals may wish to consider include the following:

  • Is the audit plan re-evaluated annually, and does it address the proper areas of concern, considering, for example, findings from previous years' audits, risk areas identified as part of the annual risk assessment, and high volume services?
  • Does the audit plan include an assessment of billing systems, in addition to claims accuracy, in an effort to identify the root cause of billing errors?
  • Is the role of the auditors clearly established and are coding and audit personnel independent and qualified, with the requisite certifications?Start Printed Page 4876
  • Is the audit department available to conduct unscheduled reviews and does a mechanism exist that allows the compliance department to request additional audits or monitoring should the need arise?
  • Has the hospital evaluated the error rates identified in the annual audits?
  • If the error rates are not decreasing, has the hospital conducted a further investigation into other aspects of the hospital compliance program in an effort to determine hidden weaknesses and deficiencies?
  • Does the audit include a review of all billing documentation, including clinical documentation, in support of the claim?

6. Response to Detected Deficiencies

By consistently responding to detected deficiencies, hospitals can develop effective corrective action plans and prevent further losses to Federal health care programs. Some factors a hospital may wish to consider when evaluating the manner in which it responds to detected deficiencies include the following:

  • Has the hospital created a response team, consisting of representatives from the compliance, audit, and any other relevant functional areas, which may be able to evaluate any detected deficiencies quickly?
  • Are all matters thoroughly and promptly investigated?
  • Are corrective action plans developed that take into account the root causes of each potential violation?
  • Are periodic reviews of problem areas conducted to verify that the corrective action that was implemented successfully eliminated existing deficiencies?
  • When a detected deficiency results in an identified overpayment to the hospital, are overpayments promptly reported and repaid to the FI?
  • If a matter results in a probable violation of law, does the hospital promptly disclose the matter to the appropriate law enforcement agency? [84]

7. Enforcement of Disciplinary Standards

By enforcing disciplinary standards, hospitals help create an organizational culture that emphasizes ethical behavior. Hospitals may consider the following factors when assessing the effectiveness of internal disciplinary efforts:

  • Are disciplinary standards well-publicized and readily available to all hospital personnel?
  • Are disciplinary standards enforced consistently across the organization?
  • Is each instance involving the enforcement of disciplinary standards thoroughly documented?
  • Are employees, contractors and medical and clinical staff members checked routinely (e.g., at least annually) against government sanctions lists, including the OIG's List of Excluded Individuals/Entities (LEIE) [85] and the General Services Administration's Excluded Parties Listing System.

In sum, while no single factor is conclusive of an effective compliance program, the preceding seven areas form a useful starting point for developing and maintaining an effective compliance program.

IV. Self-Reporting

Where the compliance officer, compliance committee, or a member of senior management discovers credible evidence of misconduct from any source and, after a reasonable inquiry, believes that the misconduct may violate criminal, civil, or administrative law, the hospital should promptly report the existence of misconduct to the appropriate Federal and State authorities [86] within a reasonable period, but not more than 60 days,[87] after determining that there is credible evidence of a violation.[88] Prompt voluntary reporting will demonstrate the hospital's good faith and willingness to work with governmental authorities to correct and remedy the problem. In addition, reporting such conduct will be considered a mitigating factor by the OIG in determining administrative sanctions (e.g., penalties, assessments, and exclusion), if the reporting hospital becomes the subject of an OIG investigation.[89] To encourage providers to make voluntary disclosures, the OIG published the Provider Self-Disclosure Protocol.[90]

When reporting to the government, a hospital should provide all information relevant to the alleged violation of applicable Federal or State law(s)and the potential financial or other impact of the alleged violation. The compliance officer, under advice of counsel and with guidance from the governmental authorities, could be requested to continue to investigate the reported violation. Once the investigation is completed, and especially if the investigation ultimately reveals that criminal, civil, or administrative violations have occurred, the compliance officer should notify the appropriate governmental authority of the outcome of the investigation, including a description of the impact of the alleged violation on the applicable Federal health care programs or their beneficiaries.

