HHS Logo
Office of Inspector General

330 Independence Ave., SW
Washington, DC 20201

An Open Letter to Health Care Providers
March 9, 2000

        Three years ago, I wrote an open letter to health care providers, inviting them to join me in a national campaign to eliminate fraud and abuse from the Federal health care programs. I suggested an ambitious agenda that included crafting compliance guidance for health care sectors, designing an effective mechanism to promote self-disclosure of improper conduct, and providing greater awareness of the sanctions that may be imposed on a provider that has engaged in fraud or abuse. By collaborating in our efforts to reduce health care fraud, it was my view that we could serve our common interests of protecting the financial integrity of the Federal health care programs and their beneficiaries, some of our most vulnerable citizens.

        Due in large part to strong industry support, I am pleased to report that substantial progress has been made in fulfilling the campaign's objectives. I would like to share with you some of the successes that we have accomplished together and describe new policies the Office of Inspector General (OIG) is implementing to encourage provider self-disclosure. First, three years ago the OIG began producing specific compliance program guidance for segments of the health care industry. These voluntary guidances reflect our suggestions on how providers can design internal controls to monitor adherence with applicable statutes, regulations and program requirements.

        To date, we have issued seven compliance program guidances, each reflecting extensive input from industry representatives and compliance officers, as well as our law enforcement partners. These guidances are directed at the hospital industry, home health agencies, clinical laboratories, third-party billers, the durable medical equipment, prosthetics, orthotics and supply industry, hospice providers, and Medicare+Choice organizations. The next guidance to be issued will address compliance measures in the nursing home industry. These voluntary guidances have contributed to a movement in the health care industry to reduce potential exposure to improper billings by investing in compliance programs. The American Hospital Association, for example, recently reported that 96 percent of surveyed hospitals either had a compliance program in effect or were planning to initiate one in 1999. This greater appreciation of the importance of health care fraud prevention is already paying dividends. Based upon an annual audit of Medicare fee-for-service payments, we have seen almost a 50 percent decline in improper payments during the last three years.

        Second, the OIG committed to creating an atmosphere that encourages health care providers to come forward to the Government voluntarily when they uncover evidence of fraudulent conduct within their organization. In light of the substantial civil and criminal exposure faced by those charged with defrauding the Medicare program, providers understandably have been hesitant to self-disclose without guidance from the Office of Inspector General. Based on the insights gained from a pilot voluntary disclosure program, we published a detailed self-disclosure protocol in October 1998.

        The protocol not only sets out recommended investigative and audit measures that a provider should undertake as part of a disclosure to the OIG, but also represents our commitment to work with the disclosing entity to resolve the problem expeditiously and fairly. I am pleased to report that over 70 health care providers have self-disclosed potentially abusive conduct to the OIG and, as a result, millions of dollars already have been returned to the Medicare Trust Fund. The providers that have made self-disclosures have received expedited review of their disclosures, and, where appropriate, favorable treatment in the resolution of the matter. As the provider community learns more about the self-disclosure process, I am confident that good faith use of the disclosure protocol will continue to expand.

        I also committed to giving health care providers a better understanding of how the OIG makes judgments regarding the use of its enforcement authorities. Through public awareness efforts, such as the publication of Special Fraud Alerts, Special Advisory Bulletins and the OIG's Work Plan, we alert the provider community of our concerns and hope to encourage self-correcting behavior. When fraud is uncovered, we look to see whether the provider took appropriate steps to prevent and detect the misconduct and whether there is a likelihood that the same or similar abuse of the Medicare program will reoccur. As part of this outreach effort, we have even taken the unprecedented step of publishing the factors that we consider in determining whether to exclude an individual or entity under our permissive exclusion authorities.

