The stories behind headlines like these can have a chilling effect on health care administrators and compliance professionals: 

Texas Heart Hospital to pay $48M in alleged kickback settlement

Oklahoma hospital to pay $72.3M settlement over alleged kickback scheme

While the news focused on the hefty monetary fines, the truth is that Stark law and Anti-Kickback Statute violations can also lead to exclusion from federal health care programs, prison time, and reputational damage. Health care compliance is serious business with severe consequences beyond endangering patient safety and care quality. Health care fraud and abuse laws and regulations are designed to protect patients and prevent waste, fraud, and abuse in federal health care programs.

Risks for health care organizations and individuals

The federal government’s focus for Stark and Anti-Kickback law violations isn’t just on large health systems. Of the $1.8 billion in settlements and judgments that the Department of Justice (DOJ) recovered in 2020 in civil cases involving health care fraud and false claims, numerous  health care organization types were hit, including:

  • Hospitals
  • Drug and medical device manufacturers
  • Managed care providers
  • Pharmacies
  • Laboratories
  • Physicians

On top of that, fines for noncompliance are no longer always insurable, so in some cases health care executives are being held personally liable when significant gaps in oversight are discovered. For example, one pharmaceutical corporation paid over $591 million to resolve claims that its sales representatives paid kickbacks (via speaker fees) to doctors to persuade them to prescribe several drugs. 

A number of other corporate settlements required individuals, particularly senior executives or owners, to pay a portion of the settlement amount.

Five important fraud and abuse laws

Five important fraud and abuse laws apply to physicians and health care organizations. Government agencies—including the DOJ, the Department of Health & Human Services Office of Inspector General (OIG), and the Centers for Medicare and Medicaid Services (CMS)—enforce these federal laws. 

1. The Federal Anti-Kickback Statute

In some industries, rewards for referrals are acceptable, but paying for a patient referral in health care is a federal crime. Patient care and clinical outcomes suffer when treatment protocol decisions and patient referrals are based on financial incentives, not patients’ best interests. Health care providers are supposed to decide on the most appropriate treatment for their patients without considering their own financial interests. 

Health care kickbacks can lead to:

  • Overutilization of services 
  • Medically unnecessary services
  • Increased program costs
  • Corruption of medical decision making
  • Patient steering
  • Unfair competition

The Federal Anti-Kickback Statute is a criminal law that prohibits the knowing and willful payment of "remuneration" to induce or reward patient referrals or the generation of business involving any item or service payable by the federal health care programs (e.g., drugs, supplies, or health care services for Medicare or Medicaid patients). Remuneration includes anything of value, such as cash, free rent, expensive hotel stays and meals, and excessive compensation for medical directorships or consultancies. For example, paying physicians for sham medical directorships to incentivize referrals violates the Anti-Kickback Statute. 

Anti-Kickback Statute violation penalties: The Anti-Kickback Statute covers the payers of kickbacks (i.e., the drug or medical device companies who offer or make payments) as well as the organizations or individuals (often physicians) who receive them. Violating the Federal Anti-Kickback Statute results in criminal and civil/administrative penalties, including civil monetary payment law (CMPL) fines. 

  • Criminal penalties can include fines of up to $25,000 per violation and up to a five-year prison term per violation. 
  • Civil/administrative penalties can include False Claims Act liability, civil monetary penalties of up to $50,000 per violation plus three times the amount of the remuneration, as well as exclusion from participation in federal health care programs (e.g., Medicare and Medicaid).
2. The Physician Self-Referral Law (aka the Stark law)

Commonly referred to as the Stark law, the Physician Self-Referral Law prohibits physicians from referring patients to receive "designated health services" payable by Medicare or Medicaid from entities with which the physician or an immediate family member has a financial relationship, unless an exception applies. Stark law also prohibits the designated health services entity (e.g., clinical laboratory, physical therapy, radiology and other imaging services) from submitting claims to Medicare for those services resulting from a prohibited referral. 

