OIG Supplemental Compliance Program Guidance for Hospitals, 4858-4876 [05-1620]

Agencies

• DEPARTMENT OF HEALTH AND HUMAN SERVICES
• Office of Inspector General
• Inspector General Office, Health and Human Services Department

[Federal Register Volume 70, Number 19 (Monday, January 31, 2005)]
[Notices]
[Pages 4858-4876]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 05-1620]



[[Page 4858]]

-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Office of Inspector General


OIG Supplemental Compliance Program Guidance for Hospitals

AGENCY: Office of Inspector General (OIG), HHS.

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: This Federal Register notice sets forth the Supplemental 
Compliance Program Guidance (CPG) for Hospitals developed by the Office 
of Inspector General (OIG). Through this notice, the OIG is 
supplementing its prior compliance program guidance for hospitals 
issued in 1998. The supplemental CPG contains new compliance 
recommendations and an expanded discussion of risk areas, taking into 
account recent changes to hospital payment systems and regulations, 
evolving industry practices, current enforcement priorities, and 
lessons learned in the area of corporate compliance. The supplemental 
CPG provides voluntary guidelines to assist hospitals and hospital 
systems in identifying significant risk areas and in evaluating and, as 
necessary, refining ongoing compliance efforts.

FOR FURTHER INFORMATION CONTACT: Darlene M. Hampton, Office of Counsel 
to the Inspector General, (202) 619-0335.

SUPPLEMENTARY INFORMATION:

Background

    Several years ago, the OIG embarked on a major initiative to engage 
the private health care community in preventing the submission of 
erroneous claims and in combating fraud and abuse in the Federal health 
care programs through voluntary compliance efforts. In the last several 
years, the OIG has developed a series of compliance program guidances 
(CPGs) directed at the following segments of the health care industry: 
hospitals; clinical laboratories; home health agencies; third-party 
billing companies; the durable medical equipment, prosthetics, 
orthotics, and supply industry; hospices; Medicare+Choice 
organizations; nursing facilities; physicians; ambulance suppliers; and 
pharmaceutical manufacturers. CPGs are intended to encourage the 
development and use of internal controls to monitor adherence to 
applicable statutes, regulations, and program requirements. The 
suggestions made in these CPGs are not mandatory, and the CPGs should 
not be viewed as exhaustive discussions of beneficial compliance 
practices or relevant risk areas. Copies of these CPGs can be found on 
the OIG Web page at https://oig.hhs.gov.

Supplementing the Compliance Program Guidance for Hospitals

    The OIG originally published a CPG for the hospital industry on 
February 23, 1998. (See 63 FR 8987 (February 23, 1998), available on 
our Web page at https://oig.hhs.gov/authorities/docs/cpghosp.pdf.) Since 
that time, there have been significant changes in the way hospitals 
deliver, and are reimbursed for, health care services. In response to 
these developments, on June 18, 2002, the OIG published a notice in the 
Federal Register, soliciting public suggestions for revising the 
hospital CPG. (See 67 FR 41433 (June 18, 2002), available on our Web 
page at https://oig.hhs.gov/authorities/docs/
cpghospitalsolicitationnotice.pdf.) After consideration of the public 
comments and the issues raised, the OIG published a draft supplemental 
compliance program guidance for hospitals in the Federal Register on 
June 8, 2004, to ensure that all parties had a reasonable and 
meaningful opportunity to provide input into the final product. (See 69 
FR 32012 (June 8, 2004), available on our Web page at https://
oig.hhs.gov/authorities/docs/04/060804hospitaldraftsuppCPGFR.pdf.) The 
OIG received comments from a variety of parties with interests in the 
hospital industry and diverse points of view. These comments were 
carefully considered during the development of this final supplemental 
CPG. While some commenters preferred a replacement CPG, for efficiency 
and to create a concise product of particular use to hospitals with 
existing compliance programs, we have decided to supplement, rather 
than replace, the 1998 guidance.
    Many public commenters sought guidance on the application of 
specific Medicare rules and regulations related to payment and 
coverage, an area beyond the scope of this OIG guidance. Hospitals with 
questions about the interpretation or application of payment and 
coverage rules or regulations should contact their Fiscal 
Intermediaries (FIs) or the Centers for Medicare & Medicaid Services, 
as appropriate.