V. Conclusion

In today's environment of increased scrutiny of corporate conduct and increasingly large expenditures for health care, it is imperative for hospitals to establish and maintain effective compliance programs. These programs should foster a culture of compliance that begins at the highest levels and extends throughout the organization. This supplemental CPG is intended as a resource for hospitals to help them operate effective compliance programs that decrease errors, fraud, and abuse and increase compliance with Federal health care program requirements for the benefit of the hospitals and public alike.

End Supplemental Information


1.  For purposes of convenience in this guidance, we use the term “hospitals” to refer to individual hospitals, multi-hospital systems, health systems that own or operate hospitals, academic medical centers, and any other organization that owns or operates one or more hospitals. Where applicable, the term “hospitals” is also intended to include, without limitation, hospital owners, officers, managers, staff, agents, and sub-providers. This guidance primarily focuses on hospitals reimbursed under the inpatient and outpatient prospective payment systems. While other hospitals should find this CPG useful, we recognize that they may be subject to different laws, rules, and regulations and, accordingly, may have different or additional risk areas and may need to adopt different compliance strategies. We encourage all hospitals to establish and maintain ongoing compliance programs.

Back to Citation

2.  The 1998 OIG Compliance Program Guidance for Hospitals is available on our Web page at​authorities/​docs/​cpghosp.pdf.

Back to Citation

3.  See 67 FR 41433 (June 18, 2002), “Solicitation of Information and Recommendations for Revising a Compliance Program Guidance for the Hospital Industry,” available on our Web page at​authorities/​docs/​cpghospitalsolicitationnotice.pdf.

Back to Citation

4.  See 69 FR 32012 (June 8, 2004), “OIG Draft Supplemental Compliance Program Guidance for Hospitals,” available on our Web page at​authorities/​docs/​04/​060804hospitaldraftsuppCPGFR.pdf.

Back to Citation

5.  See 42 U.S.C. 1320a-7b(b). See also 42 CFR 1001.952. The safe harbor regulations and preambles are available on our Web page at​fraud/​safeharborregulations.html#1.

Back to Citation

6.  The OIG's materials are available on our Web page at

Back to Citation

7.  The term “Federal health care programs,” as defined in 42 U.S.C. 1320a-7b(f), includes any plan or program that provides health benefits, whether directly, through insurance, or otherwise, which is funded directly, in whole or in part, by the United States Government (other than the Federal Employees Health Benefit Plan described at 5 U.S.C. 8901-8914) or any State health plan (e.g., Medicaid or a program receiving funds from block grants for social services or child health services). In this document, the term “Federal health care program requirements” refers to the statutes, regulations, and other rules governing Medicare, Medicaid, and all other Federal health care programs.

Back to Citation

8.  See 42 U.S.C. 1320a-7b(a)(3).

Back to Citation

9.  The False Claims Act (31 U.S.C. 3729-33), among other things, prohibits knowingly presenting or causing to be presented to the Federal government a false or fraudulent claim for payment or approval, knowingly making or using or causing to be made or used a false record or statement to have a false or fraudulent claim paid or approved by the government, and knowingly making or using or causing to be made or used a false record or statement to conceal, avoid, or decrease an obligation to pay or transmit money or property to the government. The False Claims Act defines “knowing” and “knowingly” to mean that “a person, with respect to the information—(1) has actual knowledge of the information; (2) acts in deliberate ignorance of the truth or falsity of the information; or (3) acts in reckless disregard of the truth or falsity of the information, and no proof of specific intent to defraud is required.” 31 U.S.C. 3729(b).

Back to Citation

10.  In some circumstances, inaccurate or incomplete reporting may lead to liability under the Federal anti-kickback statute. In addition, hospitals should be mindful that many States have fraud and abuse statutes—including false claims, anti-kickback, and other statutes—that are not addressed in this guidance.

Back to Citation

11.  To review the risk areas discussed in the original hospital CPG, see 63 FR 8987, 8990 (February 23, 1998), available on our Web page at​authorities/​docs/​cpghosp.pdf.

Back to Citation

12.  Congress enacted the OPPS in section 4523 of the Balanced Budget Act of 1997. The OPPS became effective on August 1, 2001. CMS promulgated regulations implementing the OPPS at 42 CFR part 419. For more information regarding the OPPS, see​providers/​hopps/​.

