May 6‚ 2011
ACO Fraud and Abuse Provisions
On March 31, 2011, a little over a year after the Patient
Protection and Affordable Care Act (PPACA), as amended by the Health Care and
Education Reconciliation Act of 2010 (collectively, the ACA), became law,
the Centers for Medicare & Medicaid Services (CMS) released proposed
regulations (the Proposed Rule) addressing the operation and structure of
Accountable Care Organizations (ACOs) and creating the Medicare Shared
Savings Program (the Program).1
The arrangements that may be necessary or desirable to form
ACOs and to participate in the Program raise new fraud and abuse concerns.
Providers will need to understand and address the fraud and abuse
provisions of the Proposed Rule in order to assure initial and ongoing
compliance. The deadline for submitting comments on the proposed
regulations is June 6, 2011.
A previous Mintz Levin advisory addressed the fact that, as
part of the Program, CMS and the Office of Inspector General (OIG) for the
Department of Health and Human Services (HHS) anticipate waiving certain
existing federal fraud and abuse laws for qualifying participating ACOs.2 While
much attention has been given to these anticipated waivers, the Proposed
Rule itself contains its own fraud and abuse provisions that, if
implemented, will not be subject to waiver.
Integrity Requirements for ACOs
In the Proposed Rule, CMS proposes “several program integrity
criteria to protect the Shared Savings Program from fraud and abuse and to
ensure that the Shared Savings Program does not become a vehicle for, or
increase the potential for, fraud and abuse….” 3 These
proposed requirements include compliance plans, certifications of
compliance and the accuracy of information, conflict of interest policies,
ACO screening, and the prohibition of certain required referrals and cost-shifting.
An ACO must have a compliance plan that addresses how the ACO
will comply with applicable legal requirements. CMS has proposed that an
ACO may build on an existing compliance plan or coordinate compliance with
compliance efforts of providers/suppliers, and notes that the design and
structure of the plan can vary depending upon the size and business
structure of the ACO. The ACO must demonstrate that it has a compliance
plan with at least the following elements:
a designated compliance official who reports directly to the ACO’s
mechanisms for identifying and addressing compliance problems;
a method for employees or contractors of the ACO or ACO
providers/suppliers to report suspected problems related to the ACO;
compliance training of the ACO’s employees and contractors; and
a requirement to report suspected violations of law to an
appropriate law enforcement agency.4
An ACO is responsible for compliance with all terms and
conditions of its agreement with CMS, an obligation complicated by the
potential number of relationships within an ACO. Toward that end, CMS has
proposed that ACO executives and ACO participants, such as individuals,
entities, contractors, or subcontractors, must make various certifications
of compliance, including the following:
an ACO executive must certify the accuracy, completeness, and
truthfulness of information in the Program application, agreement, and
an authorized representative “must make a written request to [CMS]
for payment of the shared savings in a document that certifies the ACO’s
compliance with Program requirements as well as the accuracy, completeness,
and truthfulness of any information submitted by the ACO, the ACO
participants, or the ACO providers/suppliers”; and
an “ACO participant, individual, entity, contractor, or
subcontractor must similarly certify the accuracy, completeness, and
truthfulness of the data and provide the government with access to such
data for audit, evaluation, and inspection” if that data is generated by
CMS has proposed that the ACO’s governing body have a
conflicts of interest policy requiring members of the governing body to
disclose relevant financial interests.
ACOs are not enrolling in Medicare and thus will not be
subject to the Medicare screening process. However, CMS is considering
screening ACOs based on their “program integrity history” during the
Program application process, and is accepting comments on the screening
Certain Required Referrals and Cost-Shifting
CMS expressed concern, especially if patients are assigned to
ACOs prospectively, that “ACOs or ACO participants may offer or be offered
inducements to overutilize services or to otherwise increase costs for
Medicare or other federal health care programs with respect to the care of
individuals who are not assigned to the ACO under the Shared Savings
Program.”6 As a result,
CMS may prohibit “ACOs and their ACO participants from conditioning
participation in the ACO on referrals of federal health care program
business that the ACO or its ACO participants know or should know is being
provided to beneficiaries who are not assigned to the ACO.” 7
Enforcement of the Physician Self-Referral Law (the so-called Stark Law)
has long been an area of focus for enforcement authorities, and independent
of future fraud and abuse waivers, ACO referrals/cost-shifting may
similarly become an enforcement focus.
CMS has also proposed routine monitoring of ACOs to determine
if they are complying with Program requirements.8
CMS will routinely monitor ACOs by analyzing financial and quality data,
conducting site visits, assessing and investigating beneficiary and
provider complaints, and conducting audits.9
Given this monitoring, record retention will be extremely
important, and ACOs must carefully preserve records and assure that ACO
participants, ACO providers/suppliers, and other contracted entities
performing services and functions on behalf of the ACO likewise comply with
record retention requirements. Further, these entities must grant HHS, the
comptroller general, the federal government, or their respective designees
access to their books and records “sufficient to enable the audit,
evaluation, and inspection of the ACO’s compliance with the Shared Savings
Program requirements and the ACO’s right to any shared savings program.”
Because CMS has taken the view that, even though ACOs are
comprised of many entities, the ACO has the ultimate responsibility for
compliance with the terms and conditions of its agreement with CMS,
including the record retention requirement. An ACO must be vigilant about
record retention and assure that contracts with its participants,
providers/suppliers, and other entities require compliance regarding record
retention. The ACO may also want to assure that such contracts provide it
with the ability to audit, evaluate, and inspect the party’s records so
that it can assure compliance.
