ACO Fraud And Abuse Provisions

On March 31, 2011, a little over a year after the Patient Protection and Affordable Care Act (PPACA), as amended by the Health Care and Education Reconciliation Act of 2010 (collectively, the ACA), became law, the Centers for Medicare & Medicaid Services (CMS) released proposed regulations (the Proposed Rule) addressing the operation and structure of Accountable Care Organizations (ACOs) and creating the Medicare Shared Savings Program (the Program).1 The arrangements that may be necessary or desirable to form ACOs and to participate in the Program raise new fraud and abuse concerns. Providers will need to understand and address the fraud and abuse provisions of the Proposed Rule in order to assure initial and ongoing compliance. The deadline for submitting comments on the proposed regulations is June 6, 2011.

A previous Mintz Levin advisory addressed the fact that, as part of the Program, CMS and the Office of Inspector General (OIG) for the Department of Health and Human Services (HHS) anticipate waiving certain existing federal fraud and abuse laws for qualifying participating ACOs.2 While much attention has been given to these anticipated waivers, the Proposed Rule itself contains its own fraud and abuse provisions that, if implemented, will not be subject to waiver.

Program Integrity Requirements for ACOs

In the Proposed Rule, CMS proposes "several program integrity criteria to protect the Shared Savings Program from fraud and abuse and to ensure that the Shared Savings Program does not become a vehicle for, or increase the potential for, fraud and abuse...."3 These proposed requirements include compliance plans, certifications of compliance and the accuracy of information, conflict of interest policies, ACO screening, and the prohibition of certain required referrals and cost-shifting.

Compliance Plans

An ACO must have a compliance plan that addresses how the ACO will comply with applicable legal requirements. CMS has proposed that an ACO may build on an existing compliance plan or coordinate compliance with compliance efforts of providers/suppliers, and notes that the design and structure of the plan can vary depending upon the size and business structure of the ACO. The ACO must demonstrate that it has a compliance plan with at least the following elements:

a designated compliance official who reports directly to the ACO's governing body; mechanisms for identifying and addressing compliance problems; a method for employees or contractors of the ACO or ACO providers/suppliers to report suspected problems related to the ACO; compliance training of the ACO's employees and contractors; and a requirement to report suspected violations of law to an appropriate law enforcement agency.4 Compliance with Program Requirements

An ACO is responsible for compliance with all terms and conditions of its agreement with CMS, an obligation complicated by the potential number of...