Back to Citation

13.  The list of current modifiers is listed in the Current Procedural Terminology (CPT) coding manual. However, hospitals should pay particular attention to CMS transmittals and program memoranda that may introduce new or altered application of modifiers for claims submission and reimbursement purposes. See chapter 4, section 20.6 of the Medicare Claims Processing Manual at​manuals/​104_​claims/​clm104c04.pdf.

Back to Citation

14.  The list of “inpatient-only” procedures appears in the annual update to the OPPS rule. For the 2004 final rule, the “inpatient-only” list is found in Addendum E. See​regulations/​hopps/​2004f.

Back to Citation

15.  Effective December 7, 2003, FI's began issuing LCDs instead of LMRPs, and FI's will convert all existing LMRPs into LCDs by December 31, 2005.

Back to Citation

16.  A hospital may contact its FI to request a copy of the pertinent LMRPs and LCDs, or visit CMS's Web page at​mcd to search existing local and national policies.

Back to Citation

17.  More information regarding the NCCI can be obtained from CMS's Web page at​medlearn/​ncci.asp.

Back to Citation

18.  For information relating to HCPCS code updates, see​medicare/​hcpcs/​. For information relating to annual APC updates, see​providers/​hopps/​.

Back to Citation

20.  See CMS Program Transmittal A-02-026, available on CMS's Web page at​manuals/​pm_​trans/​A02026.pdf.

Back to Citation

21.  See, e.g., chapter 1, section 50.2 of the Medicare Claims Processing Manual, available on CMS's Web page at​manuals/​104_​claims/​clm104c01.pdf.

Back to Citation

22.  See chapter 4, section 260 of the Medicare Claims Processing Manual, available on CMS's Web page at​manuals/​104_​claims/​clm104c04.pdf.

Back to Citation

23.  See, e.g., OIG Audit Report A-03-01-00011, “Review of Medicare Same-Day, Same-Provider Acute Care Readmissions in Pennsylvania During Calendar year 1998,” August 2002, available on our Web page at​oas/​reports/​region 3/30100011.pdf.

Back to Citation

24.  See 42 CFR 412.4(c). See, e.g., OIG Audit Report A-04-00-01220 “Implementation of Medicare's Postacute Care Transfer Policy,” October 2001, available on our Web page at​oas/​reports/​region4/​40001220.pdf.

Back to Citation

25.  The initial 10 designated DRGs were selected by the Secretary, pursuant to section 1886(d)(5)(J) of the Social Security Act (42 U.S.C. 1395ww(d)(5)(J)). With the 2004 fiscal year PPS rule, CMS revised the list of DRGs paid under CMS's post-acute care transfer policy, bringing the total number of designated DRGs to 29. See 68 FR 45346 (August 1, 2003). Then, with the 2005 fiscal year PPS rule, CMS revised the list again, bringing the current total number of designated DRGs to 30. See 69 FR 48916 (August 11, 2004). See also chapter 3, section 402.4 of the Medicare Claims Processing Manual, available on CMS's Web page at​manuals/​104_​claims/​clm104c03.pdf.

Back to Citation

27.  For more information regarding CMS's APC “pass-through” payments, See​providers/​hopps/​apc.asp.

Back to Citation

28.  See 42 CFR 412.84; 68 FR 34493 (June 9, 2003).

Back to Citation

29.  The criteria for determining whether a facility or organization is provider-based can be found at 42 CFR 413.65. In April 2003, CMS published Transmittal A-03-030, outlining changes to the criteria for provider-based designation. See​manuals/​pm_​trans/​A03030.pdf.

Back to Citation

30.  To view Medicare's National Coverage Decision regarding clinical trials, see​coverage/​8d2.asp. Specific requirements for submitting claims for reimbursement for clinical trials can be accessed on CMS's Web page at​coverage/​8d4.asp.

Back to Citation

31.  See 42 CFR 412.2(e)(4), 42 CFR 412.113(d), and 42 CFR 413.203. See generally 42 CFR part 413 (setting forth the principles of reasonable cost reimbursement).

Back to Citation

32.  See Medicare's Provider Reimbursement Manual (PRM), Part I, section 2304 and Part II, section 3610, available on CMS's Web page at​manuals/​cmsfoc.asp.

