Behavioral Health System to Pay $860,000 for Anti-Kickback Statute Violations

Under a civil settlement with the Department of Justice, El Paso Behavioral Healthcare, formerly University Behavioral Health of El Paso, LLC (“UBH”), has been ordered to pay over three-quarters of a million dollars to resolve allegations that it made improper payments to a doctor in exchange for patient referrals, and submitted false claims to Medicare.

The allegations focused on the Medicare claims of several patients from a physician whose office received payments above fair market value, or payments for services that were not rendered pursuant to a physician services agreement which also provided for the improper referral of the physician’s patients to UBH for Medicare-reimbursed services.

Federal law, including the Anti-Kickback Act and the Stark Law, seeks to ensure that services reimbursable by federal healthcare programs are paid at fair market value and based on the best interests of patients rather than the personal financial interests of referring physicians.

Periodic review of physician agreements should be a key component of any effective compliance program. In addition to the potential criminal sanctions that may be imposed for anti-kickback violations, Medicare claims arising from such improper financial relationships may result in substantial additional false claims liability. Healthcare facilities which discover Medicare overpayments through an effective compliance program can limit their liability through self-reporting.  Read more here.

HHS/OCR Issues Guidance on HIPAA and Workplace Wellness Programs

Many employers view wellness programs as a way to lower health care costs and promote healthy behavior. With the growth of workplace wellness programs, new guidance from the Office of Civil Rights (OCR) at the Department of Health and Human Services (HHS) is timely. HHS/OCR recently issued guidance in the form of frequently asked questions about HIPAA and workplace wellness programs.

5-19The applicability of HIPAA to a workplace wellness program depends on how the program is structured. An employer may sponsor its own wellness program or offer it through the employer’s group health plan. When a workplace wellness program is offered as part of a group health plan, individually identifiable health information collected from wellness program participants is protected under HIPAA because the group health plan is a covered entity under HIPAA. However, a workplace wellness program that is not offered as part of a group health plan but is offered by an employer directly is not covered by HIPAA since HIPAA applies only to covered entities and business associates, but not to employers in their capacity as employers. However, other federal and state laws may apply to the collection and/or use of information by an employer that directly offers a workplace wellness program.

The guidance also addresses whether a group health plan may allow an employer as plan sponsor access to protected health information about participants in a wellness program offered through the plan. If the employer does not administer the health plan, the group health plan can disclose to the employer as plan sponsor only information on which individuals are participating in the health plan and summary health information if requested for the purposes of modifying the plan or obtaining premium bids for coverage.

The guidance states that  the group health plan can provide an employer that is a plan sponsor and performs administrative functions on behalf of the group health plan with access to protected health information necessary to perform its plan administrative functions, but only if certain conditions are met. These conditions, which the employer as plan sponsor must include in plan documents and certify agreement to, include the following:

  • There must be adequate separation between employees who perform plan administrative functions and those who do not;
  • Protected health information cannot be used or disclosed for employment-related actions or other prohibited purposes under the privacy rule; and
  • There must be reasonable and appropriate administrative, technical, and physical safeguards to protect any electronic protected health information.

As employers and group health plans begin developing and implementing workplace wellness programs this year, they should review OCR’s recent guidance to ensure that they are in compliance with HIPAA.


Image courtesy of Flickr by Robert Gourley

Recent Compliance Guidance Issued for Health Care Governing Boards

In cooperation with several industry associations, the Office of Inspector General (OIG) at the Department of Health and Human Services (HHS) recently issued guidance to help governing boards of health care organizations perform their compliance duties. The guidance was developed through collaboration between the Association of Healthcare Internal Auditors, the American Health Lawyers Association, the Health Care Compliance Association, and the OIG. The compliance guidance repeats some guidance for other industry groups, such as a compliance program is not a “one size fits all” program. However, the guidance also contains information that is particularly applicable to governing boards.

The guidance addresses the following issues relating to a governing board’s oversight and review of compliance functions: (1) roles of, and relationships between, the organization’s audit, compliance, and legal departments; (2) mechanism and process for reporting within the organization; (3) identifying regulatory risk; and (4) encouraging enterprise-wide accountability for achieving compliance goals and objectives.

The guidance offers some suggestions specific to governing boards about compliance, including the following.

  • The guidance states that boards should develop a formal plan to stay current with the regulatory landscape so that the board can ask more pertinent questions and make informed decisions. The plan may involve periodic updates from staff or review of materials provided by staff or outside educational programs.
  • The guidance states that a board can raise its expertise level about regulatory and compliance matters by adding to the board or consulting with a regulatory, compliance, or legal professional.
  • There should be a process to ensure appropriate access to information, which can be set out in a formal charter document or other documents.
  • The guidance recommends that boards evaluate and discuss how management works together to address risk.
  • The guidance states that the board should set and enforce reporting to the board compliance-related information in a format that satisfies the interests or concerns of board members.

The board may want to consider scheduling regular executive sessions to discuss compliance and quality functions to encourage open communication.