Supplemental Compliance Program Guidance for Hospitals

I. Introduction

    Continuing its efforts to promote voluntary compliance programs for 
the health care industry, the Office of Inspector General (OIG) of the 
Department of Health and Human Services (the Department) publishes this 
Supplemental Compliance Program Guidance (CPG) for Hospitals.\1\ This 
document supplements, rather than replaces, the OIG's 1998 CPG for the 
hospital industry (63 FR 8987; February 23, 1998), which addressed the 
fundamentals of establishing an effective compliance program.\2\ 
Neither this supplemental CPG, nor the original 1998 CPG, is a model 
compliance program. Rather, collectively the two documents offer a set 
of guidelines that hospitals should consider when developing and 
implementing a new compliance program or evaluating an existing one.
---------------------------------------------------------------------------

    \1\ For purposes of convenience in this guidance, we use the 
term ``hospitals'' to refer to individual hospitals, multi-hospital 
systems, health systems that own or operate hospitals, academic 
medical centers, and any other organization that owns or operates 
one or more hospitals. Where applicable, the term ``hospitals'' is 
also intended to include, without limitation, hospital owners, 
officers, managers, staff, agents, and sub-providers. This guidance 
primarily focuses on hospitals reimbursed under the inpatient and 
outpatient prospective payment systems. While other hospitals should 
find this CPG useful, we recognize that they may be subject to 
different laws, rules, and regulations and, accordingly, may have 
different or additional risk areas and may need to adopt different 
compliance strategies. We encourage all hospitals to establish and 
maintain ongoing compliance programs.
    \2\ The 1998 OIG Compliance Program Guidance for Hospitals is 
available on our Web page at http: //oig.hhs.gov/authorities/docs/
cpghosp.pdf.
---------------------------------------------------------------------------

    We are mindful that many hospitals have already devoted substantial 
time and resources to compliance efforts. We believe that those efforts 
demonstrate the industry's good faith commitment to ensuring and 
promoting integrity. For those hospitals with existing compliance 
programs, this document may serve as a benchmark or comparison against 
which to measure ongoing efforts and as a roadmap for updating or 
refining their compliance plans.
    In crafting this supplemental CPG, we considered, among other 
things, the public comments received in response to the solicitation 
notice published in the Federal Register \3\ and the draft supplemental 
CPG,\4\ as well as relevant OIG and Centers for Medicare & Medicaid 
Services (CMS) statutory and regulatory authorities (including the 
Federal anti-kickback statute, together with the safe harbor 
regulations and

[[Page 4859]]

preambles,\5\ and CMS transmittals and program memoranda); other OIG 
guidance (such as OIG advisory opinions, special fraud alerts, 
bulletins, and other guidance); experience gained from investigations 
conducted by the OIG's Office of Investigations, the Department of 
Justice (DoJ), and the State Medicaid Fraud Units; and relevant reports 
issued by the OIG's Office of Audit Services and Office of Evaluation 
and Inspections.\6\ We also consulted generally with CMS, the 
Department's Office for Civil Rights, and DoJ.
---------------------------------------------------------------------------

    \3\ See 67 FR 41433 (June 18, 2002), ``Solicitation of 
Information and Recommendations for Revising a Compliance Program 
Guidance for the Hospital Industry,'' available on our Web page at 
https://oig.hhs.gov/authorities/docs/
cpghospitalsolicitationnotice.pdf.
    \4\ See 69 FR 32012 (June 8, 2004), ``OIG Draft Supplemental 
Compliance Program Guidance for Hospitals,'' available on our Web 
page at https://oig.hhs.gov/authorities/docs/04/
060804hospitaldraftsuppCPGFR.pdf.
    \5\ See 42 U.S.C. 1320a-7b(b). See also 42 CFR 1001.952. The 
safe harbor regulations and preambles are available on our Web page 
at http: //oig.hhs.gov/fraud/safeharborregulations.html#1.
    \6\ The OIG's materials are available on our Web page at https://
oig.hhs.gov.
---------------------------------------------------------------------------

