AMARILLO, TX – For regular readers of Medtrade Monday, this title comes as no surprise. But even so, a periodic reminder never hurts and could save you a great deal of pain and aggravation down the line. The worst time to consider this is when you are the target of some government investigation. As the saying goes, “an ounce of prevention is worth a pound of cure.” The best (and cheapest) time to address compliance issues is always on the front end.
Key Compliance Lessons
As an attorney who assists healthcare suppliers and providers in investigations and audits, far too often a client who has received a civil investigative demand or grand jury subpoena asserts that there cannot be anything wrong. The company points out that it has a compliance officer, that the marketing company or third-party vendor made certain assurances regarding compliance, and that it has proof of their compliance efforts. Unfortunately, after digging a little deeper, we often discover that the client’s understanding of the scope of compliance is incomplete, wrong, or both. In these cases, there are lessons I wish my client had known, but are now too late to avoid the problem. The following are three key lessons to remember:
- Compliance touches everything.
- You can be held accountable for the sins of another.
- There is no single silver bullet remedy to protect yourself against all liability.
Compliance Touches Everything
This is the first and most important lesson. As recent Medtrade Monday articles have discussed, there are numerous Federal statutes, regulations, and guidance that DME suppliers must be aware of and comply with, including the following:
- The Federal Anti-Kickback Statute (AKS)
- Physician Self-Referral Statute (Stark)
- Beneficiary Inducement Statute
- Telephone Solicitation Statute (TCPA)
- Health Insurance Portability and Accountability Act (HIPAA)
- Medicare Supplier Standards
- National and Local Coverage Determinations
- Special Fraud Alerts and Special Advisory Bulletins
- Billing and Coding guidelines
And if these are not enough, states often have their own versions of these laws. Similarly, while Medicare and Medicaid control the lion’s share of the health care market, other payors have their own requirements.
These rules and requirements not only cover the big-issue items such as marketing arrangements and the maintenance and security of protected health information, but also touch on issues as mundane as your hours of operation and maintaining adequate proof of delivery for DMEPOS supplies you shipped to your customers.
And, while it may be true that the ramifications for some of these less-often considered issues might not be as severe, their impact on your company can still be substantial. These can include consequences such as revocation or suspension of your PTAN, a MAC/RAC audit and recoupment, or civil monetary penalty. And in the more severe cases, potential liability can include substantial fines, treble damages, and even possible jail time.
Accountability for the Sins of Another
Responsibility for compliance cannot be shifted away or outsourced to a company’s business partners. This is especially the case for the party that submits claims for payment to federal health care programs or to commercial payors. In short, a DME supplier cannot merely rely on a third-party vendor or a marketing company’s assurances that all applicable laws and regulations are being followed.
Similarly, while the medical practitioner is the only party that can write a valid order or prescription for a DME product or drug, the supplier is still responsible to ensure that medical necessity requirements are satisfied, and the claim is not a “false claim.” Further, even an issue as seemingly inconsequential as obtaining adequate proof of delivery (a responsibility satisfied by mail and package carriers such as UPS and FedEx) has the potential to create a compliance issue if it is not properly done.
This presents an obvious problem: because these are actions taken by other people or entities, they are outside of your immediate view. Because of this, carefully consider what compliance issues are critical with each third-party you deal with and what safeguards you need to be put in place.
There Are No Silver Bullets
As noted above, compliance covers essentially every aspect of this industry. Further, compliance relates to multiple standards from multiple authorities, each with different requirements and serving different purposes. Because of this, it is not possible to rely on any one solution to solve every possible compliance issue. For example, compliance with Stark and the AKS does not prevent other potential false claims problems (e.g., issues with medical necessity). In other words, each compliance question requires its own consideration and usually its own solution.
Also, keep in mind that the compliance questions you must address can change based upon who you are working with. For example, your relationship with a physician will implicate different compliance questions than your relationship with a third-party billing company. And even when there are similar requirements, such as HIPAA, how you account for them in each type of relationship may vary.
Tips to Consider
With these lessons in mind, what practical steps can DME suppliers take to limit potential exposure for compliance issues? The following list is by no means exhaustive, but provides several suggestions for you to consider.
Tip No. 1 – Hire a lawyer.
- Retain an experienced health care attorney to assist in developing a compliance program that addresses applicable compliance issues and then stick to that compliance program.
- Have a health care attorney assist in preparing third-party vendor and marketing agreements. If not structured correctly, these agreements can be a source of problems for the supplier.
- Additionally, a health care attorney who is knowledgeable not only of the industry but also with your company can be a valuable tool and resource. A quick thirty-minute call with your lawyer or a half-day spent researching an issue can have significant returns if it helps you avoid a costly mistake.