Financial relationships include both ownership/investment interests and compensation arrangements. For example, if a physician invests in an imaging center, that physician may not refer patients to that facility, and the imaging center may not bill Medicare for the referred imaging services, unless the financial relationship fits within an exception (i.e., a safe harbor). 

Stark law violation penalties: The Stark law is a strict liability statute, which means proof of specific intent to violate the law is not required. The Stark law prohibits the submission, or causing the submission, of claims in violation of the law's restrictions on referrals. 

Civil penalties for violating the Stark law can be steep and include:

  • Overpayment/refund obligation (i.e., providers must refund any Medicare/Medicaid reimbursement for illegally referred services)
  • False Claims Act liability
  • Civil monetary penalties: up to $15,000 for each referred service (when someone knowingly violates the law) 
  • Civil assessment: up to three times the amount claimed 
  • Exclusion from Medicare and Medicaid program participation 
3.  The False Claims Act (FCA)

The civil False Claims Act protects the federal government from being overcharged or sold substandard goods or services. Submitting claims for payment to Medicare or Medicaid that you know or should know are false or fraudulent is illegal. If a medical claim results from a kickback or violates the Stark law, that claim may be false or fraudulent, creating liability under the civil False Claims Act as well as the Anti-Kickback Statute or Stark law.

The civil FCA contains a whistleblower provision that allows a private individual (e.g., current or ex-business partners, hospital/office staff, patients, or competitors) to file a lawsuit on behalf of the United States. Whistleblowers are entitled to a percentage of any monetary recoveries. 

False Claims Act violation penalties: Under the civil False Claims Act, no specific intent to defraud is required for a violation to occur. The civil False Claims Act  defines "knowing" to include: a) actual knowledge of fraudulent activity and b) instances when a person acted in deliberate ignorance or reckless disregard of the truth or falsity of the information. 

  • Civil penalties: Filing false claims may result in fines of up to three times the programs' loss plus $11,000 per claim filed. Under the civil False Claims Act, each instance of an item or a service billed to Medicare or Medicaid counts as a claim, so fines can add up quickly. The OIG may impose administrative civil monetary penalties for false or fraudulent claims. 
  • Criminal penalties: There is also a criminal False Claims Act. Criminal penalties for submitting false claims include imprisonment and criminal fines. Physicians found guilty of submitting false health care claims have received prison time. 
4. Exclusion Statute

The OIG is legally required to exclude from participation in all federal health care programs individuals and entities convicted of: 

  1. Medicare or Medicaid fraud, as well as any other offenses related to the delivery of items or services under Medicare or Medicaid (e.g., Anti-Kickback Statute or Stark law violations)
  2. Patient abuse or neglect 
  3. Felonies resulting from other health-care-related fraud, theft, or other financial misconduct 
  4. Felonies related to unlawful manufacture, distribution, prescription, or dispensing of controlled substances

Medicare, Medicaid, and other federal health care programs will not pay for items or services provided or prescribed by physicians who are excluded from federal health care program participation. Excluded physicians may not bill directly for treating Medicare and Medicaid patients, nor may their services be billed indirectly through an employer or a group practice. 

Health care organizations that participate in federal health care programs cannot employ or contract with excluded individuals or entities. Medical staff services must screen all prospective and current employees and contractors against the OIG’s List of Excluded Individuals and Entities. If you employ or contract with an excluded individual and a federal health care program pays for items or services provided by that individual, you may have to pay a civil monetary penalty and/or repay any reimbursed amounts. 

Revenue from federal programs can account for up to half of a hospital’s income, so exclusion from these programs can put hospitals out of business.

5. Civil Monetary Penalties Law 

The OIG may seek civil monetary penalties for a wide variety of misconduct. A few examples of Civil Monetary Penalties Law violations include:

  • Presenting a claim that the person knows or should know is for an item or service that was not provided as claimed or is false or fraudulent
  • Presenting a claim that the person knows or should know is for an item or service for which payment may not be made (e.g., a claim violating the Stark law)
  • Violating the Anti-Kickback Statute 

Penalties typically range from $10,000 to $50,000 per violation of the Civil Monetary Penalties Law.