A. Benefits of a Compliance Program
    A successful compliance program addresses the public and private 
sectors' mutual goals of reducing fraud and abuse; enhancing health 
care providers' operations; improving the quality of health care 
services; and reducing the overall cost of health care services. 
Attaining these goals benefits the hospital industry, the government, 
and patients alike. Compliance programs help hospitals fulfill their 
legal duty to refrain from submitting false or inaccurate claims or 
cost information to the Federal health care programs \7\ or engaging in 
other illegal practices. A hospital may gain important additional 
benefits by voluntarily implementing a compliance program, including:
---------------------------------------------------------------------------

    \7\ The term ``Federal health care programs,'' as defined in 42 
U.S.C. 1320a-7b(f), includes any plan or program that provides 
health benefits, whether directly, through insurance, or otherwise, 
which is funded directly, in whole or in part, by the United States 
Government (other than the Federal Employees Health Benefit Plan 
described at 5 U.S.C. 8901-8914) or any State health plan (e.g., 
Medicaid or a program receiving funds from block grants for social 
services or child health services). In this document, the term 
``Federal health care program requirements'' refers to the statutes, 
regulations, and other rules governing Medicare, Medicaid, and all 
other Federal health care programs.
---------------------------------------------------------------------------

     Demonstrating the hospital's commitment to honest and 
responsible corporate conduct;
     Increasing the likelihood of preventing, identifying, and 
correcting unlawful and unethical behavior at an early stage;
     Encouraging employees to report potential problems to 
allow for appropriate internal inquiry and corrective action; and
     Through early detection and reporting, minimizing any 
financial loss to government and taxpayers, as well as any 
corresponding financial loss to the hospital.
    The OIG recognizes that implementation of a compliance program may 
not entirely eliminate improper or unethical conduct from the 
operations of health care providers. However, an effective compliance 
program demonstrates a hospital's good faith effort to comply with 
applicable statutes, regulations, and other Federal health care program 
requirements, and may significantly reduce the risk of unlawful conduct 
and corresponding sanctions.
B. Application of Compliance Program Guidance
    Given the diversity of the hospital industry, there is no single 
``best'' hospital compliance program. The OIG recognizes the 
complexities of the hospital industry and the differences among 
hospitals and hospital systems. Some hospital entities are small and 
may have limited resources to devote to compliance measures; others are 
affiliated with well-established, large, multi-facility organizations 
with a widely dispersed work force and significant resources to devote 
to compliance.
    Accordingly, this supplemental CPG is not intended to be one-size-
fits-all guidance. Rather, the OIG strongly encourages hospitals to 
identify and focus their compliance efforts on those areas of potential 
concern or risk that are most relevant to their individual 
organizations. Compliance measures adopted by a hospital to address 
identified risk areas should be tailored to fit the unique environment 
of the organization (including its structure, operations, resources, 
and prior enforcement experience). In short, the OIG recommends that 
each hospital adapt the objectives and principles underlying this 
guidance to its own particular circumstances.
    In section II below, titled ``Fraud and Abuse Risk Areas,'' we 
present several fraud and abuse risk areas that are particularly 
relevant to the hospital industry. Each hospital should carefully 
examine these risk areas and identify those that potentially impact the 
hospital. Next, in section III, ``Hospital Compliance Program 
Effectiveness,'' we offer recommendations for assessing and improving 
an existing compliance program to better address identified risk areas. 
Finally, in section IV, ``Self-Reporting,'' we set forth the actions 
hospitals should take if they discover credible evidence of misconduct.

