An HHS OIG compliance program consists of best practices that should be included in an integrated healthcare compliance program to avoid violating fraud and abuse laws enforced by the Department of Health and Human Service (HHS) Office of Inspector General (OIG). Adding HHS OIG compliance best practices to an integrated program not only helps avoid penalties for HHS OIG compliance failures, but may also improve compliance with the integrated program.

Integrated healthcare compliance programs are programs that combine some or all applicable healthcare rules, regulations, and standards into a single compliance program. For example, a healthcare facility might combine CMS’ Emergency Preparedness Rule (81 FR 63860) with OSHA’s Emergency Planning Regulation (§1910.38) and HIPAA’s Contingency Plan Standard (§164.308(a)(7)) to comply with all three requirements via a single activity.

Although integrated healthcare compliance programs can be complicated to develop and keep up to date, they have multiple benefits. In addition to reducing the compliance burden (for example, by reducing the three compliance requirements above to just one), it is also simpler to train workforce members on one integrated compliance program – which has the secondary benefit of simultaneously complying with the CMS, OSHA, and HIPAA training requirements.

What Does an HHS OIG Compliance Program Consist Of?

There is no one-size-fits-all HHS OIG compliance program because some healthcare facilities might not conduct all the activities covered by fraud and abuse laws, while other healthcare facilities might outsource some activities to a third party (i.e., claims and billing) – in which case the third party is liable for compliance violations. However, there are five main fraud and abuse laws most healthcare organizations have to consider in an HHS OIG compliance program:

The False Claims Act

The False Claims Act protects the government from being overcharged for goods or services. In the context of an HHS OIG compliance program, it is a violation of the False Claims Act to submit claims for payment to Medicare, Medicaid, or any other HHS program that a healthcare facility knew – or should have known – were fraudulent. For this reason, it is important to monitor claims and billing activities – even when these activities are outsourced to a third party.

The penalties for violations of the False Claims Act vary depending on whether HHS OIG considers violations to be civil or criminal offenses. HHS OIG has the authority to impose fines of up to $27,894 per civil violation (March 2024) and up to three times the amount falsely claimed from HHS programs. Criminal violations are referred to the Department of Justice, who can pursue fines of up to $500,000 per violation and jail terms of up to five years per violation.

The Anti-Kickback Regulations

In addition to an HHS OIG compliance program consisting of measures to prevent fraudulent billing events, a program should also include measures to prohibit the receipt of – or payment for – kickbacks to induce referrals for items and services reimbursable by an HHS program. HHS OIG considers kickbacks to not only be monetary, but also “in-kind remunerations” such as cost-sharing waivers, shares, subsidies, free items, space, equipment, and services.

The important thing for healthcare facilities to be aware of with regards to the anti-kickback regulations is that both parties involved in a kickback transaction can be found guilty of a violation (i.e., the payer and the recipient of the kickback). In addition, as with violations of the False Claims Act, the penalties for violating the anti-kickback regulations can be criminal and civil – although in this case, the maximum criminal fine is $100,000 per violation.

The Stark Law

The Stark Law, also known as the Physician Self-Referral Law, prohibits physicians from referring patients to receive “designated health services” when the physician or an immediate family member has a financial interest in the designated health service. It is important to be aware the term designated health services not only relates to the provision of treatment, but can also refer to the provision of therapy, medical items, and outpatient prescription drugs.

Both the physician that violated the Law and the health service that benefitted from the violation are considered liable for the violation by HHS OIG. Self-referring physicians can be fined up to $15,000 per violation (or up to $100,000 if the violation is considered an attempt to circumnavigate a criminal anti-kickback regulation), while the health service will have to refund up to three times the amount of any payments received from an HHS healthcare program.

The Exclusion Statute

The Exclusion Statute requires HHS OIG to exclude individuals and organizations from participating in HHS programs if they are found guilty of Medicare or Medicaid fraud, patient abuse or neglect, intentionally violating the anti-kickback regulations, or unlawfully manufacturing, distributing, prescribing, or dispensing controlled substances. HHS OIG also has the discretionary authority to exclude individuals and organizations for misdemeanors.

Being excluded from participating in HHS programs not only means they cannot bill HHS directly. It also means they cannot bill HHS indirectly by providing goods or services via a third party healthcare facility. To make it harder to circumnavigate the Statute, third party healthcare facilities are prohibited from – and can be fined for – contracting goods or services from an individual or organization that appears on the HHS OIG Exclusions List.