How to avoid Stark law and Anti-Kickback Statute penalties

To avoid Stark law, False Claims Act, and Anti-Kickback Statute violations and penalties, your compliance plan must include processes and systems that make it simple to conduct the following essential compliance activities:

Conduct risk assessments 

Risk assessment is a proactive approach to maintaining organization-wide compliance. Identifying potential compliance problems allows you to take steps to reduce their negative impact on your organization, staff, and patients. For example, by identifying weaknesses and correcting your conflict of interest disclosure practices, you can avoid potential violations of the Stark law and Anti-Kickback Statute.

In November 2020, the OIG issued a fraud alert regarding speaker programs sponsored by pharmaceutical and medical device companies. Based on its fraud and abuse investigations, the OIG concluded that payments to speakers and attendees (in the form of free meals) are often used to induce (or are received in return for) ordering or prescribing items paid for by federal health care programs, thus violating the Anti-Kickback Statute. Your risk assessment should examine payments and non-monetary compensation received by physicians and other health care providers from drug/medical device companies that may constitute a conflict of interest and violate the Anti-Kickback Statute and Stark law.

Identify and report potential conflicts of interest 

Physicians and pharmacists must disclose financial relationships with pharmaceutical or medical device companies that may unduly influence clinical and purchasing decisions. Failure to document and report potential conflicts of interest may result in Stark law penalties.  

Health systems must establish a process for identifying and reporting all potential conflicts of interest. For example, if contracted physicians or board members hold financial interests in, or ownership of, goods and services provided, you must disclose that information to regulatory authorities. To protect your organization against Stark law violations, you must ask newly-hired physicians to report any potential conflicts of interest. Physicians should complete a conflict of interest questionnaire upon hiring and then again at least once a year thereafter. 

Examine CMS Open Payments data to review your providers’ financial relationships with medical manufacturers and group purchasing organizations, allowing you to monitor providers’ conflict of interest disclosures for accuracy. 

Monitor provider compensation arrangements

To comply with the Anti-Kickback Statute and Stark law, provider compensation for clinical and administrative activities must be consistent with Fair Market Value and not take into consideration the value or volume of referrals the provider brings to the health care organization. Examine medical directorships to be sure providers are delivering actual, legitimate services under the medical directorship—not just being paid for a fake directorship to reward referrals. 

Include medical directorship arrangements in the provider contract, outlining the specific services the provider is to perform and the compensation for those services. Then compare each provider’s time sheet to their contract to confirm they are providing the services and time specified in the contract.

Electronically track provider time and activities 

Handwritten, paper timesheets are often incomplete and/or illegible, creating potential compliance problems. Your compliance team may miss potential violations if they’re relying on paper spreadsheets or outdated software to track hundreds of providers performing dozens of services. A provider time tracking application will automate the tracking of provider time and activities, simplifying reporting and creating an electronic audit trail that promotes regulatory compliance.  

Track and report provider gifts and non-monetary compensation

Health care organizations are required to report all non-monetary compensation given to providers. Gifts are legal as long as they follow organizational regulations and aren’t accepted in exchange for referrals to the gift giver (violating the Anti-Kickback Statute). To comply with the Anti-Kickback Statute, you must record the dollar amount of each gift received by each provider, and address gifts that exceed the thresholds established by CMS and your organization. 

symplr Compliance offers legal and regulatory content in its risk assessment management module of our powerful and flexible platform. We provide the software, tools, and unique expert content you need to assess your regulatory compliance stance and discover the changes in healthcare laws that affect your organization.  Learn more about symplr Compliance and our entire portfolio of GRC solutions.

Request a demo

 

Request a Demo

Request now