The Affordable Care Act (ACA) includes a compliance mandate for all Medicare and Medicaid providers. To date, skilled nursing facility compliance planning has received the lion’s share of attention because Section 6102 of the ACA mandates that Medicare skilled nursing facilities (and Medicaid nursing facilities) adopt compliance programs by March 2013. However, all other classes of Medicare and Medicaid providers- including physicians, DME suppliers, pharmacies, home health agencies, and hospice providers – also have an undated compliance program mandate as well. Section 6401 of the ACA does not provide either a deadline or details on the core requirements, but does mandate that they adopt compliance programs, yet. At some point in the near future, these details will be forthcoming from the Department of Health and Human Services (HHS).

As a result of the greater detail provided by HHS with respect to skilled nursing facilities and in other areas of HHS enforcement, providers already have a good idea of what mandatory compliance programs will look like. In a September 2010 proposed rule, HHS signaled that the compliance program core elements under Section 6401 are anticipated to be similar to the core elements for skilled nursing facilities, which in turn are derived from the original articulation of the U.S. Federal Sentencing Guidelines Manual as to the elements of effective compliance. Those elements include (1) adoption of policies, procedures and standards to ensure that the provider entity follows federal and state legal and regulatory requirements; (2) effective oversight of compliance (i.e. designation of a compliance officer and compliance committee charged with the responsibility for developing, operating, and monitoring the compliance program, with authority to report to the head of the organization); (3) employee screening; (4) training and education of the workforce so that representatives of the entity understand roles and responsibilities, as well as policies, procedures and standards; (5) consistent enforcement of the policies and procedures, including discipline and corrective action; (6) monitoring and auditing to ensure compliance and identify weak spots; (7) creating and maintaining effective lines of communication between the compliance officer and the workforce, including hotlines and a process to enable anonymous complaints and protect whistleblowers; and (8) periodic reassessment, revisions, and updating of the compliance program to ensure its efficacy.

The details of compliance program elements will inevitably be tailored to fit each different type of provider. Physicians, for example, will require very different policies and procedures than DME suppliers, reflecting their distinct regulatory requirements. Entity size will also make a significant difference to compliance program structure: organizations with distinct sites of services and large workforces will require much more extensive oversight and personnel than single office, small providers. However, the fundamental structure of compliance programs articulated above will be applications of the same eight core elements. This means that there is nothing to prevent any Medicare/ Medicaid provider from beginning to work on a compliance program immediately. When HHS finally promulgates regulations, certain “tweaks” may be required, but any compliance program premised on the eight core elements will likely be well on its way to meeting the specifics of the mandate.

The big question for Medicare/Medicaid providers other than skilled nursing facilities is: should you do anything now? Or should you simply sit back and wait until the requirements and their deadlines are better defined?

Our recommendation that all providers begin the process of building compliance programs now is not a matter of self-interest. There are good reasons to start working on your own organization’s compliance program immediately.

First, developing a compliance program is time consuming. We have helped dozens of Medicare providers put together policies, procedures, and standards, for example, and it is a time-consuming process. Although it may be possible to find templates of other organization’s policies and procedures, it is inadvisable simply to “shop” for policies and procedures and adopt them without customizing them. Indeed, having policies and procedures that are not used or followed may place a provider in a worse legal position than not having policies and procedures at all. After the time needed to develop policies and procedures that are tailored to the organization, the next significant issue is the time needed to train and educate the workforce on them. The simple fact is that developing a compliance program the right way is slow work, meaning that it is better to start sooner rather than later.

Second, the process of implementing a compliance program is not merely time-consuming, but requires a significant culture change. Employees in most organizations are slow to understand, let alone follow, new requirements of disclosure, transparency, and accountability. Getting cooperation is a process that often takes months, if not years, with constant reinforcement. The challenge is to take a set of statements, principles, and documents and convert them into a working system. This transition is essential, because a compliance program that is “for show” may be worse than no compliance program at all. Government regulators are ultimately not interested in seeing the formalities of the plan, but rather in demonstration that a provider had truly adopted a systemic process to fix problems proactively. Beginning the compliance process now, knowing that the formal requirement may be several years off, enables providers to take time that may not be available when the mandate is finally announced, to change the culture of the organization in a gradual, measured, and real way.

Third, perhaps the most compelling reason to begin working on compliance now is that, while the formal deadline remains on the horizon, Medicare and Medicaid enforcement is not waiting for any forthcoming deadline to kick in. Regulators have already ramped up – and are continuing to increase – their enforcement efforts. The number of fraud and abuse administrative actions and prosecutions is dramatically increasing, and expected to increase even more steeply in the coming months and years. The one point all federal and state government representatives agree upon – across all political lines – is that getting tougher on providers is the key to curbing government healthcare spending and perceived waste, fraud, and abuse. As a result, the tools used by government – increased data mining, oversight, and suspensions – are making it more likely that any “warts” inside an organization are likely to be discovered and result in recoupment, penalties, and worse. In an era of more audits, more investigations, and more demands for repayments, Medicare and Medicaid providers need to act now to protect themselves. There may be no better protection than developing an effective compliance program today.

Fourth and finally, although compliance programs flow from government mandates, an effective compliance program has enormous power not only to keep the organization out of trouble, but to help achieve strategic goals. By making a long-term commitment to compliance, organizations can ensure that their workforces are aligned and working cooperatively to meet objectives in a transparent and accountable way. The information gleaned through the compliance process can be used effectively not only to identify problems, but also to identify strengths and opportunities.

For all of these reasons, it is no surprise that the largest healthcare organizations, from hospital health systems to pharmaceutical manufacturers have not waited for government mandates to adopt compliance programs. Rather than waiting until the last moment, Medicare and Medicaid providers would benefit from beginning to work on compliance programs now.

Harry Nelson chairs Nelson Hardiman’s Compliance Group, which helps providers design and implement compliance programs and provides ongoing compliance counseling. For more information on how Nelson Hardiman can help your organization design and implement its own compliance program, or for how Nelson Hardiman and its strategic partners can provide outsourced compliance solutions, please contact him at