Back to Citation

33.  See 42 CFR 412.100. See also, chapter 3, section 90 of the Medicare Claims Processing Manual, available on CMS's Web page at​manuals/​104_​claims/​clm104c03.pdf. See, e.g., OIG Audit Report A-04-02-02017, “Audit of Medicare Costs for Organ Acquisitions at Tampa General Hospital,” April 2003, available on our Web page at​oas/​reports/​region4/​40202017.pdf.

Back to Citation

34.  See section 35-25 of the Medicare Coverage Issues Manual. See, e.g., OIG Audit Report A-01-03-00516, “Review of Outpatient Cardiac Rehabilitation Services at the Cooley Dickinson Hospital,” December 2003, available on our Web page at​oas/​reports/​region 1/10300516.pdf.

Back to Citation

35.  Payments for direct graduage medical education (GME) and indirect graduate medical education (IME) costs are, in part, based upon the number of full-time equivalent (FTE) residents at each hospital and the proportion of time residents spend in training. Hospitals that inappropriately calculate the number of FTE residents risk receiving inappropriate medical education payments. Hospitals should have in place procedures regarding: (i) Resident rotation monitoring; (ii) resident credentialing; (iii) written agreements with non-hospital providers; and (iv) the approval process for research activities. For more information regarding medical education reimbursement, see 42 CFR 413.75 et. seq. (GME requirements) and 42 CFR 412.105 (IME requirements). See, e.g., OIG Audit Report A-01-01-00547 “Review of Graduate Medical Education Costs Claimed by the Hartford Hospital for Fiscal Year Ending September 30, 1999,” October 2003, available on our Web page at​oas/​reports/​region 1/10100547.pdf.

Back to Citation

36.  For more information regarding Medicare's Electronic Data Interchange programs, see​providers/​edi/​.

Back to Citation

37.  The statute also prohibits physicians from referring DHS to entities, including hospitals, with which they have prohibited financial relationships. However, the billing prohibition and nonpayment sanction apply only to the DHS entity (e.g., the hospital). See section 1877(a) of the Act. Section 1903(s) of the Act extends the statutory prohibition to Medicaid-covered services.

Back to Citation

38.  The statute lists ten additional categories of DHS, including, among others, clinical laboratory services, radiology services, and durable medical equipment. See section 1877(h)(6) of the Act. Hospitals and health systems that own or operate free-standing DHS entities should be mindful of the ten additional DHS categories. CMS has clarified that lithotripsy services furnished to hospital inpatients are not DHS. See 69 FR 16054, 16106 (March 26, 2004).

Back to Citation

39.  Hospitals affiliated with academic medical centers should be aware that the regulations contain a special exception for certain academic medical center arrangements. See 42 CFR 411.355(e). Specialty hospitals should be mindful of certain limitations on new physician-owned specialty hospitals contained in section 507 of the Medicare Prescription Drug, Improvement and Modernization Act of 2003. See CMS's One-Time Notification regarding the 18-month moratorium on physician investment in specialty hospitals, CMS Manual System Pub. 100-20 One-Time Notification, Transmittal 26 (March 19, 2004), available on CMS's Web page at​manuals/​pm_​trans/​R62OTN.pdf.

Back to Citation

40.  Importantly, the anti-kickback statute safe harbors are not the same as the Stark law exceptions described above at section II.B.1 of this guidance. An arrangement's compliance with the anti-kickback statute and the Stark law must be evaluated separately.

Back to Citation

41.  Parties to an arrangement cannot obtain safe harbor protection by entering into a sham contract that complies with the written agreement requirement of a safe harbor and appears, on paper, to meet all of the other safe harbor requirements, but does not reflect the actual arrangement between the parties. In other words, in assessing compliance with a safe harbor, the OIG examines not only whether the written contract satisfies all of the safe harbor requirements, but also whether the actual arrangement satisfies the requirements.

Back to Citation

42.  While informative for guidance purposes, an OIG advisory opinion is binding only with respect to the particular party or parties that requested the opinion. The analyses and conclusions set forth in OIG advisory opinions are very fact-specific. Accordingly, hospitals should be aware that different facts may lead to different results.

