In the March 3, 1997, issue of the Federal Register, the Department of Health and Human Services' Office of the Inspector General ("OIG") published for the first time a model voluntary corporate compliance program specifically for use by clinical laboratdics. Prior to distributing this model compliance program, the OIG's guidance on the substance of a corporate compliance program was available only by reviewing a compliance program included as part of an entity's settlement with the government for a health care fraud investigation. This is the first time that the government is providing general corporate compliance program guidance on a prospective basis.

Although this proposed corporate compliance program is specific to the clinical laboratory industry, it is instructive as to the government's general views towards a health care provider's responsibility to combat health care fraud within its own company. Additional model corporate compliance plans that relate to other areas of the health care industry will be forthcoming from the OIG.

Most significant in this new issuance is the OIG's concept that a clinical laboratory has a responsibility to monitor and instruct its physician customers with respect to the ordering of medically necessary tests, a responsibility that laboratories traditionally have considered to be the responsibility of the ordering physician. It remains to be seen whether this will be a common theme for other health care industry segments that rely on the ordering physician for determinations of medical necessity with respect to services furnished to federal health care program beneficiaries.

Therefore, given the increased focus on the investigation and prosecution of health care fraud, the apparent high standards the OIG intends to impose on health care entities to know and abide by the full range of complex rules and regulations, and the emphasis now being placed by the government on having compliance programs, each and every health care entity, especially clinical laboratories, that seeks payment under a federal or state health care program should consider adopting and implementing an "effective" corporate compliance program.

Overview of Corporate Compliance Programs

A health care entity can reduce certain criminal penalties or sentences in the event the government pursues an enforcement action with the proactive establishment of a corporate compliance program. In fact, the Federal Sentencing Guidelines take into account the existence of a corporate compliance program in establishing criminal sentencing ranges and provide that an entity's culpability score (used to establish the magnitude of criminal penalty to be imposed) will be lessened "if the offense occurred despite an effective program to prevent and detect violations of law." In addition to lessening potential criminal penalties, effective corporate compliance programs may be helpful in settlement negotiations with the federal government in both civil and potentially criminal matters. Indeed, the OIG notes that the existence of a corporate compliance program "may be a relevant factor in negotiations with the [OIG]." Nevertheless, failure to prevent or detect the offense does not mean that the compliance program was per se ineffective. Instead, the Federal Sentencing Guidelines provide that [t]he hallmark of an effective program to prevent and detect violations of law is that the organization exercised due diligence in seeking to prevent and detect criminal conduct by its employees and other agents."

The Federal Sentencing Guidelines identify seven minimum requirements that an entity must meet in order for a corporate compliance program to be considered an "effective program to prevent and detect violations of law" (e.g., the entity must have established compliance standards and procedures that are reasonably capable of reducing criminal conduct for its employees and other agents; high-level personnel of the entity must have overall responsibility to oversee compliance with such standards and procedures; and there must be a mechanism in place for employees to report potential compliance issues without fear of retribution). Aside from these relatively general requirements, until the OIG published this model laboratory compliance program, the government had provided very little instruction concerning the specific substance and requisite components of an "effective" corporate compliance program to combat health care fraud.

Significant Aspects of the OIG's Model Corporate Compliance Program

Implementation of the OIG's model corporate compliance program is not mandatory. In the introduction to the model plan, the OIG states that it is "not suggesting that all laboratories must implement all of the compliance elements discussed in this document, nor do we suggest that a laboratory that does not incorporate all of these elements will be at a disadvantage when under the scrutiny of the OIG or other governmental agency."

According to the OIG, this model voluntary compliance program is intended to benefit laboratories both with and without corporate compliance programs currently in place. The model program provides a framework for clinical laboratories to use in the initial development of their own corporate compliance programs. In addition, a laboratory that has already developed a compliance program may find the model program helpful in identifying sections of their program that require revision according to the OIG's priorities.

The OIG asserts that a comprehensive corporate compliance program should, at a minimum, include the following eleven elements:

  1. written standards of conduct for employees;
  2. the development and distribution of written policies that promote the laboratory's commitment to compliance and that address specific areas of potential fraud, such as billing, marketing and claims processing;
  3. the designation of a chief compliance officer or other appropriate high-level corporate official who is charged with the responsibility of operating the compliance program;
  4. the development and offering of educational and training programs to all employees;
  5. the use of audits and/or other evaluation techniques to monitor compliance and ensure reduction in identified problem areas;
  6. the development of a company code of improper/illegal activities and the use of disciplinary action against employees who have violated internal compliance policies or applicable laws or who have engaged in wrongdoing;
  7. the investigation and remediation of identified systemic and personnel problems;
  8. the promotion of and adherence to compliance as an element in evaluating supervisors and managers;
  9. the development of policies addressing the non-employment or retention of sanctioned individuals;
  10. the maintenance of a hotline to receive complaints and the adoption of procedures to protect the anonymity of complainants; and
  11. the adoption of requirements applicable to record creation and retention.

Significantly, one of the elements of the OIG's model laboratory compliance program relates specifically to a laboratory's legal responsibilities with respect to the key determination of "medical necessity." In particular, the OIG states that "laboratory compliance plans should ensure that claims are only submitted to federally funded health care programs for services that the laboratory has reason to believe are medically necessary."

Although the OIG acknowledges that laboratories do not ultimately make decisions regarding "medical necessity," under the model corporate compliance program, the OIG suggests that laboratories should assume responsibility for ensuring that "claims are only submitted to federally funded health care programs for services that the laboratory has reason to believe are medically necessary." To this end, the OIG's model corporate compliance program requires laboratories to take very specific affirmative steps to attempt to ensure that physicians only order "medically necessary" tests. These steps include, but are not limited to:

  1. modifying the laboratory's requisition forms to require physicians to document more specifically the need for each test ordered by inserting a diagnosis code for each such test;
  2. requiring the laboratory to send physician customers an annual notice explaining the Medicare program's policy regarding medical necessity and educating the physicians on billing issues; and
  3. retaining and analyzing data from year to year for the top 30 tests the laboratory performs to determine whether the number of claims for a test has increased by more than 10% from the previous year and if so to inquire as to the cause of such growth.

It is questionable whether a court of law would agree that an effective corporate compliance program would require such aggressive monitoring of the physician community by the provider community. This is particularly relevant to other similarly situated health care providers that rely on physician determinations of medical necessity, such as hospitals, retail pharmacies, and other types of home care providers.

If you would like a copy of this model corporate compliance program, or would like additional information regarding corporate compliance programs in general, please contact Lynn Shapiro Snyder, Carrie Valiant, Retta Riordan or David Matyas in our Washington, D.C. office at (202) 861-0900, or the member of the firm who normally handles your legal matters.

Jump to Page

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.