OIG Issues Draft Supplemental Compliance Program Guidance for Nursing Facilities

On April 15, 2008, the OIG posted draft supplemental Compliance Program Guidance (CPG) for Nursing Facilities. When finalized, this CPG will supplement the OIG's existing CPG for nursing facilities that was finalized in March 2000. The OIG's draft guidance focuses on facility compliance with fraud and abuse laws, the submission of accurate claims, kickbacks, and several other areas.


Beginning in 1998, the OIG attempted to engage the private health care community in voluntary compliance efforts aimed at preventing the submission of false or erroneous claims and combating fraud and abuse in the federal health care programs. As a result of its efforts, the OIG developed various CPGs that were targeted at segments of the health care industry, including hospitals, clinical laboratories, home health agencies, third party billing companies, and others.[1] The OIG originally published a CPG for the nursing facility industry on March 16, 2000.[2] Since the publication of the original nursing facility CPG, however, the nursing facility industry has significantly changed the ways that it delivers and is reimbursed for its services. Additionally, both the government and the public have scrutinized the industry regarding its ability to provide high quality care to patients. These changes prompted the OIG to publish a notice in the Federal Register on January 24, 2008 seeking stakeholder comments,[3] and to publish this draft to seek comments from all interested parties. The OIG notes its particular interest in receiving comments regarding whether its original recommendations for the basic elements of compliance programs must be updated and, if so, how.

Overview of the Draft Supplemental Compliance Program Guidance

The draft guidance emphasizes in its introduction that it is meant to offer, alongside the March 2000 CPG for nursing facilities, "a set of guidelines that nursing facilities should consider when developing and implementing a new compliance program or evaluating an existing one." The draft guidance addresses three (3) broad areas: fraud and abuse risk areas, compliance considerations such as ethics and compliance program review, and self-reporting. The draft guidance also contains an overview of Medicare and Medicaid reimbursement for nursing facilities, meant to serve as context for the discussion of fraud and abuse risk areas that the draft guidance provides.

The primary focus of the draft guidance addresses several areas of significant concern for nursing facilities today with regard to fraud and abuse: quality of care, submission of accurate claims, the federal anti-kickback statute, other risk areas, and HIPAA privacy and security rules. With regard to quality of care, the OIG provides guidance in several common risk areas associated with the delivery of quality care to nursing facility residents that frequently arise in enforcement cases, including sufficient staffing, comprehensive care plans, appropriate use of psychotropic medications, medication management, and resident safety. With regard to claims, the draft guidance emphasizes the importance of properly reporting resident case-mix by SNFs as well as reporting risks that are unique to certain types of nursing facility services, including therapy, screening for excluded individuals and entities, and restorative and personal care services. The draft guidance then discusses anti-kickback concerns that the OIG believes should receive close scrutiny from nursing facilities, such as the provision of free goods and services to existing or potential referral sources; services contracts for physician services and non-physician services; discounts in the form of price reductions and swapping; hospice services; and reserved bed arrangements. The draft guidance then touches upon several other risk areas that are particular to nursing facilities, including physician self-referrals, anti-supplementation, and restricting beneficiaries' freedom of choice with regard to choosing Medicare Part D plans. Finally, the draft guidance highlights portions of the HIPAA privacy and security rules that nursing facilities should ensure they are compliant with, including standards for the use and disclosure of PHI with and without patient authorization, provisions pertaining to permitted and required disclosures, and various administrative, technical, and physical security safeguards that ensure the confidentiality of PHI.

The draft guidance also discusses other compliance considerations such as the development of ethical and compliance principles, regular review of compliance systems and structures, and the use of communication tools that promote strong communication with facility decision-makers. The OIG recommends that nursing facilities develop general organizational statements of ethical and compliance principles to guide their operations, and encourages broad participation in creating and implementing an organizational code of conduct and compliance program. The OIG also recommends that nursing facilities should regularly review the implementation and execution of their compliance program systems and structures, ideally annually. Finally, the OIG recommends the development of a mechanism, or "dashboard," that allows for effective communication of appropriate compliance and performance-related information to a nursing facility's board of directors and senior management.

Finally, the draft guidance discusses the importance of self-reporting any credible evidence of misconduct in nursing facilities. The OIG believes that these disclosures should be made within a reasonable period of time (not longer than 60 days) after determining that there is credible evidence of a violation, to demonstrate a facility's good faith and willingness to work with governmental authorities to correct and remedy the problem. The OIG has published the Provider Self-Disclosure Protocol to encourage providers to make these voluntary disclosures.[4]

The OIG will review all comments received timely, will incorporate recommendations as appropriate, and will prepare a final version of the guidance for publication in the Federal Register. To ensure consideration, comments regarding the draft guidance must be provided to the OIG no later than 5 p.m. on June 2, 2008.

[1] Copies of all CPGs are available on the OIG website, http://www.oig.hhs.gov/fraud/complianceguidance.html.

[2] See 65 Fed. Reg. 14289 (Mar. 16, 2000), "Publication of the OIG Compliance Program Guidance for Nursing Facilities," also available athttp://oig.hhs.gov/authorities/docs/cpgnf.pdf.

[3] See 73 Fed. Reg. 4248 (Jan. 24, 2008), "Solicitation of Information and Recommendations for Revising the Compliance Program Guidance for Nursing Facilities," also available athttp://oig.hhs.gov/authorities/docs/08/CPG_Nursing_Facility_Solicitation.pdf.

[4] See 63 Fed. Reg. 58399 (Oct. 20, 1998), "Publication of the OIG's Provider Self-Disclosure Protocol," also available athttp://oig.hhs.gov/authorities/docs/selfdisclosure.pdf.