Long-Term Care Providers: COVID-19 Relief Funding, Oversight, and the Strings Attached
Over the past year, long-term care providers have received unprecedented amounts of federal funding as a result of the COVID-19 pandemic. While this was, (and still is) much needed, we all know the federal government does not just give out significant sums of money and say, “Alright, thanks for playing. Enjoy.”
Now that providers have this money and have used this money, what internal systems and oversight do providers have in place to prepare for when the federal government wants to see what was done with it in comparison to provider performance during the pandemic?
Not only do providers want to avoid recoupment of these funds, but they also want to avoid potential claims of fraud and abuse related to federal relief funds and overall compliance during the pandemic. A functioning and effective corporate compliance program can help providers mitigate these risks.
The Office of Inspector General (OIG) wants the public to report long-term care facilities to law enforcement, state agencies, Medicaid Fraud Control Units, or the OIG where the following is suspected or identified:
- Unsafe practices resulting in COVID-19 exposure, including employees not following COVID-19 infection control precautions
- Fraudulent health care claims
- Quality of care issues, specifically poor hygiene and sanitation practices and failure to transfer ill residents to the hospital in a timely manner
- Patient harm and neglect
Why Should Long-Term Care Providers Care About COVID-19 Relief Funding and Oversight?
The Office of Inspector General (OIG) inspecting fraud, waste, and abuse claims for long-term care providers who accept funds from the federal government is nothing new, but during the COVID-19 pandemic, the OIG reported seeing a spike in the number of reports of harm and neglect in assisted living and nursing homes. Because of this, they are ramping up their encouragement of the public to come forth with concerns regarding patient safety and fraud, as portrayed in this video.
The OIG has also been given the authority by the U.S. Department of Health and Human Services (HHS) to audit providers’ use of billions (yes, billions with a “B”) of dollars in Coronavirus Relief Fund payments through the CARES Act directed at long-term care, and to recover funds in the event they determine an organization failed to comply with requirements.
How Much Data is Really Out There?
In addition to the influx in federal aid, federal oversight throughout the pandemic has dramatically increased through the means of data mining. The federal government knows the number of COVID-19 cases in each facility through the National Healthcare Safety Network (NHSN) reporting. They know providers’ adherence to infection control protocols through focused infection control surveys. They know providers’ staffing data through Payroll-Based Journaling (PBJ), Provider Enrollment Chain and Ownership System (PECOS) data, and cost reporting information regarding how provider funds are being allocated.
Adding to this seemingly elongating list, is the proposed reporting of staff COVID-19 vaccination rates that accompanies the latest SNF Prospective Payment System proposed rule for fiscal year 2022 from the Center for Medicare and Medicaid Services (CMS). In the eyes of the federal government, all of this data puts a story together on providers’ overall performance during the pandemic. If federal relief funds were accepted and providers signed the attestation agreeing to the terms and conditions, providers best have a good understanding of what those are to maintain compliance and understand the public availability of their data. How many providers accepted the money without really reading the “fine print”? My guess is too many. While many of these sources of information may be specific to skilled nursing facilities, assisted living and other care providers are not off the hook…
How the False Claims Act Impacts Long-Term Care Providers
How does The False Claims Act (FCA) come into play with all of this? The FCA is a law that prohibits companies from making false statements in order to receive payment from the federal government. When we think of false claims, our mind automatically goes to the financial operations of submitting fraudulent billing claims. However, arguably the more concerning and likely situation that may lead to false claims is embedded in the care delivery side of operations.
Medicare Fraud Strike Force Teams bring together efforts of the OIG, DOJ, U.S. Attorneys Office, FBI, and local law enforcement to investigate and prosecute healthcare fraud, waste, and abuse using data analytics.
Providing substandard care and billing for it at the rate as if appropriate care was given is considered a false claim. In the time of COVID-19, this also means not following the stringent infection control protocols, while still accepting payments and claiming to be in compliance. The Department of Justice (DOJ) announced in 2020 the creation of a specialized task force that would be investigating “gross substandard care” in nursing homes, with both criminal and civil penalties on the table for owners and operators. The phrase “gross substandard care” is referred to the equivalent of providing no services at all. With all of the provider information made available as a result of the pandemic, particularly NHSN and infection control survey data, federal agencies have more tangible information over a longer period of time to support their position of an organization providing “gross substandard care”. Again, it is not just inappropriate billing practices that apply to false claims, but how the quality of care provided fits into that.