Tip No. 2 – Require that marketing be limited to your company and its products.
- Require that the “opt-in” language in any advertisement that is soliciting beneficiaries for direct contact by the supplier or marketing company be specific and exclusive regarding the company and the products being advertising.
- Require the following in any subsequent marketing calls:
- That the marketer clearly state that the call is being made exclusively on behalf of the company in response to the beneficiary’s request for more information—i.e., do not contract with marketers that make calls without identifying the supplier it is representing, but rather have the call expressly linked back to the company’s advertisement and the beneficiary’s “opt-in.”
- Limit the call to only those products for which the beneficiary “opted in”. In other words, prohibit the practice of inquiring about other product categories the beneficiary did not specifically ask about. For example, if the beneficiary requested information related to orthotics, then the products discussed in the call should be limited to orthotics.
- Clearly inform the beneficiary that the call is simply to confirm the beneficiary’s eligibility and to gather information for a future encounter, and that the supplier will make the ultimate determination on whether the product will be provided.
Tip No. 3 – Be careful when using systems or arrangements that have been scrutinized or criticized by regulators.
- For example, telemedicine has been a longstanding area of concern for regulators. During the COVID public health emergency, restrictions on its use were loosened and the public came to appreciate and rely on the benefits that telemedicine provides.
- But as the country has come out of COVID, many of those restrictions have returned or tightened back up.
- It is important to keep track of these developments and to adjust accordingly.
- Another example is the use of offshore vendors or service companies. Some programs may prohibit this entirely. But even for those that allow it, it could bring added scrutiny on your operations and practices.
- If you choose to enter into one of these types of arrangements, build in safeguards to protect your company and to give you an easy off-ramp if issues do come up.
Tip No. 4 – Structure protections and safeguards into agreements with your marketers and service companies.
- Structure agreements with lead generators or referral sources to meet the requirements of applicable safe harbors or exceptions and then ensure strict compliance with the terms of that agreement.
- Avoid marketing and service companies who offer to satisfy all marketing and lead qualification requirements. Rather, prefer arrangements where the various tasks are delegated to different unrelated companies to avoid the perception that the arrangement is essentially for the purchase of fully qualified leads with physician’s orders.
- Require the marketing company and other service companies to agree to be audited and to maintain records demonstrating compliance with these requirements.
- Build into your agreements termination rights or other corrective measures that you can exercise should problems arise.
Tip No. 5 – Conduct regular reviews of the physician’s orders and supporting documentation, periodic audits of the marketing companies and services companies, and promptly investigate any issues or red flags.
- Review the advertisements and calls to beneficiaries for compliance with company standards and applicable rules and regulations.
- Review physician’s orders and supporting documentation for compliance with company standards, applicable rules and regulations, and payor coverage requirements.
- For internal investigations, clearly document the basis for the investigation, the steps taken in the investigation, and the results of the investigation.
- Implement and document appropriate corrective actions when a problem is discovered.
Tip No. 6 – Maintain clear, organized, and detailed records of the following:
- Documents in support of the physician’s orders showing medical necessity and compliance.
- Files supporting the submission of claims—e.g., adequate proof of delivery.
- Records detailing company reviews and self-audits conducted in connection with the company’s compliance program.
- Records and reports on any compliance issues that were identified, and steps taken to correct the issue and remedy any damages.
Slow and Steady Wins the Race
It is impossible to cover all potential compliance issues, even in summary form, in a single article. The lists of lessons and tips above are by no means exhaustive. My goal has been to encourage you to consider these issues broadly and creatively, rather than to keep you focused solely on the most frequently discussed issues.
Finally, one last lesson. Companies who have a strong culture of compliance are companies where priority is placed on periodic, regular compliance reviews and education. While this work may not seem pressing in the moment, this is the best way to (1) prevent problems from occurring in the first place, (2) prevent small problems from becoming big problems, and (3) is a tangible demonstration of your attitude toward compliance should the government or anyone else ever come knocking.
Michael R. Alexander, Esq., is an attorney with the Health Care Group at Brown & Fortunato, a law firm with a national health care practice based in Texas. He represents pharmacies, infusion companies, HME companies, manufacturers and other health care providers throughout the United States. Mr. Alexander can be reached at (806) 345-6340 or email@example.com.
Jeffrey S. Baird, Esq., is chairman of the Health Care Group at Brown & Fortunato, a law firm with a national health care practice based in Texas. He represents pharmacies, infusion companies, HME companies, manufacturers and other health care providers throughout the United States. Mr. Baird is Board Certified in Health Law by the Texas Board of Legal Specialization and can be reached at (806) 345-6320 or firstname.lastname@example.org.