In 2010, the Affordable Care Act mandated compliance programs for Medicare and Medicaid providers. The reform law, which applies to all Medicare and Medicaid providers, requires the HHS secretary to promulgate "core elements" and set an effective date for compliance programs, presumably through rulemaking, but does not set a deadline for these actions.
Corporate compliance programs, in general, were developed in response to the Federal Sentencing Reform Act of 1984, which led to the development of U.S. Sentencing Guidelines. As a result of large corporate financial scandals in 2001 and 2002, the Sarbanes-Oxley Act, passed in 2002, required all publicly-traded companies to submit an annual report of the effectiveness of their internal accounting controls to the Securities and Exchange Commission beginning in 2004. The spirit of these corporate compliance programs was carried over into healthcare.
In 1997, the concept of voluntary healthcare corporate compliance was adopted by HHS' Office of Inspector General (OIG). The OIG published "OIG Compliance Program for Individual and Small Group Physician Practices" (65 Fed. Reg. 59434-59552; Oct. 5, 2000).
Every federal agency has an OIG. The HHS OIG exclusively investigates cases of fraud, waste, or abuse involving government programs. However, OIG pronouncements become the standard by which best practices are judged for healthcare compliance programs. References to the OIG here are intended to denote best practices as dictated by the HHS OIG, and do not necessarily imply that the OIG has jurisdiction over non-government billing and coding.
The purpose of compliance programs is to assist providers and their agents and develop effective internal controls that promote adherence to applicable federal and state law, and the program requirements of federal, state, and private health plans. The adoption and implementation of voluntary compliance programs significantly advance the prevention of fraud, abuse, and waste in these healthcare plans while at the same time furthering the fundamental mission which is to provide quality care to patients.
Fundamentally, compliance efforts are designed to establish a culture within an organization that promotes prevention, detection and resolution of instances of conduct that do not conform to federal and state law, and federal, state, and private payer healthcare program requirements, as well as the provider's ethical and business policies. In practice, the compliance program should effectively articulate and demonstrate the organization's commitment to the compliance process. The existence of benchmarks that demonstrate implementation and achievements are essential to any effective compliance program.
According to the OIG, a Corporate Compliance Program should have seven elements:
1. Implement written compliance policies, procedures, and standards of conduct;
2. Designate a compliance officer and compliance committee, who will be responsible for monitoring compliance efforts and enforcing practice standards;
3. Conduct effective training and education on the compliance policies, procedures, and standards of conduct;
4. Develop effective lines of communication to facilitate communication with staff and allow anonymous reporting mechanisms;
5. Conduct internal monitoring and auditing by performing periodic self-audits;
6. Enforce standards for employees through well-publicized disciplinary guidelines; and
7. Respond promptly to detected offenses and develop corrective action plans.
HHS OIG has strongly advised healthcare providers to make compliance plans a priority now. Corporate compliance programs are now a mandatory condition of participation. Under nearly any potential scenario, other than a total repeal of Obamacare, it is nearly certain that mandatory requirements of compliance programs are here to stay.