Assisted Living, Home Care, and Social Services Entities, This is for You Too…
Medicaid Fraud Control Units (MFCUs) are overseen by the OIG and were quite active in 2020 despite the pandemic. In fiscal year 2020, MFCUs were responsible for 9 criminal convictions and 3 civil settlements for fraud, abuse, and neglect in assisted living facilities, resulting in roughly $1.8 million of recoveries. Over $25 million in recoveries from skilled nursing facilities was the result of 12 criminal convictions and 18 civil settlements for fraud, abuse, and neglect. And that’s not all. At the end of fiscal year 2020, there were still almost 300 open criminal cases and 17 open civil cases for assisted living, and almost 1,000 open criminal cases and over 250 open civil cases for skilled nursing facilities.
Personal care service attendants and agencies actually had the highest number of fraud convictions of all the provider types in FY 2020, comprising 47% of fraud convictions.
Bottom line, the MFCUs are not relaxing enforcement due to the pandemic, and will likely increase enforcement efforts as a result of relief fund payments.
You reside in a state where legislation has been passed that provides immunity to providers from liability due to COVID-19 exposure. You are feeling secure that you cannot be sued for someone in your organization contracting COVID-19.
What’s that you say?
You’ve been found to be severely negligent in following infection control standards?
Well, you are no longer immune from liability suits due to COVID-19 and could face a False Claims suit in addition to a separate civil suit from the accuser. A doozy of a double-whammy.
Did you know Wisconsin has its own dedicated Medicaid Fraud Control and Elder Abuse Unit as a part of the Wisconsin Department of Justice?
WI MFCU Outcomes FY 2020
- Investigations – 180
- Indicted/Charged – 2
- Convictions – 6
- Civil Settlements/Judgments – 19
- Recoveries – $16,443,724
Another significant concern arising for long-term care providers as a result of the pandemic, is that of the “Whistleblower”. The FCA allows individuals with knowledge of fraudulent activity to become whistleblowers, and bring suit against a provider on behalf of the government. The DOJ and plaintiff attorneys are actively encouraging people to blow the whistle on nursing homes and assisted living providers. Anyone with knowledge of fraud can bring a whistleblower lawsuit under the FCA, but it is by far most commonly employees.
75% of False Claims Act cases come from whistleblowers, but that percentage may go down as DOJ and OIG both rely more heavily on provider data to come to their own conclusions versus relying on the public. If the suit is successful, the whistleblower can be entitled to up to 30% of any money recovered in the case, therefore, there is a heavy incentive for people to blow the whistle. HHS has made publicly available the names of recipients and the amounts received for all providers who accepted COVID relief funds. By accepting funds, providers consented to HHS publicly disclosing the payments that were received from the Relief Fund. I like to think the best of people, but we all know that 30% of those sums of money providers received would be quite tempting for some.
OSHA’s Role in Oversight
We already mentioned HHS, OIG, DOJ, and CMS, but let’s bring another regulatory agency into the picture, shall we? The Occupational Safety and Health Administration (OSHA)’s Whistleblower Protection Program already enforces twenty whistleblower statutes protecting employees from retaliation for reporting violations. They have now been tasked with overseeing worker retaliation complaints under two new Whistleblower Statutes. Under the Criminal Antitrust Anti-Retaliation Act and Anti-Money Laundering Act, OSHA will investigate whistleblower’s complaints of employer retaliation against employees who report criminal antitrust or money laundering violations, or those who participate in such an investigation.
In addition, OSHA released their COVID-19 National Emphasis Program (NEP) on March 12, 2021, for which they will be targeting establishments where employees have a higher risk of contracting COVID-19 (which of course includes long-term care), as well as focusing on retaliation against employees who report safety and health concerns, and referring allegations of retaliation to the federal Whistleblower Protection Program. We have a real regulatory agency smorgasbord here, don’t’ we?
How an Effective Corporate Compliance Plan Can Help
Have I sufficiently made you paranoid between the data mining, whistleblowers, false claims, and the government’s tightening grip around our industry? If so, that is not the intent here. These are issues that may seem far away at an individual provider level (especially when caught up in the day-to-day operations in a “normal” time period, not to mention operating in the time of COVID-19), but these areas of organizational risk are very real and pose significant harmful impact if they were to come to fruition.
Who would I be to present the problems without a potential solution to help protect organizations from all of these possible threats? It is a challenge for providers to keep a finger on these areas of risk because they can be so broad and seemingly intangible, but it is becoming increasingly important to have internal systems in place at an organization level to help mitigate compliance risks, and that is where a corporate compliance program comes in.
Corporate Compliance Programs for Long-Term Care Providers
Corporate compliance is the use of internal controls to adhere to statutes, regulations, and program requirements at an organizational level. It is the umbrella of checks and balances over an organization. It is a system of policy and procedure management, identifying and assessing organizational risk, proactively auditing these areas of risk within our departments, and continuous monitoring efforts to keep organizations operating at a pristine level of compliance. It is the system of how top leadership all the way up to the governing body keeps a pulse on operations and hold them accountable to the compliance of such operations. Referring back to the areas of risk discussed above (and beyond), a solid corporate compliance and ethics program is the best tool in your tool belt to ensure overall organizational compliance.