Back to Citation

43.  See 1989 Special Fraud Alert on Joint Venture Arrangements, reprinted in the Federal Register (59 FR 65372; December 19,1994) and available on our Web page at​fraud/​docs/​alertsandbulletins/​121994.html.

Back to Citation

44.  There is also a safe harbor for investment interests in large entities (i.e., entities with over fifty million dollars in assets) (42 CFR 1001.952(a)(1)).

Back to Citation

45.  See 1989 Special Fraud Alert on Joint Venture Arrangements, supra note 43.

Back to Citation

46.  This Special Advisory Bulletin is available on our Web page at​fraud/​docs/​alertsandbulletins/​042303SABJointVentures.pdf.

Back to Citation

47.  Contractual ventures with existing clinical laboratories and outpatient therapy providers, among others, are also potentially problematic, particularly if the venture is functionally a turnkey operation that enables a hospital to use its captive referrals to expand into a new line of business with little or no contribution of resources or assumption of real risk.

Back to Citation

48.  See 2003 Special Advisory Bulletin on Contractual Joint Ventures, supra note 46.

Back to Citation

49.  The Medicare program permits hospitals to furnish services “under arrangements” with other providers or suppliers. Hospitals frequently furnish services “under arrangements” with an entity owned, in whole or in part, by referring physicians. Standing alone, these “under arrangements” relationships do not fall within the scope of problematic contractual joint ventures described in the Special Fraud Alert; however, these relationships will violate the anti-kickback statute if remuneration is purposefully offered or paid to induce referrals (e.g., paying above-market rates for the services to influence referrals or otherwise tying the arrangements to referrals in any manner). These “under arrangements” relationships should be structured, when possible, to fit within an anti-kickback safe harbor. They must fit within a Stark exception, even if the service furnished “under arrangements” is not itself a DHS. See 66 FR 856, 941-2 (January 4, 2001); 69 FR 16054, 16106 (March 26, 2004).

Back to Citation

50.  While disclosure to patients does not offer sufficient protection against Federal health care program abuse, effective and meaningful disclosure offers some protection against possible abuses of patient trust.

Back to Citation

51.  As previously noted, a hospital should ensure that each compensation arrangement with a referring physician fits squarely in a statutory or regulatory exception to the Stark law.

Back to Citation

52.  Arrangements between hospitals and hospital-based physicians were the topic of a Management Advisory Report (MAR) titled “Financial Arrangements Between Hospitals and Hospital-Based Physicians,” OEI-09-89-00330, available on our Web page at​oei/​reports/​oei-09-89-00330.pdf.

Back to Citation

53.  In this regard, arrangements between hospitals and traditional hospital-based physicians generally do not pose the same potential to cause the harms typically associated with kickback schemes. Moreover, a hospital's attending medical staff's quality expectations and a hospital's liability exposure for the malpractice of hospital-based physicians constrain the hospital's choice of a hospital-based physician or group. Finally, to the extent that any qualified group can bid for hospital-based business and the request for proposals clearly includes the entire arrangement, the competition is not unfair. (Of course, an open, competitive bidding process does not protect an otherwise illegal kickback arrangement.)

Back to Citation

54.  When referring to home health agencies and skilled nursing facilities, hospitals must comply with section 1861(ee)(2)(D) and (H) of the Act, requiring that Medicare participating hospitals, as part of the discharge planning process, (i) share with each beneficiary a list of Medicare-certified home health agencies or skilled nursing facilities, as applicable, that serve the beneficiary's geographic area, and (ii) identify any home health agency or skilled nursing facility in which the hospital has a disclosable financial interest or that has a financial interest in the hospital. See also 42 CFR 482.43.

Back to Citation

55.  When paid pursuant to a properly structured employment arrangement, payments to physicians who become hospital employees may be protected by the employee safe harbor at 42 CFR 1001.952(i).

Back to Citation

58.  To preclude improper shifting of discounts, the safe harbor excludes GPOs that wholly own their members or have members that are subsidiaries of the parent company that wholly owns the GPO. Hospitals with affiliated GPOs should be mindful of these limitations.

