April 6, 2010

Healthcare Reform Requires All Providers and Suppliers to Establish Compliance Programs

Holland & Knight Alert
Michael R. Manthei


The Patient Protection and Affordable Care Act of 2010 (the “Healthcare Reform Act,” or the “Act”) was signed into law on March 23, 2010.1 As expected, the Act includes numerous anti-fraud, waste and abuse provisions, along with new enforcement measures. The Act, among other things:

  • requires closer scrutiny of providers and suppliers seeking to participate in Medicare and other federally funded healthcare programs
  • allows for the collection and centralization of billing and claims data and makes that information available to law enforcement and oversight agencies for the purpose of investigating suspected fraud
  • increases the penalties for those who abuse the system
  • amends the False Claims Act and the Anti-kickback Act to make it easier for the government to bring actions under those statutes
  • provides substantial amounts in additional resources to government agencies, investigators, and prosecutors to pursue wrongdoers

These are just the highlights. In combination with other amendments to the False Claims Act in 2009, companies involved in virtually any aspect of the healthcare industry can expect greatly enhanced risks of audit, investigation and/or prosecution by both state and federal authorities.2 On the fraud and abuse prevention and reduction side, the Act mandates all healthcare providers and suppliers who participate in federal programs to establish and maintain compliance programs. Additional, more specific compliance requirements are imposed on organizations involved in the nursing home industry.

Mandatory Compliance Programs

Section 6401(a)(7) of the Act requires providers and suppliers enrolled in federal healthcare programs to create and maintain compliance programs as a condition of their continued participation.3 This Section directs the Department of Health and Human Services (HHS), in consultation with the HHS Office of Inspector General (HHS-OIG) to establish the “core elements” of such programs through regulation and to determine the timeline for implementing compliance programs.4 Further, the Act empowers HHS to disenroll non-compliant providers and suppliers and/or to impose civil monetary penalties or other immediate sanctions.5

For many years, HHS-OIG has provided compliance program guidance to various segments of the healthcare industry.6 This guidance has always been advisory and not mandatory. Now, providers and suppliers will be required to follow the industry-specific regulations that will be forthcoming under the Act.

Previous HHS-OIG compliance program guidance has, at its core, been based on the criteria for “effective” compliance and ethics programs promulgated by the United States Sentencing Commission.7 Additionally, the HHS-OIG guidance has identified areas of particular risk based on provider type. This approach of applying the broad Sentencing Guidelines criteria to the specific risks of the healthcare industry is likely to continue under the Act.

In addition to the broad compliance program mandate for providers and suppliers, which will have to be supplemented by HHS-OIG regulation, the Act imposes – as a matter of statute – much more detailed compliance and ethics program requirements for skilled nursing facilities (SNFs) and nursing facilities. Section 6102 of the Act mandates that “operating organizations” for SNFs and nursing facilities implement a compliance and ethics program that is effective in:

  1. preventing and detecting criminal, civil and administrative violations under the Act
  2. promoting quality of care8

Section 6102 further requires specific compliance program elements based on the Sentencing Commission’s criteria for effectiveness. These include: written compliance standards and procedures; compliance-related training programs; auditing and monitoring activities, including anonymous reporting systems; procedures, such as background checks, to avoid hiring persons likely to violate compliance standards; appropriate investigation of potential violations, along with prompt corrective action when violations are discovered; disciplinary systems to appropriately punish those responsible for violations; and periodic risk assessments and modification of the program as necessary to meet its goals.

Failure to comply with the Act can result in exclusion from participation in federal healthcare programs, as well as in civil money penalties. The penalties alone should prompt companies to evaluate and to enhance existing compliance and ethics programs or to develop and implement strong programs where they do not already exist. However, the increased enforcement and integrity provisions of the Act ratchet up the compliance risks substantially and give additional impetus to companies to establish or to upgrade compliance and ethics programs.9

Enforcement Provisions

The Act contains numerous anti-fraud and abuse and integrity provisions. Detailed discussions of those provisions are beyond the scope of this article, however, a brief description of some of the most significant provisions follows.

Provider Screening and Enrollment. The Act requires screening before providers or suppliers can participate in Medicare. HHS has the authority to establish such screening procedures which shall include state licensure checks, criminal background checks, fingerprinting, unscheduled and unannounced site visits, database checks and other such screening as HHS deems appropriate.10 This process:

  • creates a provisional period of enhanced oversight for newly enrolled providers and suppliers to include prepayment review of claims, payment caps and other measures as established by HHS
  • gives HHS the authority to impose a temporary moratorium on enrollment of new providers within a particular category of services or supplies
  • mandates disclosure of an applicant’s current and previous affiliations with providers or suppliers who have uncollected debt, are subject to a payment suspension, have been excluded from participating in federal healthcare programs, or who have had billing privileges denied or revoked
  • if any affiliate disclosures raise concerns about fraud, waste, or abuse, HHS has the authority to impose enhanced safeguards or to deny participation in Medicare outright11

Suspension of Payments Pending Investigation. The Act allows for the suspension of payments to a provider or supplier while the government is investigating a “credible allegation of fraud.”12 The authority to suspend payment is assigned to HHS, which in consultation with HHS-OIG, is also authorized to determine whether an allegation of fraud is “credible.”13 This could have a considerable impact on a provider’s ability to continue its operations.

