The 60-Day Repayment Rule and False Claims Act

Providers Get Another Push Into Proactive Compliance

The Patient and Program Protection Act (“PPACA”) added a number of additional tools to the government’s fraud fighting arsenal.  One of those tools is found in PPACA Section 6402 and requires providers to repay any overpayments to government health programs within 60 days of identification.  Like most “anti-fraud” provisions that the government has implemented, the 60-day repayment rule presents risk to even the most honest provider and represents yet another statement to the provider community that the federal government expects them to adopt effective compliance programs that are tailored toward self detecting.

Newly issued proposed regulations implementing the 60-day repayment rule make the government’s objectives absolutely clear.  These regulations broadly define when a provider is deemed to have “identified” an overpayment.  Identification is not limited to cases where there is actual knowledge that an overpayment exists.  Rather, a provider will be deemed to have “identified” an overpayment if the provider acts in reckless disregard or deliberate ignorance of the overpayment.  CMS makes it clear that their approach “gives providers and suppliers an incentive to exercise reasonable diligence to determine whether an overpayment exists.”  CMS adds that “without such a definition, some providers and suppliers might avoid performing activities to determine whether an overpayment exists, such as self-audits, compliance checks and other additional research.”  In short, CMS is affirmatively stating that providers need to adopt an ongoing program to detect potential overpayments and other compliance problems or risk being subject to the penalties for failing to repay amounts that would have been detected if an effective compliance and auditing plan was being operated.

A closer look at the penalties for failing to make repayment within 60 days of identification brings into focus the importance of operating a compliance program.  Failure to meet the 60-day repayment deadline makes all “identified” payments a False Claim under the Federal False Claims Act.  Penalties under the Federal False Claims Act include triple the amount of the repayment, plus up to $11,000 per claim.  Calculations of liability very quickly add up, especially where they result from a systematic billing error that goes undiscovered for a long period of time.  If CMS determines that the overpayment should have been discovered through a compliance and audit plan, the statute permits them to be rather draconian in their assessment of damages.  To make matters worse, proposed regulations permit the government to “look back” for up to 10 years.

 To reduce the risk of exposure to false claims act liability, providers should adopt compliance and audit programs that are tailored to the nature and size of their business.  There is no “one size fits all” when it comes to compliance.  Hospitals and health systems should have robust compliance programs covering their entire operations.  Compliance should be under the auspices of a compliance officer who has a direct reporting relationship to the board of directors.  It is normally recommended that the compliance officer not report to legal counsel or the CFO.

Smaller organizations such as small physician groups can adopt an appropriately scaled compliance plan.  A “compliance responsible” individual can be appointed.  Audits can cover billing issues and other risk areas that are unique to the practice.  It is important that the compliance program be appropriately scaled and focused on the critical risk areas of the specific provider.  Too narrow of coverage creates risk that typical problems are not detected and corrected.  Too broad of coverage makes it impossible to fulfill the plan and creates a roadmap of what is not being done.