Current Status
Healthcare providers are developing strategies involving Accountable Care Organizations (ACOs). Their goals: to prepare for significant changes in our healthcare delivery and payment systems, to seek additional patient referrals, and receive greater reimbursement for providing high-quality and efficient care.
Fraud and privacy compliance issues can easily drop to the bottom of the priority list during this tumultuous and uncertain time that providers find themselves in. The risk of exclusion from an ACO preferred provider program compounded by the increasing dominance of managed Medicaid would appear, on the surface, to dwarf fraud and privacy compliance program efforts to substantiate regulatory compliance. Nevertheless, compliance issues are time bombs waiting to explode if not proactively identified and effectively addressed by compliance and privacy officers while the provider develops and implements ACO strategies.
Providers are devoting much of their time and energy on "partnering" with ACOs. Providers are focusing on developing and collaborating with provider-specific networks to maximize negotiating leverage with ACOs, (e.g.; www.mednetipa.com), developing data sharing capabilities, infrastructure and care coordination processes. There are numerous critical legal issues that must also be addressed.
Compliance Programs
Compliance programs have, to date, focused on minimizing liability in a primarily fee-for-service reimbursement environment. ACOs are, however, as the Wizard of Oz said, "horse[s] of a different color". Provider compliance programs must evolve from volume-based, fee-for-service reimbursement methodologies to more quality-based, efficiency-based and data-based methodologies. Whether a provider participates with an ACO or not, reimbursement systems demanding these methodology changes are on the horizon and compliance and privacy officers must proactively evolve their compliance programs for the potential liabilities these changes will bring.
A primary goal of an effective compliance program is to substantiate a good-faith effort by the provider to comply with laws and regulations. Compliance and privacy officers must look far ahead towards changing reimbursement methodologies and address associated risks through their compliance programs. To do otherwise will undermine the perception of a good-faith effort.
Anti-kickback Statute and Stark
These statutes address payments intended to induce referrals of healthcare services. Such payments may promote overutilization of appropriate services and / or unnecessary services, either way potentially wasting limited resources. A compliance officer must focus on limiting such improper activities and, in the process, collaborating with others within the provider's organization to ensure proper care is delivered and appropriately reimbursed.
A compliance officer's challenges are enormous. ACOs are increasingly focused on a reimbursement methodology that rewards appropriate, efficient quality care. This reimbursement methodology emphasizes meeting quality of care requirements with accurate documentation while inherently deemphasizing overutilization. Healthcare provider compliance officers, however, must not only address these new reimbursement regulatory compliance requirements but must also continue to address fee-for-service regulatory compliance requirements.
Compliance Officer Responsibilities
Healthcare provider compliance and privacy officers must augment their compliance programs to reflect numerous new risks and potential liabilities from "partnering" with ACOs - new reimbursement methodologies (e.g.; shared savings programs such as the Medicare Shared Savings program); fraud and abuse waivers; ACO "preferred provider" participation requirements that may involve expectations of exclusivity and thereby trigger antitrust issues; data sharing and quality of care reporting; marketing materials and activities; communications and incentives to beneficiaries; privacy and data security requirements; as well as state insurance and malpractice laws.
Conclusion
If ACOs represent a river and healthcare providers dependent upon the ACOs represent tributaries, a fraud and privacy compliance program focused solely on the risks and potential liabilities associated with the tributaries will unlikely be deemed effective by federal and state regulatory authorities.
An "effective compliance program" inherently requires a good faith effort to comply with ALL applicable laws and regulations - those associated with both the river and its tributaries. ACOs represent the latest challenge for compliance and privacy officers in keeping their healthcare providers' compliance programs effective while demonstrating a good-faith effort to comply with laws and regulations.