II. Fraud and Abuse Risk Areas

    This section is intended to help hospitals identify areas of their 
operations that present a potential risk of liability under several key 
Federal fraud and abuse statutes and regulations. This section focuses 
on areas that are currently of concern to the enforcement community and 
is not intended to address all potential risk areas for hospitals. 
Importantly, the identification of a particular practice or activity in 
this section is not intended to imply that the practice or activity is 
necessarily illegal in all circumstances or that it may not have a 
valid or lawful purpose underlying it.
    This section addresses the following areas of significant concern 
for hospitals: (A) Submission of accurate claims and information; (B) 
the referral statutes; (C) payments to reduce or limit services; (D) 
the Emergency Medical Treatment and Labor Act (EMTALA); (E) substandard 
care; (F) relationships with Federal health care beneficiaries; (G) 
HIPAA Privacy and Security Rules; and (H) billing Medicare or Medicaid 
substantially in excess of usual charges. In addition, a final section 
(I) addresses several areas of general interest that, while not 
necessarily matters of significant risk, have been of continuing 
interest to the hospital community. This guidance does not create any 
new law or legal obligations, and the discussions in this guidance are 
not intended to present detailed or comprehensive summaries of lawful 
and unlawful activity. Nor is this guidance intended as a substitute 
for consultation with CMS or a hospital's Fiscal Intermediary (FI) with 
respect to the application and interpretation of Medicare payment and 
coverage provisions, which are subject to change. Rather, this guidance 
should be used as a starting point for a hospital's legal review of its 
particular practices and for development or refinement of policies and 
procedures to reduce or eliminate potential risk.
A. Submission of Accurate Claims and Information
    Perhaps the single biggest risk area for hospitals is the 
preparation and submission of claims or other requests for payment from 
the Federal health care programs. It is axiomatic that all claims and 
requests for reimbursement from the Federal health care programs--and 
all documentation supporting such claims or requests--must be complete 
and accurate and must reflect reasonable and necessary services ordered 
by an appropriately licensed medical professional who is a 
participating provider in the health care program from which the 
individual or entity is seeking reimbursement. Hospitals must disclose 
and return any overpayments that result from mistaken

[[Page 4860]]

or erroneous claims.\8\ Moreover, the knowing submission of a false, 
fraudulent, or misleading statement or claim is actionable. A hospital 
may be liable under the False Claims Act \9\ or other statutes imposing 
sanctions for the submission of false claims or statements, including 
liability for civil money penalties (CMPs) or exclusion.\10\ Underlying 
assumptions used in connection with claims submission should be 
reasoned, consistent, and appropriately documented, and hospitals 
should retain all relevant records reflecting their efforts to comply 
with Federal health care program requirements.
---------------------------------------------------------------------------

    \8\ See 42 U.S.C. 1320a-7b(a)(3).
    \9\ The False Claims Act (31 U.S.C. 3729-33), among other 
things, prohibits knowingly presenting or causing to be presented to 
the Federal government a false or fraudulent claim for payment or 
approval, knowingly making or using or causing to be made or used a 
false record or statement to have a false or fraudulent claim paid 
or approved by the government, and knowingly making or using or 
causing to be made or used a false record or statement to conceal, 
avoid, or decrease an obligation to pay or transmit money or 
property to the government. The False Claims Act defines ``knowing'' 
and ``knowingly'' to mean that ``a person, with respect to the 
information--(1) has actual knowledge of the information; (2) acts 
in deliberate ignorance of the truth or falsity of the information; 
or (3) acts in reckless disregard of the truth or falsity of the 
information, and no proof of specific intent to defraud is 
required.'' 31 U.S.C. 3729(b).
    \10\ In some circumstances, inaccurate or incomplete reporting 
may lead to liability under the Federal anti-kickback statute. In 
addition, hospitals should be mindful that many States have fraud 
and abuse statutes--including false claims, anti-kickback, and other 
statutes--that are not addressed in this guidance.
---------------------------------------------------------------------------