Transparency Requirements. The Act provides for a number of new transparency requirements for various healthcare industry sectors, including drug and device manufacturers and suppliers, pharmacy benefit managers, physician practices that provide ancillary services and skilled nursing facilities.14 These requirements are associated with financial relationships and activities and impose mandatory reporting obligations to the government that will have a significant effect on tracking and monitoring procedures.

Increased Data Access. The Act enables complex oversight of providers and suppliers by integrating and evaluating data regarding claims, quality of care, ownership, certification, adverse actions, penalties and sanctions, and various other program integrity data. The Act requires HHS to maintain an Integrated Data Repository (IDR) containing claims and payment data.15 The IDR will collect data from all federal healthcare programs through agreements between HHS and the Social Security Administration, the Department of Veterans Affairs, the Department of Defense and the Indian Health Service.16

Information will then be shared and matched across agencies for the purpose of identifying potential fraud, waste and abuse. HHS-OIG and the Department of Justice will also be authorized to access the database for purposes of conducting law enforcement and oversight activities.

The Act also seeks to streamline the collection of data regarding final adverse actions against healthcare providers, suppliers, and practitioners by collapsing the Healthcare Integrity and Protection Data Bank and transferring its data to the National Practitioner Databank (NPD).17 HHS is responsible for maintaining the consolidated database, and the states are required to supply certain data to the NPD.18

Changes to the Civil Monetary Penalties Statute. The Act amends the civil monetary penalties statute to include a penalty of up to $50,000 for false statements, omissions, or misrepresentations made in any application or contract to participate or enroll as a supplier or provider under a federal healthcare program.19 Violators will also be required to pay three times any amounts claimed as a result of the false statement.20 Penalties will also be assessed against a person who, while excluded from participating in federal healthcare programs, prescribes covered items or services if he or she “knew or should have known” that a claim for the item or service would be made to Medicare or Medicaid.21

Overpayments. The Act mandates that any overpayments must be both reported and returned within 60 days of discovery.22 If the overpayment is not returned it becomes an “obligation” that subjects the provider to substantial liability under the False Claims Act, as amended in 2009.23

Anti-Kickback Statute. The Act writes into law a long-held Department of Justice position that violations of the Anti-Kickback Act can be the basis for a variety of enforcement actions, including claims for treble damages under the civil False Claims Act.24 In addition, the Act specifies that prosecutors need not prove that the defendant had actual knowledge of a violation or the specific intent to violate the Anti-Kickback Act.25 Prosecutors need to prove only general criminal intent.26

The False Claims Act. The Act makes a number of additional changes to the False Claims Act. It limits the “public disclosure bar” to federal criminal, civil or administrative hearings, audits or investigations.27 In so doing, the Act overrules a recent Supreme Court decision holding that disclosures in state proceedings also could bar subsequent False Claims Act cases.28 Among other things, the Act gives the Department of Justice the authority to oppose dismissal of an action even where allegations are publicly disclosed and the relator does not qualify as an original source of the underlying information.29

Healthcare Fraud Criminal Offense. As with the Anti-Kickback Act, the Act also amends 18 U.S.C. 1347 (criminal healthcare fraud) to eliminate any requirement that the defendant have “actual knowledge” of the healthcare fraud statute or specific intent to violate it.30


The Healthcare Reform Act continues an ongoing process whereby the government is increasing both the enforcement opportunities and the resources and methods devoted to identifying and prosecuting waste, fraud and abuse. The Act also continues a recent trend mandating compliance and ethics programs for organizations involved in government-regulated programs and industries.

Strong compliance and ethics programs provide an organization’s best defense against the myriad and incredibly expensive risks associated with government audits, investigations and enforcement actions. With this latest round of anti-fraud, waste and abuse provisions, companies would be well advised to take their compliance obligations very seriously and to ensure that their compliance programs address all of the new requirements.

1 Patient Protection and Affordable Care Act of 2010, H.R. 3590, March 23, 2010.


H.R. 3590, Sec. 6401 (a)(7).

H.R. 3590, Sec. 6401 (a)(7).

H.R. 3590, Sec. 6401 (a)(7).


2009 United States Sentencing Commission Guidelines Manual, §8B2.1 Effective Compliance and Ethics Program (2009).

H.R. 3590, Sec. 6102.

H.R. 3590, Sec. 6102.

H.R. 3590, Sec. 6401 (a).

H.R. 3590, Sec. 6401 (a).

H.R. 3590, Sec. 6402 (h).

H.R. 3590, Sec. 6402 (h).

H.R. 3590, Sec. 6002.

H.R. 3590, Sec. 6402 (a).

H.R. 3590, Sec. 6402 (a).

H.R. 3590, Sec. 6403.

H.R. 3590, Sec. 6403.

H.R. 3590, Sec. 6402 (d)(2).

H.R. 3590, Sec. 6402 (d)(2).

H.R. 3590, Sec. 6402 (d)(2).

H.R. 3590, Sec. 6402.

H.R. 3590, Sec. 6402; see also 31 U.S.C. 3729(b)(3).

H.R. 3590, Sec. 6402.

H.R. 3590, Sec. 6402.

H.R. 3590, Sec. 6402.

H.R. 3590, Sec. 10104(j).

H.R. 3590, Sec. 10104(j).

H.R. 3590, Sec. 10104(j).

H.R. 3590, Sec. 10606.

Related Insights