Corporate compliance is not a new concept, but how many organizations are actually utilizing a living, breathing corporate compliance program in their risk mitigation efforts? Many providers have a corporate compliance policy that checks a box for regulatory compliance, but are not doing anything with it.
I was completely guilty of that in my years as a nursing home administrator, and I did not understand until I started seeing things from this side of the equation as a risk manager just how essential and beneficial it can be when done right. Our team has seen time and time again that organizations have these pretty policies that are shared amongst each other, but the policy is not put into practice. We all know bad things happen when we have a policy and are not following it, but somewhere down the line this became acceptable in realm of corporate compliance.
It is better to have a policy that meets the minimum requirements and do those things well (or to have no policy at all, frankly) than to have a detailed, extensive policy and not be doing anything with it. Even providers who are not regulatory bound to have a corporate compliance program, assisted livings for example, should consider its implementation and the benefit of internal controls it can provide for maintaining organizational compliance.
Corporate Compliance Assists with Communication to Leadership
As providers, we need a system in place to ensure the CEO and Board of Directors are aware of what is going on in the organization, and corporate compliance is a means to accomplish this. They of course do not need to know the day-to-operational items, but they need to know of any significant issues that could drastically affect the organization. With an effective corporate compliance program in place, the CEO and Board of Directors cannot just turn a blind eye to what is going on in the organization and are held accountable to being a part of the overall compliance efforts. As a provider, ensure there is a clear system of what situations need to be escalated to the C-suites. It is when this line of communication is broken that significant organizational issues result due lack of leadership knowledge.
Corporate Compliance Assists with Communication throughout the Organization
Not only does corporate compliance address communication to top organizational leadership, but also communication throughout the organization as a whole. Is there a system in place for staff to follow regarding concerns in the realm of fraud and abuse? Do staff know what that system is? Does this include an anonymous method of reporting? Are those tasked with responding to concerns held accountable for doing so timely, thoroughly, and without any hint of retaliating against reporters? A specific policy and procedure addressing whistleblowers and anti-retaliation and protecting their anonymity is strongly encouraged, as well as to address this in the corporate compliance plan.
Much like a hazard vulnerability assessment for emergency preparedness, a corporate compliance program should also undergo an assessment of risk. What is the likelihood certain issues will occur, and if they were to occur, what is the potential impact on the organization? Use this information to concentrate compliance efforts to the highest likely events with the highest potential organizational impact. Consider involving all of organizational leadership in this process (Board of Directors, executives, corporate compliance committee, department management), as each has a different perspective and knowledge of operations. The risk assessment will determine what specific areas the auditing and monitoring plan should entail.
Oftentimes we get so stuck in the mindset of abiding by regulations that we do not think about the other parts of compliance- abiding by the law, Medicare and Medicaid program rules, and fraud and abuse claims. In addition, keeping as many dollars as possible in the pockets of long-term care providers is an urgent need, as we are all well aware. Operating ethically and responsibly also strengthens provider reputations within their communities, which leads into census stabilization and growth. The systems that are needed to have a strong corporate compliance program go hand in hand with a strong workplace culture, which of course leads into staff retention, arguably the biggest concern of all. And, of course, providing the best quality of services we can while being financially sustainable.
If you took nothing else away from this article, let the following points sink in:
- It may seem like this is nothing new for long-term care, but providers are increasingly under the microscope of federal agencies. The tolerance for poor care and operations is lessening, especially with the more federal “skin in the game” from the provider relief funds.
- Understand how much of your data is at the fingertips of the public and governmental agencies, and how that can be used to depict a story. What would your story say?
- Be tight on your infection control practices. This is not just a survey issue, but a litigation and governmental funding program issue. What systems are in place to oversee this? If it’s your QA/QAPI program, great, but who/what system is overseeing QA/QAPI? If you’d like to learn more about the relationship and differences between QA/QAPI and Corporate Compliance, check out this article.
- What does your organization have in place to address anti-retaliation and whistleblowers? If you have a policy and procedure, ensure that staff know about it. Review your organizational process and actual practices for addressing staff complaints timely and thoroughly. Remember, whistleblowers can be entitled to up to 30% of any money recovered in a case.
- You might have a great financial manager overseeing the allocation and documentation of provider relief funds, but trusting they are doing so appropriately and compliantly is not enough. What checks and balances are in place at an organizational level ensure compliance to avoid future recoupments, or worse, false claims?
- Is your corporate compliance plan sitting in a corner and collecting dust? This is your best defense in mitigating the risks of such large organizational risks such as fraud and abuse, so give it some CPR and bring it back to life.