    Common and longstanding risks associated with claims preparation 
and submission include inaccurate or incorrect coding, upcoding, 
unbundling of services, billing for medically unnecessary services or 
other services not covered by the relevant health care program, billing 
for services not provided, duplicate billing, insufficient 
documentation, and false or fraudulent cost reports. While hospitals 
should continue to be vigilant with respect to these important risk 
areas, we believe these risk areas are relatively well-understood in 
the industry and, therefore, they are not generally addressed in this 
section.\11\ Rather, the following discussion highlights evolving risks 
or risks that appear to the OIG to be under-appreciated by the 
industry. The risks are grouped under the following topics: Outpatient 
procedure coding; admissions and discharges; supplemental payment 
considerations; and use of information technology. By necessity, this 
discussion is illustrative, not exhaustive, of risks associated with 
the submission of claims or other information. In all cases, hospitals 
should consult the applicable laws, rules, and regulations.
---------------------------------------------------------------------------

    \11\ To review the risk areas discussed in the original hospital 
CPG, see 63 FR 8987, 8990 (February 23, 1998), available on our Web 
page at http: // oig. hhs. gov/ authorities / docs / cpghosp. pdf.
---------------------------------------------------------------------------

1. Outpatient Procedure Coding
    The implementation of Medicare's Hospital Outpatient Prospective 
Payment System (OPPS) \12\ increased the importance of accurate 
procedure coding for hospital outpatient services. Previously, hospital 
coding concerns mainly consisted of ensuring accurate ICD-9-CM 
diagnosis and procedure coding for reimbursement under the inpatient 
prospective payment system (PPS). Hospitals reported procedure codes 
for outpatient services, but were reimbursed for outpatient services 
based on their charges for services. With the OPPS, procedure codes 
effectively became the basis for Medicare reimbursement. Under the 
OPPS, each reported procedure code is assigned to a corresponding 
Ambulatory Payment Classification (APC) code. Hospitals are then 
reimbursed a predetermined amount for each APC, irrespective of the 
specific level of resources used to furnish the individual service. In 
implementing the OPPS, CMS developed new rules governing the use of 
procedure code modifiers for outpatient coding.\13\ Because incorrect 
procedure coding may lead to overpayments and subject a hospital to 
liability for the submission of false claims, hospitals need to pay 
close attention to coder training and qualifications.
---------------------------------------------------------------------------

    \12\ Congress enacted the OPPS in section 4523 of the Balanced 
Budget Act of 1997. The OPPS became effective on August 1, 2001. CMS 
promulgated regulations implementing the OPPS at 42 CFR part 419. 
For more information regarding the OPPS, see https://www.cms.gov/
providers/hopps/.
    \13\ The list of current modifiers is listed in the Current 
Procedural Terminology (CPT) coding manual. However, hospitals 
should pay particular attention to CMS transmittals and program 
memoranda that may introduce new or altered application of modifiers 
for claims submission and reimbursement purposes. See chapter 4, 
section 20.6 of the Medicare Claims Processing Manual at http: // 
www.cms.gov/manuals/104_claims/ clm104c04. pdf.
---------------------------------------------------------------------------

    Hospitals should also review their outpatient documentation 
practices to ensure that claims are based on complete medical records 
and that the medical records support the levels of service claimed. 
Under the OPPS, hospitals must generally include on a single claim all 
services provided to the same patient on the same day. Coding from 
incomplete medical records may create problems in complying with this 
claim submission requirement. Moreover, submitting claims for services 
that are not supported by the medical record may also result in the 
submission of improper claims.
    In addition to the coding risk areas noted above and in the 1998 
hospital CPG, other specific risk areas associated with incorrect 
outpatient procedure coding include the following:
     Billing on an outpatient basis for ``inpatient-only'' 
procedures--CMS has identified procedures for which reimbursement is 
typically allowed only if the service is performed in an inpatient 
setting.\14\
---------------------------------------------------------------------------

