AMARILLO, TX – A compliance program is a living document. It must be designed, implemented and revised as the dynamics and complexity of the organization evolve. As organizations grow, compliance issues become more complex. As such, it is important to ensure that the program is effective in accomplishing its objectives.

The Objectives of an Effective Corporate Compliance Program

Do No Harm
The first goal is to do no harm. It is not uncommon to see a compliance program that creates greater risks than those that were targeted because of the manner in which the program is implemented.  Therefore, it is important for the compliance program to not be so broad that the DME supplier cannot accomplish its goals.

Avoid Partial Implementation
One of the worst results that can occur is to develop a program that is not ultimately fully implemented. The compliance program must be readily achievable within the resources of the DME supplier.

Direct From the Top
The compliance program must be specifically integrated with the resources and operational capabilities of the supplier and directed from the top. A program that does not have top-down accountability will not be carried out.

Commit To Ongoing Training
Every DME supplier has employee turnover. It is critical to have an ongoing training program that conveys the message to current and future employees.

Focus on Elements that Promote Early Detection of Compliance Problems
All employees must understand their individual and collective responsibilities if they suspect non-compliant activity.

Preserve Attorney-Client Privilege
All steps in the process must be designed to take full advantage of this privilege.

How a Corporate Compliance Program Can Serve the DME Supplier
Civil or criminal liability of a DME supplier can be based on the collective knowledge and activities of the agents of the supplier to the extent that the supplier may be held liable for the separate actions of several agents who operate independently even if no single agent, standing alone, had the intent to violate the law. This basis for corporate liability is unsettling because a DME supplier can be liable even where its agents acted individually or collectively in direct violation of an express policy or directive of the supplier.

Criminal Liability: The Federal Sentencing Guidelines
The Federal Sentencing Guidelines were adopted by the federal court system to ensure uniformity in the sentences imposed after a conviction under a federal criminal statute, particularly for white-collar criminal actions.  Although these guidelines applied initially only to individuals, they were extended to organizations such as DME suppliers, home health agencies, hospitals, etc. In the past, the guidelines were mandatory, meaning that federal judges had to follow them. Today, the guidelines are merely suggestive, although most federal judges give them a great deal of credence. The Federal Sentencing Guidelines establish a rather complicated system of aggravating and mitigating factors to be used in sentencing a person/company convicted under a federal criminal statute. The most significant of the mitigating factors is the establishment of an effective compliance program that is designed, implemented, and enforced to “prevent and detect violations of law.”  Since the purpose served by a compliance program as a mitigating factor is difficult to describe out of context, the following is an example.

Example: Suppose a DME supplier changed its billing procedures and for several months inadvertently submitted claims utilizing a different HCPCS code that resulted in large overpayments to the supplier. After discovering the overpayment, the federal government obtains a conviction of the DME supplier for violating the False Claims Act because it had “recklessly” failed to ensure that the new billing practice complied with the law.  Under the Federal Sentencing Guidelines, the court would assign the criminal violation a certain base level.  The guidelines would increase the base level score depending on the amount of money the DME “gained” through the violation.  The guidelines would then add more points to the base score because the violation required “more than minimal planning.” The False Claims Act violation creates a higher base level offense and, therefore, a higher financial penalty.  The court will next determine the “culpability score” that increases the penalty based on the supplier’s size and the extent of upper management involvement.

If the DME supplier has implemented an effective compliance program, the Federal Sentencing Guidelines provide for a mandatory reduction of the culpability score that can result in an ultimate penalty reduction of 50 percent or more.  In a significant False Claims Act violation, this can mean realistic savings of hundreds of thousands or millions of dollars. In addition, if the compliance program had detected the violation and “self-reported” to the government in a reasonable amount of time, the guidelines reduce the financial penalty even further. An effective compliance program might have detected the potential problem and prevented the false claims from being submitted in the first place.

Civil Liability
Potential liability to a DME supplier is normally civil, not criminal. Such liability usually arises from a qui tam (whistleblower) lawsuit filed by a current or ex-employee. A qui tam lawsuit normally arises as follows:

