Setting Up Your Internal Reporting Mechanism
One of the primary elements in a Compliance Program is the creation of a system that permits employees and others to provide information regarding potential compliance issues without fear of retaliation. In larger organizations, multiple pathways permitting employees to make anonymous complaints should be maintained. Oftentimes providers use 24 hour compliance “hotlines.” Online reporting systems or “drop boxes” are also commonly used. Whatever system is used, it is crucial that employee understand that they are encouraged to provide information and that there is a clear prohibition against others in the organization retaliating against them for providing information. It should also be made clear to employees that wherever possible the identity of the person providing the information will be kept confidential.
Establish Compliance Reporting Process
The establishment of the compliance reporting process and communication to employees that retaliation will not be tolerated is a central element to an effective compliance program. Such a system will help the practice obtain valuable information, hopefully early on, before the issue becomes a big problem. Additionally, the openness of the program will send a strong signal to the outside world, such as government regulators, that the organization takes compliance seriously.
If information is obtained through the hotline system it must be taken seriously. Certainly not every piece of information will be reflective of a serious compliance problem, and an employee could potentially have other motives for making a compliant. Regardless, it is crucial that the information be acted upon and that the action be documented. If the compliance officer concludes that there were alternative motivations for the complaint, that fact should be substantiated and documented. If an objective investigation indicates that there could be a compliance issue, the matter needs to be pursued through an appropriate outcome. Depending on the circumstances and the result of a thorough investigation, the outcome could range anywhere from additional training through a self disclosure to the government.
Due Diligence of Compliance Issues in Acquisitions
Successor liability issues are a central factor to consider when assessing the scope of compliance due diligence. The acquiring organization must assess the degree to which it will assume liability for the past obligations of the target company. If there is no risk that past obligations for compliance issues will be assumed, compliance efforts can at least conceptually be focused on integrative activities rather than assessive activities. In effect, if there is no risk of successor liabilities, the acquiring organization can focus on the future, at least when it comes to compliance issues. Of course there is never a perfect world and likewise, there is never a perfectly “clean” deal when it comes to successor liability. This is particularly true in the health care industry, which has some counteractive rules regarding successor liability.
Normally, if an asset acquisition takes place, the acquiring entity will only assume the liabilities that it expressly assumes or which attach to the assets that it is acquiring. Normally, the closing process will result in satisfaction of liabilities that might attach to the acquired assets. Past Medicare liabilities can be an exception to this general rule. Under Medicare rules, even if the transaction is structured as an asset purchase, all of the past provider’s Medicare liabilities will be passed forward to the acquiring provider. This is because the Medicare change of ownership rules (sometimes referred to as CHOW rules) provide for the automatic assignment of the past provider’s Medicare provider agreement. By virtue of the automatic assignment of the provider agreement, the acquiring party is deemed to assume virtually all past Medicare obligations of the target company.
Federal courts have consistently upheld these rules and have held the acquiring organization liable for past obligations. Federal cases have specifically held acquiring parties for overpayments that were previously paid to the seller and civil penalties arising out of the actions of the seller that occurred before the acquisition.
The outside parameters of successor liability are yet to be tested in the context of recently expanded health care fraud and abuse laws. Medicare regulations specifically state that the acquiring party does not assume past obligations based on personal fraud. However, questions still remain whether corporate fraud can be assumed under successor liability theories. Issues regarding the extent to which liability based on “knowledge-based” statutes, such as the False Claims Act, can be passed on to the acquirer. Our initial reaction may be that it is not possible to assume responsibility for a knowledge-based violation. But what about violations that are invoked based on the “reckless disregard” for the truth? Is it possible that failure to perform reasonable due diligence could be construed as “reckless disregard?”
Medicare rules permit the acquiring organization to specifically reject the provider agreement of the previous entity. However, there are very specific, time sensitive requirements for effectively rejecting past obligations. Additionally, rejection will require the acquiring party to obtain independent certification and enter into a new provider agreement. This process will inevitably result in interruption of revenues to the acquiring party. This will in turn affect purchase price and other business factors.