    \14\ The list of ``inpatient-only'' procedures appears in the 
annual update to the OPPS rule. For the 2004 final rule, the 
``inpatient-only'' list is found in Addendum E. See https://
www.cms.gov/regulations/hopps/2004f.
---------------------------------------------------------------------------

     Submitting claims for medically unnecessary services by 
failing to follow the FI's local policies--Each FI publishes local 
policies, including local medical review polices (LMRPs) and local 
coverage determinations (LCDs), that identify certain procedures that 
are only reimbursable when specific conditions are present.\15\ In 
addition to relying on a physician's sound clinical judgment with 
respect to the appropriateness of a proposed course of treatment, 
hospitals should regularly review and become familiar with their 
individual FI's LMRPs and LCDs. LMRPs and LCDs should be incorporated 
into a hospital's regular coding and billing operations.\16\
---------------------------------------------------------------------------

    \15\ Effective December 7, 2003, FI's began issuing LCDs instead 
of LMRPs, and FI's will convert all existing LMRPs into LCDs by 
December 31, 2005.
    \16\ A hospital may contact its FI to request a copy of the 
pertinent LMRPs and LCDs, or visit CMS's Web page at https://
www.cms.gov/mcd to search existing local and national policies.
---------------------------------------------------------------------------

     Submitting duplicate claims or otherwise not following the 
National Correct Coding Initiative guidelines--CMS developed the 
National Correct Coding Initiative (NCCI) to promote correct coding 
methodologies. The NCCI identifies certain codes that should not be 
used together because they are either mutually exclusive or one is a 
component of another. If a hospital uses code pairs that are listed in 
the NCCI and those codes are not detected by the editing routines in 
the hospital's billing system, the hospital may submit duplicate or 
unbundled claims. Intentional manipulation of code assignments to 
maximize payments and avoid NCCI edits constitutes fraud. Unintentional 
misapplication of NCCI coding and billing guidelines may also give rise 
to overpayments or civil liability for hospitals that have developed a 
pattern of inappropriate billing. To minimize risk, hospitals

[[Page 4861]]

should ensure that their coding software includes up-to-date NCCI edit 
files.\17\
---------------------------------------------------------------------------

    \17\ More information regarding the NCCI can be obtained from 
CMS's Web page at https://www.cms.gov/medlearn/ncci.asp.
---------------------------------------------------------------------------

     Submitting incorrect claims for ancillary services because 
of outdated Charge Description Masters--Charge Description Masters 
(CDMs) list all of a hospital's charges for items and services and 
include the underlying procedure codes necessary to bill for those 
items and services. Outdated CDMs create significant compliance risk 
for hospitals. Because the Healthcare Common Procedure Coding System 
(HCPCS) codes and APCs are updated regularly, hospitals should pay 
particular attention to the task of updating the CDM to ensure the 
assignment of correct codes to outpatient claims. This should include 
timely updates, proper use of modifiers, and correct associations 
between procedure codes and revenue codes.\18\
---------------------------------------------------------------------------

    \18\ For information relating to HCPCS code updates, see https://
www.cms.gov/medicare/hcpcs/. For information relating to annual APC 
updates, see https://www.cms.gov/providers/hopps/.
---------------------------------------------------------------------------

     Circumventing the multiple procedure discounting rules--A 
surgical procedure performed in connection with another surgical 
procedure may be discounted. However, certain surgical procedures are 
designated as non-discounted, even when performed with another surgical 
procedure. Hospitals should ensure that the procedure codes selected 
represent the actual services provided, irrespective of the discounting 
status. They should also review the annual OPPS rule update to 
understand more fully CMS's multiple procedure discounting rule.\19\
---------------------------------------------------------------------------

    \19\ See http: // www.cms.gov/medlearn/ refopps. asp.
---------------------------------------------------------------------------

