Home 5 Lab Industry Advisor 5 Lab Compliance Advisor 5 Compliance Perspectives-lca 5 Compliance Perspectives: How the New OIG Fraud Risk Indicator System Heightens the Imperative of Self-Disclosure

Compliance Perspectives: How the New OIG Fraud Risk Indicator System Heightens the Imperative of Self-Disclosure

by | Apr 23, 2019 | Compliance Perspectives-lca, Essential, Lab Compliance Advisor

As hard as you try to keep your lab 100% compliant with healthcare fraud and abuse laws, you may discover that an inadvertent violation has occurred. At that point, the compliance imperative switches from prevention to damage control. Your basic choice: cover-up or self-disclose. Leaving aside the morals and the fact that the feds, state enforcers and whistleblowers are making monumental strides in spotting false claims violations, cover-up exposes your lab to significantly heightened liability risks, including the risk of total exclusion from government health programs. While these things are intuitively obvious, the new OIG Fraud Risk Indicator (FRI) system is a very practical and concrete illustration of the risks of cover-up and imperative to self-disclose. The FRI System The OIG launched the FRI in September 2018 as a tool to assess “the future risk posed by persons who have allegedly engaged in civil healthcare fraud” for purposes of exercising its authority to exclude alleged fraudsters from federal healthcare programs. The FRI comes into play when the agency is negotiating a settlement agreement with a lab or other provider that has allegedly committed a False Claims Act (FCA) violation to decide how draconian the punishment should be, specifically: Is exclusion […]

As hard as you try to keep your lab 100% compliant with healthcare fraud and abuse laws, you may discover that an inadvertent violation has occurred. At that point, the compliance imperative switches from prevention to damage control. Your basic choice: cover-up or self-disclose. Leaving aside the morals and the fact that the feds, state enforcers and whistleblowers are making monumental strides in spotting false claims violations, cover-up exposes your lab to significantly heightened liability risks, including the risk of total exclusion from government health programs. While these things are intuitively obvious, the new OIG Fraud Risk Indicator (FRI) system is a very practical and concrete illustration of the risks of cover-up and imperative to self-disclose.

The FRI System
The OIG launched the FRI in September 2018 as a tool to assess “the future risk posed by persons who have allegedly engaged in civil healthcare fraud” for purposes of exercising its authority to exclude alleged fraudsters from federal healthcare programs. The FRI comes into play when the agency is negotiating a settlement agreement with a lab or other provider that has allegedly committed a False Claims Act (FCA) violation to decide how draconian the punishment should be, specifically:

  • Is exclusion necessary to protect federal healthcare programs and beneficiaries?
  • If exclusion is not necessary, what, if any, future controls are necessary to ensure the settling party’s future compliance and prevent the risk of future violations, e.g., requiring the person to enter into a Corporate Integrity Agreement (CIA) with the OIG?

The OIG uses the FRI to answer these questions by assigning the settling party to one of five risk categories, each of which calls for different case outcomes:

OIG FRI Risk Categories
Risk Category Description Case Outcome
High Risk/Exclusion Individuals & entities posing the highest future risk of fraud Exclusion from federal healthcare programs & listing in OIG Exclusions Database
High Risk/Heightened Scrutiny Individuals & entities posing significant future risk of fraud who refuse to enter into a CIA* No exclusion but unilateral monitoring by or other “robust integrity obligations” to OIG (and/or state Medicaid fraud agency)
Medium Risk/CIAs Individuals and entities who agree to enter into a CIA Compliance with terms of the CIA
Lower Risk/No Further Action Individuals and entities who pose a relatively low risk of future fraud Case closed with no CIA or additional measures to ensure future compliance
Low Risk/Self-Disclosure Individuals and entities that disclose evidence of potential fraud to OIG and demonstrate that they have an effective compliance program Case closed more quickly with lower penalties and no CIA or additional measures to ensure future compliance

Note:
* Under OIG published criteria, high risk violators can avoid exclusion without a CIA under two limited circumstances:

  1. They self-disclose the fraudulent conduct, cooperatively and in good faith, to OIG; or
  2. They agree to robust integrity obligations with a State or the DOJ and OIG determines these obligations are sufficient to protect the Federal health care programs.