• An employee of the supplier will conclude that the supplier is engaging in acts that violate (i) the federal anti-kickback statute, (ii) the federal physician self-referral statute (“Stark”), (iii) the federal beneficiary inducement statute, or (iv) the federal False Claims Act. It is the position of the Department of Justice that Medicare claims arising from violation of the anti-kickback statute, Stark and beneficiary inducement statute constitute “false claims” in violation of the False Claims Act.
• The employee will present his/her concerns to the supplier’s compliance officer or to the employee’s supervisor.
• Because of the supplier’s inaction, the employee will conclude that his/her concerns are not being taken seriously.
• As a result, the employee will hire an attorney who specializes in bringing whistleblower lawsuits.
• The employee will file a lawsuit in federal court against the supplier. The lawsuit will be in the employee’s name…and in the name of the United States. The lawsuit will be based on the False Claims Act. The penalties under the False Claims Act can be enormous.
• The lawsuit will “go under seal,” meaning that the supplier will not know that it exists.
• The lawsuit will be presented to an Assistant U.S. Attorney (“AUSA”). While the lawsuit is under seal, the AUSA will investigate the merits of the lawsuit. If the AUSA determines that the lawsuit has merit, the lawsuit will be unsealed, the Department of Justice will take over prosecuting the lawsuit, and the DME supplier will be served with the lawsuit.

In the above scenario, the value of a functioning compliance program arises at three stages.

• Stage 1 – When presented with the employee’s concerns, the supplier’s compliance officer will treat the concerns seriously. The compliance officer will investigate the employee’s concerns and report back to the employee. If the compliance officer determines that the employee’s concerns are valid, the compliance officer will (i) confirm to the employee the validity of his/her concerns and (ii) the steps the supplier will take to correct the problem. On the other hand, if the compliance officer determines that the employee’s concerns do not have merit, the compliance officer will (i) explain to the employee why there is not a compliance problem and (ii) thank the employee for being proactive. The above steps normally resolve problems before they become serious.
• Stage 2 – Because of the large potential liability under the False Claims Act, most whistleblower lawsuits are settled. If the Department of Justice has intervened, the settlement will be a joint decision by the AUSA and the whistleblower. If the DME supplier has a functioning compliance program, the AUSA will likely conclude that the supplier is a “good actor” that made a mistake. This may persuade the AUSA to agree to a settlement that is more lenient to the supplier.
• Stage 3 – Normally, when a DME supplier settles a whistleblower lawsuit, the Office of Inspector General expects the supplier to sign a Corporate Integrity Agreement (“CIA”) that has a five-year term. The CIA imposes a number of compliance requirements on the DME supplier. If the Office of Inspector General concludes that the supplier has a functioning compliance program, there is a likelihood that the Office of Inspector General will waive the requirement that the supplier enter into a CIA.

The Structure of a Corporate Compliance Program

For a corporate compliance program to be deemed to be “effective,” the following seven elements must be met:

• Written Policies and Procedures. The DME supplier must have established compliance standards and procedures for employees and agents to follow that are reasonably capable of reducing the prospect of non-compliant conduct. This element will include a code of conduct covering such areas as: relationships with physicians and others in a position to influence the supplier’s business; conflicts of interest; receipt of improper payments or gifts; employment practices; billing practices; and organizational and financial records.
• Designation of a Compliance Officer and Compliance Committee. Specific high-level individuals in the organization must be assigned overall responsibility to oversee compliance with the standards and procedures.
• Conducting Effective Training and Education. The DME supplier must take reasonable steps to effectively communicate its standards and procedures to all employees and agents, e.g., by requiring participation in training programs or by disseminating publications that explain in a practical manner what is required.
• Developing Effective Lines of Communication. This involves (i) the establishment of a hotline and/or other forms of communication and (ii) open access to the compliance officer.
• Enforcement of Disciplinary Standards. The standards must be consistently enforced through appropriate disciplinary mechanisms, including, as appropriate, discipline of individuals responsible for failure to detect non-compliant activity.
• Auditing and Monitoring. The DME supplier must take reasonable steps to achieve compliance with its standards, e.g., by (i) utilizing monitoring and auditing systems reasonably designed to detect non-compliant conduct by its employees and agents, and (ii) having in place and publicizing a reporting system whereby employees and other agents can report non-compliant conduct by others within the organization without fear of retribution.
• Response to Non-Compliant Activities and Corrective Action. After non-compliant activity is detected, the DME supplier must take reasonable steps to respond appropriately and prevent further similar actions, including any necessary modifications to its compliance program to prevent and detect non-compliant activity.

It is also important to note that in order to be deemed “effective,” the compliance program must be something more than a set of documents that simply restates these seven elements. In order to be effective, these seven basic elements must be implemented by the DME supplier and be designed to address past, existing, and future activities of the supplier.

Jeffrey S. Baird, JD, is Chairman of the Health Care Group at Brown & Fortunato, a law firm with a national health care practice based in Texas. He represents pharmacies, infusion companies, HME companies, manufacturers and other health care providers throughout the United States. Baird is Board Certified in Health Law by the Texas Board of Legal Specialization and can be reached at (806) 345-6320 or [email protected].