Back to Citation

59.  In addition to the anti-kickback statute, hospitals should make sure that their credentialing policies comply with all other applicable Federal and State laws and regulations, some of which may prohibit or limit economic credentialing.

Back to Citation

60.  See our “Solicitation of New Safe Harbors and Special Fraud Alerts” (67 FR 72894; December 9, 2002), available on our Web page at​authorities/​docs/​solicitationannsafeharbor.pdf.

Back to Citation

62.  See the OIG's letter on a hospital corporaiton's medical malpractice insurance assistance program, available on our Web page at​fraud/​docs/​alertsandbulletins/​MalpracticeProgram.pdf

Back to Citation

63.  The prohibition applies only to reductions or limitations of items or services provided to Medicare and Medicaid fee-for-service beneficiaries. See section 1128A(b)(1)(A) of the Act. See also our August 19, 1999 letter regarding “Social Security Act sections 1128A(b)(1) and (2) and hospital-physician incentive plans for Medicare or Medicaid beneficiaries enrolled in managed care plans,” available on our Web page at​fraud/​docs/​alertsandbulletins/​gsletter.htm.

Back to Citation

64.  See sections 1128A(b)(1)(B) and (b)(2) of the Act.

Back to Citation

65.  A detailed discussion of gainsharing can be found in our July 1999 Special Advisory Bulletin titled “Gainsharing Arrangements and CMPs for Hospital Payments to Physicians to Reduce or Limit Services to Beneficiaries,” available on our Web page at​fraud/​docs/​altersandbulletins/​gainsh.htm.

Back to Citation

66.  See section 1128(b)(6)(B) of the Act, which is available through the Internet at​uscode/​42/​1320a-7.html.

Back to Citation

67.  See section 1128A(i)(6) of the Act.

Back to Citation

68.  The Special Advisory Bulletin on Offering Gifts and Other Inducements to Beneficiaries (67 FR 55855; August 30, 2002) is available on our Web page at​fraud/​docs/​alertsandbulletins/​SABGiftsandInducements.pdf.

Back to Citation

69.  See id.

Back to Citation

70.  The OIG has proposed a rule to extend this safe harbor to protect waivers of Part B cost-sharing amounts pursuant to agreements with Medicare SELECT plans. See 67 FR 60202 (September 25, 2002), available on our Web page at​fraud/​docs/​safeharborregulations/​MedicareSELECTNPRMFederalRegister.pdf. However, the OIG is still considering comments on this rule, and it has not been finalized.

Back to Citation

71.  See section 1128A(i)(6)(A) of the Act.

Back to Citation

72.  See also the OIG's Special Fraud Alert on Routine Waiver of Copayments or Deductibles Under Medicare Part B, issued May 1991, republished in the Federal Register at 59 FR 65372, 65374 (December 19, 1994), and available on our Web page at​fraud/​docs/​alertsandbulletins/​121994.html.

Back to Citation

73.  Our position on local transportation of nominal value is more fully set forth in the preamble to the final rule enacting 42 CFR 1003.102(b)(13). See 65 FR 24400, 24411 (April 26, 2000).

Back to Citation

74.  See supra note 68.

Back to Citation

75.  See Notice of Proposed Rulemaking regarding “Clarification of Terms and Application of Program Exclusion Authority for Submitting Claims Containing Excessive Charges” (68 FR 53939; September 15, 2003), available on our Web page at​authorities/​docs/​FRSIENPRM.pdf.

Back to Citation

76.  Discounts offered to underinsured patients potentially raise a more significant concern under the anti-kickback statute, and hospitals should exercise care to ensure that such discounts are not tied directly or indirectly to the furnishing of items or services payable by a Federal health care program. For more information, see our February 2, 2004 paper on “Hospital Discounts Offered To Patients Who Cannot Afford To Pay Their Hospital Bills,” available on our Web page at​fraud/​docs/​alertsandbulletins/​2004/​FA021904hospitaldiscounts.pdf, and CMS's paper titled “Questions On Charges For The Uninsured,” dated February 17, 2004, and available on CMS's Web page at​FAQ_​Uninsured.pdf.