The OIG’s 4 Classification Criteria

How does the OIG decide which risk category to assign to a particular FCA offender in an actual settlement? In April 2016, before the FRI took effect, the OIG published the four criteria it proposed to use:

1. Nature & circumstances of the conduct, including whether the conduct:

  • Caused or had the potential to cause physical, mental, financial or other harms to beneficiaries or other patients;
  • Caused or had the potential to cause financial loss to federal healthcare programs;
  • Was part of an ongoing pattern of misconduct;
  • Occurred over a long period of time; and
  • Is a repeat or continuing violation, including a breach of a current CIA.

2. Conduct during the investigation, with the following constituting indications of higher risk:

  • Obstruction or attempts to obstruct the investigation, audit or internal or external reporting of the unlawful conduct;
  • Attempts to conceal the unlawful conduct;
  • Failure to comply with a subpoena within a reasonable time;
  • Occurred over a long period of time; and
  • Is a repeat or continuing violation, including a breach of a current CIA.

By contrast, the following are indications of lower risk include:

  • Doing an internal investigation;
  • Self-disclosing the conduct cooperatively, in good faith and before becoming aware of the government’s investigation, if any;
  • Acceptance of responsibility for the conduct; and
  • Cooperation or promises to cooperate with the investigation.

3. “Significant ameliorative efforts” call for a lower risk score. Examples:

  • Imposing appropriate discipline on individuals responsible for the unlawful conduct;
  • Significantly increasing the resources the provider organization invests in the compliance function;
  • Post-violation acquisition of the organization by an entity with a good compliance record and program; and
  • Post-violation training or education received by licensed individuals.

4. Compliance history, including previous self-disclosures to OIG, CMS (of Stark Law violations) and/or CMS contractors (of non-fraud overpayments). While having a compliance program that incorporates the U.S. Sentencing Commission Guidelines Manual’s seven elements of an effective compliance program doesn’t help you get a lower risk score, not having such a plan is a factor calling for a higher risk score.

Impact on Your Lab: The 4 Benefits of Self-Disclosure
In deciding how to respond to any FCA violations you discover, keep in mind the four things that self-disclosure of violations to the OIG does to reduce your risks of exclusions and penalties under the FRI system:

  • Self-disclosure will get you the lowest possible risk score, Low Risk/Self-Disclosure, provided that you:
    • Make the disclosure in good faith;
    • Disclose before learning that the government is investigating your lab; and
    • Are able to show the OIG that you have an effective compliance program.
  • Even if you don’t qualify for Low Risk/Self-Disclosure, the fact that you self-disclosed the violation will be an important factor indicator of lower risk that the OIG will weigh in deciding which of the risk categories to assign your lab;
  • Even if you’re in the high-risk realm, self-disclosure may enable you to avoid exclusion and perhaps even the need to enter into a CIA with the OIG via the High Risk/Heightened Scrutiny categorization; and
  • If, heaven forbid, your lab gets into this situation again, self-disclosure will count as a risk mitigating factor in any future FCA settlements you negotiate with the OIG.

8 Other Steps to Take to Reduce Your FRI Risk Score
Although self-disclosure is the most potent, it’s by no means the only thing you can do to help your lab secure the lowest possible risk score under the OIG’s FRI system. Other FRI risk mitigation measures include:

  1. Launching an internal investigation immediately after discovering the FCA violation;
  2. Accepting responsibility for the violation;
  3. Cooperating or agreeing to cooperate with the subsequent OIG investigation;
  4. Appropriately disciplining any lab staffers you determine are responsible for the violation;
  5. Making a significant increase to your lab compliance program, e.g., by creating a new, independent compliance officer position;
  6. Being acquired by a company with a good compliance record and effective compliance program; and
  7. Ensuring that individuals receive enhanced education or training to prevent a recurrence; and
  8. Implementing any other necessary remedial measures to fix the problems that caused the violation and ensure it doesn’t happen again.

Subscribe to view Essential

Start a Free Trial for immediate access to this article