The law requires Medicare- and Medicaid-certified nursing facilities to utilize a compliance and ethics program that includes eight components:
- Compliance standards that reduce the prospect of criminal, civil and administrative violations
- Assignment of high-level personnel within the organization with overall responsibility and sufficient resources to assure compliance
- Avoiding the delegation of responsibility to individuals who have a propensity to commit criminal, civil or administrative violations
- Effective communication of compliance standards to employees and agents through publications and training
- Reasonable measures to achieve compliance, such as monitoring and auditing procedures to detect noncompliance
- Consistent enforcement of compliance standards, including effective disciplinary mechanisms in the event of noncompliance
- Mechanisms that correct noncompliance and prevent recurrence of noncompliance
- Periodic assessment of whether the compliance program should be modified based on changes within the organization
Those eight components of an ACA compliance plan are general and do not provide concrete guidance to nursing facilities. Congress directed HHS, working with OIG, to adopt regulations that would further define the elements of an effective compliance program, but HHS has not yet issued those regulations. The current situation leaves nursing facilities with a statutory mandate to have an "effective" compliance program in place by early next year, but without regulations explaining how such a program must operate.
Prior to the enactment of the ACA, the OIG issued compliance program guidance for nursing facilities in a two-step process. The original "OIG Compliance Program Guidance for Nursing Facilities [PDF]," published in March 2000, identified seven elements of an effective compliance program, and offered suggestions for how the program could be implemented in a three-phase process. The more recent "Supplemental Compliance Program Guidance for Nursing Facilities [PDF]," published in September 2008, focused on potential fraud and abuse risk areas, i.e., those areas that the OIG indicated were, at that time, of concern to the enforcement community. Until new regulations are issued, the OIG’s previously issued guidance provides tools that nursing facilities can utilize in an effort to meet the compliance plan mandate in the ACA. Because the OIG’s most recent guidance is nearly four years old, however, the fraud and abuse risks have likely changed on a macro level. More importantly, each nursing facility must be diligent in identifying its unique fraud and abuse risk areas.
Look for more focused discussions of particular components of an ACA-mandated compliance plan in future Health Law Alerts.