CMS has proposed to specifically monitor the following:
Avoidance of At-Risk Beneficiaries. CMS will monitor ACOs
(through analysis of claims and beneficiary level documentation) for
avoidance of “patients at-risk.” 11 CMS may
take corrective actions against ACOs that are found to have engaged in such
conduct, including termination where necessary.
Compliance with Quality Performance Standards. CMS will
review the ACOs’ submission of quality measurement data to identify ACOs
that are not meeting the quality performance standards.12 If an ACO fails to meet “the
minimum attainment level for one or more domains, CMS proposes to give the
ACO a warning and to reevaluate it the following year.”13 If an ACO fails to report any
quality measures, CMS will send the ACO a written request for the data and
require the ACO to provide a reasonable written explanation for its delay.
CMS may immediately terminate the ACO for failing to report quality
measures if the ACO fails to report by the requested deadline and does not
provide a reasonable explanation for delayed reporting.14
Termination of an ACO Agreement
CMS has defined the proposed penalties for ACOs, which
include termination from the Program. The Proposed Rule lists many examples
of bases for termination, including avoidance of at-risk beneficiaries,
failure to supply required information, violations of fraud and abuse laws,
and the use of false information. However, before terminating an ACO
(particularly for violations that are “minor in nature and pose no
immediate risk or harm to beneficiaries or impact on care”), CMS, in its
sole discretion, may provide a warning notice to the ACO of the specific
performance at issue, request a corrective action plan (CAP) from the ACO,
or place the ACO on a special monitoring plan.15,
Other Fraud and
Although not specifically identified as fraud and abuse
provisions, other portions of the Proposed Rule have fraud/abuse
implications. The fact that ACOs will be required to provide Tax
Identification Numbers and National Provider Identifier
Numbers for all ACO professionals will have the effect of screening out ACO
use of excluded providers.17
The mandated CMS preapproval process for all marketing materials,
communications, and activities related to an ACO and its participation in
the Program extends to advertisements, mailings, brochures, web pages,
telephone calls, outreach, and community events, and is intended to protect
beneficiaries from exposure to fraudulent or misleading materials.18
The extent of the fraud and abuse waiver in the final rule
will necessarily affect the extent to which compliance with the regulations
may become a basis for proceedings under the federal False Claims Act
potential qui tam filings. As noted earlier, the Proposed Rule
contains numerous provisions requiring ACOs to certify compliance with
various Program requirements to access shared savings, making it an open
question as to whether any alleged false certifications may be actionable
as false claims under the FCA.
Further, while the proposed fraud and abuse waivers may
provide ACOs some comfort under federal law, the extent to which the final
regulations will preempt state enforcement, especially under state Consumer
Protection/Unfair Trade practices statutes, remains unclear. The Proposed
Rule contains multiple provisions requiring information to be provided to
beneficiaries as to the services to be received through the ACO. Federal
preemption of state claims is not automatic in a Medicare-funded program.20 If an ACO fails
to provide the beneficiary the represented services, that failure may be
actionable as a violation of the state statutes.
While OIG officials have signaled that they expect the final
standards for fraud and abuse waivers in the rule will be applied
consistently across all entities,21
few other details have seeped out. Clients seeking further information
about federal and state fraud and abuse enforcement authorities and their
potential impact on ACOs should contact the authors or their Mintz Levin
1 Medicare Program; Medicare
Shared Savings Program: Accountable Care Organizations, 76 Fed. Reg. 19537
(April 7, 2011).
2 Roy M. Albert, Thomas S.
Crane, and M. Daria Niewenhous, CMS
and OIG Issue Notice, Solicit Comments Related to Waivers of Fraud and
Abuse Provisions for Accountable Care Organizations, April 6, 2011.
3 76 Fed. Reg. at 19551.
4 76 Fed. Reg. at 19552.
5 See note 4 above.
6 See note 4 above.
7 Id. at 19952–53.
8 76 Fed. Reg. at 19624.
9 See note 8 above.
Fed. Reg. at 19625.
the Proposed Rule, CMS offered a definition of “patients at-risk” to mean
patients “who have a high risk score on the CMS–HCC risk adjustment model,
are considered high cost due to having two or more hospitalizations or
emergency room visits each year, are dually eligible for Medicare and
Medicaid, have a high utilization pattern, those who have one or more
chronic conditions … or beneficiaries who have a recent diagnosis … that is
expected to result in an increased cost.” 76 Fed. Reg. at 19625.
Fed. Reg. at 19626.
note 10 above.
note 12 above.
an ACO were under a CAP for avoiding at-risk beneficiaries, it would not
receive shared savings payments while it is under the CAP regardless of the
period of performance in question, and the ACO would not be eligible to
earn any shared savings for the period during which it is under the CAP. 76
Fed. Reg. at 19625.
Fed. Reg. at 19624–26.
Fed. Reg. at 19563–64.
note 3 above.
U.S.C. §3729 et. seq.
v. United Healthcare Service Inc., Civil
Action No. 3:08CV718TSL-JCS, 2009 WL 1769393, *2 (S.D. Miss. June
23, 2009) (remanding state law claims alleging fraudulent Medicare
Advantage Program enrollment to state court, as such were not preempted). See
also Do Sung Uhm v. Humana, Inc., 620 F.3d 1134, 1152–53 (9th Cir. 2010)
(dismissing state consumer protection case against a Medicare Part D
provider, over failure to exhaust the CMS administrative process and
because the plaintiffs’ state claims were preempted under the Medicare
Vicki L. Robinson, OIG senior advisor, Comments during BNA Webinar:
Proposed ACO Rule, Risks & Challenges for Compliance Officers (Apr. 28,