Is your staff training geared up for the DRA?

In 2004, the United States spent 16% of its gross domestic product on healthcare, and total national health expenditures rose 7.9%—more than three times the rate of inflation. There are a variety of theories for the country’s rapidly growing healthcare costs, including inefficiencies in the system, inflated prices, poor management, and fraud, waste, and abuse.

The Deficit Reduction Act of 2005 (“DRA” or “the Act”), which was signed on February 8, 2006, and takes effect January 1, 2007, aims to cut nearly $11 billion in Medicare and Medicaid program spending over the next five years. Some of the DRA’s provisions place new mandatory compliance education obligations on certain providers who participate in the Medicaid program in an effort to reduce Medicaid fraud and abuse. In addition, the Act provides the U.S. Department of Health and Human Services’ Office of Inspector General (OIG) with an additional $25 million per year specifically for targeting Medicaid fraud activities. As a result, providers should expect significantly more federal government involvement and unprecedented coordination with state governments in detecting and investigating alleged Medicaid fraud and abuse activities.

What the DRA Means for Providers

Long-term care providers and others, especially those that receive $5 million or more in Medicaid reimbursement annually, need to educate themselves on the DRA’s Medicaid fraud provisions. In particular, providers need to understand the Act’s employee education provisions and incorporate these requirements into their compliance education and training activities. Policies and training that providers develop and implement in response to DRA requirements must be well documented. To document training, there should be training materials on file, as well as attendance logs and documentation that each employee received and understood the training.

Employee education and training. By January 1, 2007, any provider that receives at least $5 million in annual Medicaid payments must, as a condition of participation:

  • Establish written policies for all employees of the organization, including management, agents, and contractors, providing detailed information about the federal False Claims Act (FCA), including federal administrative remedies, any state laws pertaining to criminal or civil penalties for false claims and statements, and whistle-blower protections under such laws.

  • Include detailed provisions regarding the organization’s policies and procedures for detecting and preventing fraud, waste, and abuse.

  • Include in any employee handbook for the organization a specific discussion of the FCA, the rights of employees to be protected as whistle-blowers, and the organization’s policies and procedures for detecting and preventing fraud, waste, and abuse.

What the Act does not address is how the $5 million Medicaid reimbursement threshold is determined. For example, if an organization consists of multiple providers with individual provider numbers, the Act does not state whether the $5 million in Medicaid revenues represents the entire organization’s Medicaid revenues or is applied on a per-provider basis.

The Act also does not specify what other laws, other than the federal FCA, must be addressed in the policies and employee training. Laws such as Stark I and II (prohibiting physician self-referrals) and the anti-kickback statute would certainly be relevant, but there are a myriad of other federal and state laws that could also apply. Furthermore, the Act does not address specifically to whom training should apply. It is unclear whether “agents” and “contractors” who have nothing to do with the delivery of patient or resident care need to be trained.

Bottom line. This is the first time the federal government has designated an element of compliance programs mandatory for certain providers as a condition of participation in a federal healthcare program. While the Act provides some detail as to what is expected, additional guidance will be necessary for providers to ensure their full compliance with the requirements.

Medicaid integrity program. The DRA establishes a Medicaid Integrity Program (MIP), much like the Medicare Integrity Program. It is the first national Medicaid initiative to identify, recover, and seek to prevent inappropriate Medicaid payments. Federal funding of this program is considerable, with funds increasing from $5 million Federal Fiscal Year (FFY) 2007 to $75 million by FFY 2009 and each year thereafter.

The Center for Medicaid & State Operations (CMSO) is responsible for the MIP. In broad terms, the CMSO is responsible for: (1) reviewing the actions of Medicaid providers and (2) providing support to states for combatting fraud, waste, and abuse. In addition, Congress mandated the use of contractors known as Medicaid Integrity Contractors to:

  • review the actions of those seeking payment from Medicaid programs,

  • conduct audits,

  • identify overpayments, and

  • educate providers on payment integrity and quality-of-care issues.

The law also requires CMS to add 100 full-time equivalent employees to work with states in support of their Medicaid program integrity efforts.

Furthermore, the MIP will closely coordinate with the Medicare Program Integrity group on projects such as Medi-Medi, a pilot project to share data to detect improper billing and utilization patterns, and the Payment Error Rate Measurement program, which is designed to calculate Medicaid payment error rates.

Bottom line. The federal government will now have sufficient monies, staff, and enforcement resources available to detect and prosecute perpetrators of Medicaid fraud and abuse. All providers should be assessing their compliance programs and activities to determine if their organizations’ business conduct and activities could withstand the scrutiny of a government investigation.

Review of state false claims laws. The DRA encourages the 35 states that do not have FCAs to enact them. The Act provides that states with qualifying false claims laws will retain a larger portion of the federal share of recoveries generated by enforcement actions under those state statutes. Adding another level of enforcement, the state laws will enable the federal government to reclaim monies without getting involved in smaller whistle-blower cases. According to the OIG’s 2007 Work Plan, the agency will work with the U.S. Department of Justice to begin assessing state laws for compliance with the criteria that it published in the August 21, 2006, Federal Register.

Bottom line. Not only will states share in a larger portion of recoveries, potentially every state could have its own vehicle with which to pursue individuals in violation of its false claims laws, including contractors. In addition, each state’s law would contain whistle-blower provisions that allow private citizens to bring civil lawsuits alleging fraud on behalf of the government and share in a portion of any funds recovered.

What Providers Should Be Doing Now

Providers that have Medicaid revenues of $5 million or more each year (whether in total or per facility) should be:

  • reviewing their organization’s compliance program policies and employee handbooks to ensure that these materials meet the new standards,

  • keeping an eye out for regulations or guidance from HHS regarding implementation of compliance plans and training requirements, and

  • incorporating the DRA compliance requirements into employee compliance training programs.

All providers, regardless of the amount of their annual Medicaid revenues, should take this opportunity to evaluate the effectiveness of their compliance programs. If an organization has not implemented all seven elements of an effective compliance program (see “OIG’s Seven Elements of Compliance”), it should consider doing so. Organizations with existing compliance programs should periodically assess them to ensure ongoing compliance with all relevant laws and regulations, as well as their own written policies and procedures.

Kevin Cornish is a Managing Director of the Navigant Consulting, Inc. (NCI) Healthcare Disputes & Investigations (D&I) practice in Phoenix.

Tracy Mastro is an Associate Director in NCI’s Healthcare D&I practice based in Washington, D.C.

For further information, phone (602) 528-8090.To send your comments to the authors and editors, e-mail


OIG’s Seven Elements of Compliance

According to OIG, they are:

  1. Written policies and procedures

  2. Designation of a Compliance Officer and Compliance Committee

  3. Effective training and education of employees

  4. Effective lines of communication

  5. Auditing and monitoring of compliance activities

  6. Enforcing standards through well-publicized disciplinary guidelines

  7. Responding to detected offenses and developing corrective action plans

Topics: Articles , Leadership , Staffing