The Georgia Scroll
October 1998
Effective Corporate
Compliance Programs
Avoid Penalties and Potential Liability
Submitted by: Kim Striner
Senior, Ernst & Young, LLP
The Office of the Inspector General ("OIG") notes that compliance programs should prohibit the employment of individuals or the execution of contracts with companies that have been convicted of a criminal offense in health care or that are listed by a federal agency as debarred, excluded, or otherwise ineligible for participating in federally funded health care programs. Compliance programs that do not accomplish the above may be deemed as ineffective and not afford an organization protection during a federal investigation. Furthermore, Section 4304 of the Balanced Budget Act of 1997 provides for civil monetary penalties for persons who contract (by employment or otherwise) with an individual or entity that the person knows or should know is excluded from participation in a federal health program.
Provider applicants for initial enrollment in the Medicare program or for a change of ownership must complete HCFA Form 855, which includes the following certification:
"Neither the individual practitioner, nor the company, nor any owner, director, officer, employee of the company or any contractor retained by the company or any of the aforementioned persons, currently is subject to sanction under the Medicare/Medicaid program or debarment, suspension, or exclusion under any other Federal agency or program, or otherwise is prohibited from providing services to Medicare beneficiaries."
Health care organizations should not engage in business relationships with entities or employee individuals who are likely to create a potential liability for either the organization or its executives. Individuals and entities that have been the subject of adverse actions or sanctions by duly authorized enforcement or disciplinary agencies should be known to your organization.
Civil liability can arise from tort claims alleging malpractice, dereliction of duties, or misconduct, and substantial criminal penalties can arise as a result of similar conduct. Individuals or entities with a history of legal misconduct may also create problems for health care providers with enforcement agencies. The United States Sentencing Commission’s "Guidelines for Organizations", as well as the standards of the OIG’s Model Compliance Plans, address the government’s expectations that providers will guard against the retention of entities and individuals with a history of disciplinary actions taken by sanctioning or licensing authorities.
To this end, health care organization should conduct thorough background checks of current and future employees, as well as vendors and strategic partners doing business with your organization. Over 170,000 sanctioned individuals and other entities have been reported by over 200 sanctioning bodies across the country; databases of sanctioned individuals and entities are available for your use. Whatever database your organization uses, ensure it is as complete and accurate as possible. Also, consult with your legal counsel to establish appropriate procedures for investigating and taking action concerning sanctioned individuals or entities the database identifies.
The fact that an individual or entity has been subject of adverse action should not automatically preclude having a relationship with that person or entity. Knowing of the past sanction history is very important, however, in evaluating whether and how that may affect any current relationship and can help a provider organization to effectively mitigate and manage the potential risks.
Kim Striner is a Senior with Ernst & Young, LLP. She is currently serving in Ernst & Young’s National Corporate Compliance Health Care Industry and in this role provides assistance to Ernst & Young personnel throughout the United States with corporate compliance related issues.
Last modified: June 22, 2001