The Emergency Medical Treatment and Active Labor Act (EMTALA)

EMTALA requires healthcare facilities that participate in HHS programs to conduct a medical screening examination on any individual requesting emergency care. If the examination identifies an emergency medical condition, the facility must stabilize the individual and provide treatment until the emergency medical condition is resolved. If the facility does not have the capability to treat the individual, it must transfer the individual to a facility that can provide treatment.

Healthcare facilities that fail to conduct a medical screening examination, or who fail to accept an individual transferred from another healthcare facility for emergency treatment, can be fined up to $129,233 and added to the HHS OIG Exclusions List. Individuals to whom a screening or treatment is denied can also take civil action in some states, whereas in other states conditions may apply with regards to the provision of emergency labor and psychiatric treatments.

What are HHS OIG Compliance Best Practices?

Similar to an HHS OIG compliance program, there are no one-size-fits-all HHS OIG compliance  best practices. In order to determine what HHS OIG compliance best practices should be included in a compliance program – whether an integrated compliance program or not – healthcare facilities should assess their exposure to violations of all applicable fraud and abuse laws, and develop policies and procedures to mitigate the risk of a violation occurring.

Recommendations for assessing the risk of an HHS OIG violation include auditing HHS claims and billing processes – even when outsourced to a third party – in order to identify potential vulnerabilities, irregularities, or opportunities for fraud. There is HHS OIG-issued software that can help with the audit process, but smaller healthcare facilities might find it quicker to conduct an audit manually, rather than work out how to use the software on smaller data sets.

One of the most important HHS OIG compliance best practices that all healthcare providers should integrate into a compliance plan is an HHS OIG Background Check. Policies should be put in place to check the HHS OIG Exclusions List before any new hire or supplier is engaged, while procedures should exist to periodically recheck the Exclusions List due to the length of time it can take for an individual or organization under investigation to be added to the Exclusions List.

With regards to EMTALA, it is a best practice for qualifying healthcare facilities to train members of the workforce on what medical conditions qualify for mandatory emergency screening and/or treatment, and when exceptions apply – either due to location, medical discipline, or the professional affiliation of healthcare workers. EMTALA can have several gray areas, so it may be important HHS OIG compliance best practices are enforced when EMTALA is applicable.

The Benefits of HHS OIG Compliance Risk Management

The benefits of HHS OIG compliance risk management are that healthcare facilities mitigate the risk of an HHS OIG violation – reducing the chance of a fine, criminal conviction, or private action by an individual that has been denied emergency care. Even when these consequences of an HHS OIG violation do not happen, healthcare facilities may be required to comply with a Corporate Integrity Agreement – which can be costly to comply with as well as being disruptive.

However, HHS OIG compliance risk management does not have to be particularly complicated. It has already been demonstrated how combining multiple compliance requirements into one integrated healthcare compliance program can reduce the compliance burden and help healthcare facilities save time and money – and adding HHS OIG compliance best practices to an existing integrated healthcare compliance program should be equally as beneficial.

For example, most Medicare Part D and Medicare Advantage providers already have to conduct claims and billing audits as a condition of participation in Medicare. Similarly, most states have laws that require healthcare facilities to conduct Level 2 background checks on new employees (i.e., professional license verification, sex offenders list, etc.) – so adding one more background check (the HHS OIG Exclusions List) is barely going to increase the compliance burden.

Healthcare facilities that are unsure about which fraud and abuse laws apply to their activities (including outsourced activities) and how to comply with them – or when exceptions apply to certain activities under the Safe Harbor regulations – should contact HHS OIG for advice. Alternatively – or to find out more about developing an integrated healthcare compliance program – healthcare facilities can seek independent advice from a compliance professional.

The post What is an HHS OIG Compliance Program? appeared first on HIPAA Journal.

The Department of Health and Human Services Office of Inspector General (HHS-OIG) has agreed to a settlement with UNC Health Chatham Hospital that resolves an alleged violation of the Emergency Medical Treatment and Labor Act (EMTALA).

EMTALA was enacted in 1986 to ensure public access to emergency services regardless of an individual’s ability to pay, and EMTALA applies to all hospitals that offer emergency services through a dedicated department. There are also specific obligations for hospitals that participate in Medicare that offer emergency services, including the requirement to provide a medical screening examination (MSE) when a request is made for examination or treatment for an emergency medical condition.

On January 16, 2022, a 62-year-old patient presented to Chatham’s Emergency Department (ED) via emergency medical services (EMS). Before arriving at the hospital, EMS called in a report about the patient’s condition to the ED and was told that a cardiologist was not available, and the ED could not manage the patient.