     Improper evaluation and management code selection--
Hospitals should use proper codes to describe the evaluation and 
management (E/M) services they provide. A hospital's E/M coding 
guidelines should ensure that services are medically necessary and 
sufficiently documented and that the codes accurately reflect the 
intensity of hospital resources required to deliver the services.
     Improperly billing for observation services--In certain 
circumstances, Medicare provides a separate APC payment for observation 
services for patients with diagnoses of chest pain, asthma, or 
congestive heart failure. Claims for these observation services must 
correctly reflect the diagnosis and meet certain other requirements. 
Seeking a separate payment for observation services in situations that 
do not satisfy the requirements is inappropriate and may result in 
hospital liability. Hospitals should become familiar with CMS's 
detailed policies for the submission of claims for observation 
services.\20\
---------------------------------------------------------------------------

    \20\ See CMS Program Transmittal A-02-026, available on CMS's 
Web page at https://www.ems.gov/manuals/pm_trans/A02026.pdf.
---------------------------------------------------------------------------

2. Admissions and Discharges
    Often, the status of patients at the time of admission or discharge 
significantly influences the amount and method of reimbursement 
hospitals receive. Therefore, hospitals have a duty to ensure that 
admission and discharge policies are updated and reflect current CMS 
rules. Risk areas with respect to the admission and discharge processes 
include the following:
     Failure to follow the ``same-day rule''--The OPPS rules 
require hospitals to include on the same claim all OPPS services 
provided at the same hospital, to the same patient, on the same day, 
unless certain conditions are met. Hospitals should review internal 
billing systems and procedures to ensure that they are not submitting 
multiple claims for OPPS services delivered to the same patient on the 
same day.\21\
---------------------------------------------------------------------------

    \21\ See, e.g., chapter 1, section 50.2 of the Medicare Claims 
Processing Manual, available on CMS's Web page at https://
www.cms.gov/manuals/104_claims/clm104c01.pdf.
---------------------------------------------------------------------------

     Abuse of partial hospitalization payments--Under the OPPS, 
Medicare provides a per diem payment for specific hospital services 
rendered to behavioral and mental health patients on a partial 
hospitalization basis. Examples of improper billing under the partial 
hospitalization program include, without limitation: reducing the range 
of services offered; withholding services that are medically 
appropriate; billing for services not covered; and billing for services 
without a certificate of medical necessity.\22\
---------------------------------------------------------------------------

    \22\ See chapter 4, section 260 of the Medicare Claims 
Processing Manual, available on CMS's Web page at https://
www.cms.gov/manuals/104_claims/clm104c04.pdf.
---------------------------------------------------------------------------

     Same-day discharges and readmissions--Same-day discharges 
and readmissions may indicate premature discharges, medically 
unnecessary readmissions, or incorrect discharge coding. Hospitals 
should have procedures in place to review discharges and admissions 
carefully to ensure that they reflect prudent clinical decision-making 
and are properly coded.\23\
---------------------------------------------------------------------------

    \23\ See, e.g., OIG Audit Report A-03-01-00011, ``Review of 
Medicare Same-Day, Same-Provider Acute Care Readmissions in 
Pennsylvania During Calendar year 1998,'' August 2002, available on 
our Web page at https://oig.hhs.gov/oas/reports/region 3/
30100011.pdf.
---------------------------------------------------------------------------

     Violation of Medicare's post-acute care transfer policy--
The post-acute care transfer policy provides that, for certain 
designated Diagnosis Related Groups (DRGs), a hospital will receive a 
per diem transfer payment, rather than the full DRG payment, if the 
patient is discharged to certain post-acute care settings.\24\ CMS may 
periodically revise the list of designated DRGs that are subject to its 
post-acute care transfer policy.\25\ To avoid improperly billing for 
discharges, hospitals should pay particular attention to CMS's post-
acute care transfer policy and keep an accurate list of all designated 
DRGs subject to that policy.
---------------------------------------------------------------------------