Back to Citation

77.  See 68 FR 53939 (September 15, 2003), available on our Web page at​authorities/​docs/​FRSIENPRM.pdf.

Back to Citation

78.  For more information, see CMS's paper titled “Questions On Charges For The Uninsured,” dated February 17, 2004, and available on CMS's Web page at​FAQ_​Uninsured.pdf.

Back to Citation

79.  See 42 CFR 413.89 and Medicare's Provider Reimbursement Manual, Part I, Chapter 3, Section 310, available on CMS's Web page at​manuals/​pub151/​PUB_​15_​1.asp;​ see also Provider Reimbursement Manual, Part II, chapter 11, section 1102.3.L, available on CMS's Web page at​manuals/​pub152/​PUB_​15_​2.asp.

Back to Citation

80.  See “Questions On Charges For The Uninsured,” dated February 17, 2004 and available on CMS's Web page at​FAQ_​Uninsured.pdf. In the paper, CMS further explains that hospitals may, but are not required to, determine a patient's indigency using a sliding scale. In this type of arrangement, the provider would agree to deem the patient indigent with respect to a portion of the patient's account (e.g., a flat percentage of the debt based on the patient's income, assets, or the size of the patient's liability relative to income). In the case of a Medicare patient who is determined to be indigent using this method, the amount the hospital decides, pursuant to its policy, not to collect from the patient can be claimed by the provider as Medicare bad debt. The hospital must, however, engage in a reasonable collection effort to collect the remaining balance before claiming such balance as reimbursable bad debt. Id.

Back to Citation

81.  See Medicare's Provider Reimbursement Manual, Part I, chapter 3, available on CMS's Web page at​manuals/​pub151/​PUB_​15_​1.asp.

Back to Citation

83.  Among other things, the 1998 hospital CPG includes a detailed discussion of the structure and processes that make up the recommended seven elements of a compliance program. The seven basic elements of a compliance program are: Designation of a compliance officer and compliance committee; development of compliance policies and procedures, including standards of conduct; development of open lines of communication; appropriate training and education; response to detected offenses; internal monitoring and auditing; and enforcement of disciplinary standards.

Back to Citation

84.  For more information on when to self-report, see section IV, below.

Back to Citation

85.  See​fraud/​exclusions.html. The OIG also makes available Monthly Supplements for Standard LEIE, which can be compared to existing hospital personnel lists.

Back to Citation

86.  Appropriate Federal and State authorities include the OIG, CMS, the Criminal and Civil Divisions of the Department of Justice, the U.S. Attorney in relevant districts, the Food and Drug Administration, the Department's Office for Civil Rights, the Federal Trade Commission, the Drug Enforcement Administration, the Federal Bureau of Investigation, and the other investigative arms for the agencies administering the affected Federal or State health care programs, such as the State Medicaid Fraud Control Unit, the Defense Criminal Investigative Service, the Department of Veterans Affairs, the Health Resources and Services Administration, and the Office of Personnel Management (which administers the Federal Employee Health Benefits Program).

Back to Citation

87.  In contrast, to qualify for the “not less than double damages” provision of the False Claims Act, the provider must provide the report to the government within 30 days after the date when the provider first obtained the information. See 31 U.S.C. 3729(a).

Back to Citation

88.  Some violations may be so serious that they warrant immediate notification to governmental authorities prior to, or simultaneous with, commencing an internal investigation. By way of example, the OIG believes a provider should immediately report misconduct that: (i) Is a clear violation of administrative, civil, or criminal laws; (ii) has a significant adverse effect on the quality of care provided to Federal health care program beneficiaries; or (iii) indicates evidence of a systemic failure to comply with applicable laws or an existing corporate integrity agreement, regardless of the financial impact on Federal health care programs.

Back to Citation

89.  The OIG has published criteria setting forth those factors that the OIG takes into consideration in determining whether it is appropriate to exclude an individual or entity from program participation pursuant to 42 U.S.C. 1320a-7(b)(7) for violations of various fraud and abuse laws. See 62 FR 67392 (December 24, 1997).

Back to Citation

90.  See 63 FR 58399 (October 30, 1998), available on our Web page at​authorities/​docs/​selfdisclosure.pdf.

Back to Citation

[FR Doc. 05-1620 Filed 1-27-05; 8:45 am]