EMS proceeded to take the patient to Chatham’s ED and was met in the ambulance bay by a nursing employee, who spoke to the EMS staff and the ambulance left without the patient receiving an MSE. HHS-OIG determined that Chatham violated EMTALA by failing to provide an appropriate EMS, within the capabilities of its staff and facilities. Under the terms of the settlement, Chatham agreed to pay a $49,000 penalty.

The post HHS-OIG Agrees $49,000 Settlement with North Carolina Hospital to Resolve Alleged EMTALA Violation appeared first on HIPAA Journal.

The best way to write an HHS OIG complaint to increase the chances of the complaint being investigated is to prepare a narrative explaining the nature, scope, and time frame of the activity being complained about, and how you came to learn about the activity. When you submit the complaint, the chances of the complaint being investigated are further improved if you can provide supporting evidence and the contact information of a third party who can corroborate the narrative.

Each year, the Department of Health and Human Services (HHS) Office of Inspector General (OIG) receives thousands of complaints, tips, and reports of alleged fraud, waste, and abuse in Federal healthcare programs. HHS OIG does not have the resources to investigate every one, so it prioritizes complaints according to the type of activity and the evidence submitted to support the complaint.

In addition, HHS OIG only has the authority to investigate complaints relating to certain activities, and many complaints can be rejected after being reviewed for relevance. The activities HHS OIG has the authority to investigate include:

• Whistleblower complaints about fraud, waste, and abuse in HHS programs.
• False or fraudulent (overpriced) claims submitted to Medicare or Medicaid.
• Kickbacks or inducements for referrals by Medicare or Medicaid providers.
• Medical identity theft involving Medicare and/or Medicaid beneficiaries.
• The failure of a hospital to evaluate and stabilize an emergency patient.
• Patient abuse or neglect in nursing homes and long-term care facilities.
• Human trafficking by HHS employees, grantees, and contractors.
• Crimes, gross misconduct, or conflicts of interest involving HHS employees, recipients of HHS grants, or HHS contractors.

Complaints relating to Medicare policies, coverage, claims, and payment decisions, Social Security fraud, identity theft unrelated to HHS programs, and discrimination within HHS departments are not investigated by HHS OIG. Complaints of this nature will be rejected on review without the complainant being notified of the decision. Therefore it is important that when you write an HHS OIG complaint, the nature of the activity is one that HHS OIG has the authority to investigate.

How to Submit an HHS OIG Complaint

There are various ways to submit an HHS OIG complaint. The most effective is the online OIG HHS Hotline because this method of submitting an HHS OIG complaint allows complainants to upload documents in support of the complaint electronically. Alternative methods such as mail and fax are not so easy to use; and, if you use mail, you are advised not to send original documents, digital media, or physical devices because these will not be returned even if the complaint is rejected.

When you submit an HHS OIG complaint online, you also have the option of requesting confidentiality inasmuch as your identity is only known to HHS OIG investigators (unless a disclosure is required by law). You may also submit complaints anonymously, but this course of action precludes HHS OIG from investigating a complaint as a whistleblower retaliation complaint, and may hinder the initial review and/or the subsequent investigation into your compliant.

If your complaint is investigated and upheld, there are several potential outcomes depending on the nature of the activity. Most upheld fraud, waste, and abuse complaints and violations of the HHS OIG anti-kickback regulations are resolved by a civil monetary penalty and/or a Corporate Integrity Agreement. However, more serious complaints, criminal complaints, and the failure of a hospital to evaluate and stabilize an emergency patient are likely to result in exclusion from HHS programs.

Individuals concerned about the potential consequences of submitting an HHS OIG complaint – or who need help to write an HHS OIG complaint – are advised to speak with an HHS OIG advisor on 1-800-477-8477 (1-800-HHS-TIPS). Alternatively, if you would prefer independent advice before speaking with an HHS OIG advisor, it is recommended you speak with a legal professional who has experience in healthcare regulatory compliance.

The post How to Write an HHS OIG Complaint appeared first on HIPAA Journal.

HHS OIG penalties vary depending on the nature of the offense, the scale of the offense, and the cooperation of the violating party during the investigation of the offense. Other factors that can influence HHS OIG penalties include the regulatory limits applied to each type of violation and the violating party’s previous history of compliance with healthcare regulations.