        To further health care providers' understanding of the OIG's priorities and approach to addressing health care fraud, I want to briefly discuss the OIG's views on corporate integrity agreements (CIAs). Where the best interests of the programs are served by allowing the provider that has engaged in serious misconduct to continue participating in the health care programs, we generally require that the provider enter into an agreement to adopt certain integrity measures. In addition to the seven core elements of a compliance program, as set forth in the Federal Sentencing Guidelines, we require the submission of a variety of reports to the OIG and reserve the right to impose sanctions, including stipulated penalties and program exclusion, for a material breach of the agreement. CIAs almost always include provisions incorporating these seven elements, but the specific terms of a particular CIA depend on the facts and circumstances related to the case and the provider. Among the relevant factors considered in crafting a CIA are the severity and extent of the underlying misconduct, the nature and resources of the provider, the provider's existing compliance capabilities, and whether the case resulted from a self-disclosure.

        In all cases, the OIG is prepared to consider the provider's current compliance program when we negotiate the appropriate terms of a CIA. After all, a provider is often in the best position to understand what compliance measures are most useful to its organization. Of course, we cannot always determine during settlement discussions what aspects of a provider's voluntary compliance program have proven effective and should be incorporated into the CIA. Handbooks and training materials provide us only limited information about how successfully a provider has implemented its compliance policies and procedures. The more a provider can point to tangible, positive outcomes stemming from its compliance efforts, the more reliance we can place on those measures and integrate them into a CIA.

        Perhaps the best evidence that a provider's compliance program is operating effectively occurs when the provider, through its compliance program, identifies problematic conduct, takes appropriate steps to remedy the conduct and prevent it from recurring, and makes a full and timely disclosure of the misconduct to appropriate authorities. As we state in the self-disclosure protocol, matters exclusively involving overpayments or errors that do not suggest that violations of law have occurred should be brought directly to the attention of the entity responsible for claims processing and payment. We also recommend that the provider conduct an initial assessment to substantiate there is a problem with non-compliance with program requirements before making a disclosure to the OIG. When False Claims Act liability results from such a disclosure, the OIG can be more flexible in considering the terms of a CIA in light of the demonstrated effectiveness of the provider's compliance program. In general, we grant more deference to the existing compliance measures of a self-disclosing provider, even if those measures differ from what we might otherwise require in a CIA.

        If the self-disclosing provider has demonstrated that its compliance program is effective and agrees to maintain its compliance program as part of the False Claims Act settlement, we may not even require a CIA. That decision is influenced by a number of variables, including the scope and seriousness of the misconduct, the risk of recurrence, whether the disclosed matter was identified and reported as a result of the provider's compliance measures and the degree of the provider's cooperation during the disclosure verification process. In those cases, where in our judgment it is necessary to require the self-disclosing provider to enter into a CIA, the provider may need to make only limited changes to its existing policies and procedures to meet most of the requirements of the CIA.

        For instance, in cases where the provider's own audits detected the disclosed problem, the OIG may consider alternatives to the CIA's auditing provisions. We may permit a self-disclosing provider to perform some or all of the billing audits through its internal auditors rather than require the retention of an independent review organization for each year of the CIA. In an appropriate case, we may narrow the scope and focus of the claims review to the areas found out of compliance or allow alternate audit methodologies in lieu of the statistical sampling methodology we generally require. In addition, we are more likely in a self-disclosure case to eliminate the need for an external evaluation of the provider's compliance with the terms of the CIA.

        In addition to the audit provisions, many providers entering into CIAs express concern about the OIG's ability to exclude a provider if the OIG determines that the provider has materially breached the terms of the CIA. Generally, we believe that this provision is necessary to ensure that we maintain our ultimate remedy to protect Federal health care programs from problematic providers. However, a provider that has made an appropriate self-disclosure and has demonstrated sufficient trustworthiness may lead us to conclude that we can sufficiently safeguard the programs through a CIA without the exclusion remedy for a material breach. Therefore, we will forego the exclusion remedy in appropriate self-disclosure cases.

        In closing, I want to thank all the health care providers and representatives of health care associations that have worked so hard with us to improve the integrity of the health care system. Through cooperative efforts and open communication, we have been able to make solid progress in the fight against health care waste, fraud and abuse. We in the OIG are committed to continuing to work with you to do an even better job in the future.


                                                                June Gibbs Brown
                                                                Inspector General