Among its many roles, the Department of Health and Human Services (HHS) Office of Inspector General (OIG) is responsible for investigating allegations of fraud, waste, and abuse in Federal healthcare programs. When HHS OIG identifies fraud, waste, or abuse, it has the authority to recover funds, exclude individuals and organizations from Federal healthcare programs, and pursue civil monetary penalties or criminal penalties depending on the nature of the offense.

The amount of HHS OIG penalties is calculated on a case-by-case basis, and quite often cases can be settled for a mutually agreed amount to avoid potential litigation. The amount of HHS OIG penalties can also be reduced if the violating individual or organization agrees to comply with a Corporate Integrity Agreement. In these cases, compliance with a Corporate Integrity Agreement can save an individual or organization from being added to the HHS OIG Exclusions List.

How HHS OIG Enforcement Actions Unfold

The department of HHS OIG responsible for enforcement actions is the Office of Investigations. The Office of Investigations can be alerted to possible fraud, waste, or abuse by other departments of HHS OIG – for example, the Office of Audit Services or the Office of Evaluation and Inspection – by other operating divisions of HHS – for example, HHS’ Office for Civil Rights – or by members of the public and healthcare employees via the HHS OIG Complaints Hotline.

The Office of Investigations prioritizes HHS OIG enforcement actions according to the nature and scale of the alleged offense and the evidence to support the allegation. The Office then issues subpoenas to acquire documents from the accused “target”, conducts interviews with witnesses and/or employees, and conducts inspections of the target’s workplace. The additional evidence is then reviewed to determine what laws and regulations have been violated.

Depending on the outcome of the reviews, HHS OIG enforcement actions can be settled by mutual consent, by an administrative hearing, or by a court if the offense is criminal in nature. The location can also have an influence on the outcome of HHS OIG enforcement actions if a state law has harsher penalties for a violation than the equivalent Federal law. For example, under California’s WIC Code §15630(h), the failure to report elder abuse carries a jail term of up to one year.

How Regulatory Limits Affect HHS OIG Penalties

State laws aside, the amount of HHS OIG penalties is governed by the regulatory limits of whatever federal law the target has violated. For example, the current (February 2024) regulatory limits for civil violations of the False Claims Act are a minimum civil monetary penalty of $13,946 and a maximum civil monetary penalty of $27,894 per violation. The HHS OIG can also add fines of up to three times the amount falsely claimed from an HHS program.

If the violation of the False Claims Act is criminal, HHS OIG penalties increase to a maximum fine of $500,000 for organizations and $250,000 for individuals. For individuals, criminal convictions under the False Claims Act can also carry a jail term of up to five years. These HHS OIG penalties apply to each individual count filed, and are in addition to penalties prosecutors may seek for conspiracy to defraud the United States, mail fraud, wire fraud, or other federal crimes.

Other laws have different regulatory limits. For example, hospitals that violate the Emergency Medical Treatment and Active Labor Act (EMTALA) are subject to civil penalties of between $64,618 and $129,233 per violation, violations of the HHS OIG Anti-Kickback Regulations can attract fines of up to $27,894 (plus jail terms), while the penalties for violations of the OIG Stark Law are up to $15,000 per item or service charged to an HHS program plus up to $100,000 per arrangement considered a deliberate attempt to circumnavigate the Anti-Kickback Regulations.

Why HHS OIG Sanctions are Sometimes Combined

It is not unusual to read HHS press releases announcing multi-million dollar settlements that appear to be more than the maximum civil monetary penalty multiplied by the number of violations – even allowing for the recovery of three times the funds falsely claimed from an HHS program. This is because HHS OIG sanctions can be combined if (for example) a physician has violated the OIG Stark Law by accepting a non-excluded kickback which then results in a false claim to an HHS program.

By combining HHS OIG sanctions, the Office of Investigations can negotiate one financial settlement with an individual or organization rather than multiple settlements, and impose a more relevant Corporate Integrity Agreement (if applicable). Alternatively, the department can exclude an individual or organization from HHS programs for a longer period of time than if each set of HHS OIG Sanctions had been dealt with independently of each other.

The takeaway from this is that there is no specific answer to the question how much are HHS OIG penalties. In the worst possible scenario, violators of Federal healthcare laws can be fined millions of dollars and/or jailed, and be excluded from HHS programs. Due to the risk of effectively losing the business, individuals and organizations concerned that they may not be complying with all applicable healthcare regulations should seek compliance advice from a legal professional.

The post How Much are HHS OIG Penalties? appeared first on HIPAA Journal.