    \24\ See 42 CFR 412.4(c). See, e.g., OIG Audit Report A-04-00-
01220 ``Implementation of Medicare's Postacute Care Transfer 
Policy,'' October 2001, available on our Web page at https://
oig.hhs.gov/oas/reports/region4/40001220.pdf.
    \25\ The initial 10 designated DRGs were selected by the 
Secretary, pursuant to section 1886(d)(5)(J) of the Social Security 
Act (42 U.S.C. 1395ww(d)(5)(J)). With the 2004 fiscal year PPS rule, 
CMS revised the list of DRGs paid under CMS's post-acute care 
transfer policy, bringing the total number of designated DRGs to 29. 
See 68 FR 45346 (August 1, 2003). Then, with the 2005 fiscal year 
PPS rule, CMS revised the list again, bringing the current total 
number of designated DRGs to 30. See 69 FR 48916 (August 11, 2004). 
See also chapter 3, section 402.4 of the Medicare Claims Processing 
Manual, available on CMS's Web page at https://www.cms.gov/manuals/
104_claims/clm104c03.pdf.
---------------------------------------------------------------------------

     Improper churning of patients by long-term care hospitals 
co-located in acute care hospitals--Long term care hospitals that are 
co-located within acute care hospitals may qualify for PPS-exempt 
status if certain regulatory requirements are satisfied.\26\ Hospitals 
should not engage in the practice of churning, or inappropriately 
transferring, patients between the host hospital and the hospital-
within-a-hospital.
---------------------------------------------------------------------------

    \26\ See 42 CFR 412.22(e).
---------------------------------------------------------------------------

3. Supplemental Payment Considerations
    Under the Medicare program, in certain limited situations, 
hospitals may claim payments in addition to, or in some cases in lieu 
of, the normal reimbursement available to hospitals under the regular 
payment systems. Eligibility for these payments depends on compliance 
with specific criteria. Hospitals that claim supplemental payments 
improperly are liable for fines and penalties under Federal law. 
Examples of specific risks that hospitals should address include the 
following:
     Improper reporting of the costs of ``pass-through'' 
items--``Pass-through'' items are certain items of new technology and 
drugs for which Medicare will reimburse the hospital

[[Page 4862]]

based on costs during a limited transitional period.\27\
---------------------------------------------------------------------------

    \27\ For more information regarding CMS's APC ``pass-through'' 
payments, See https://www.cms.gov/providers/hopps/apc.asp.
---------------------------------------------------------------------------

     Abuse of DRG outlier payments--Recent investigations 
revealed substantial abuse of outlier payments by hospitals with 
Medicare patients. Hospital management, compliance staff, and counsel 
should familiarize themselves with CMS's new outlier rules and 
requirements intended to curb abuses.\28\
---------------------------------------------------------------------------

    \28\ See 42 CFR 412.84; 68 FR 34493 (June 9, 2003).
---------------------------------------------------------------------------

     Improper claims for incorrectly designated ``provider-
based'' entities--Certain hospital-affiliated entities and clinics can 
be designated as ``provider-based,'' which allows for a higher level of 
reimbursement for certain services.\29\ Hospitals should take steps to 
ensure that facilities or organizations are only designated as 
provider-based if they satisfy the criteria set forth in the 
regulations.
---------------------------------------------------------------------------

    \29\ The criteria for determining whether a facility or 
organization is provider-based can be found at 42 CFR 413.65. In 
April 2003, CMS published Transmittal A-03-030, outlining changes to 
the criteria for provider-based designation. See https://www.cms.gov/
manuals/pm_trans/A03030.pdf.
---------------------------------------------------------------------------

     Improper claims for clinical trials--Since September 2000, 
Medicare has covered items and services furnished during certain 
clinical trials, as long as those items and services would typically be 
covered for Medicare beneficiaries, but for the fact that they are 
provided in an experimental or clinical trial setting. Hospitals that 
participate in clinical trials should review the requirements for 
submitting claims for patients participating in clinical trials.\30\
---------------------------------------------------------------------------

    \30\ To view Medicare's National Coverage Decision regarding 
clinical trials, see https://www.cms.gov/coverage/8d2.asp. Specific 
requirements for submitting claims for reimbursement for clinical 
trials can be accessed on CMS's Web page at https://www.cms.gov/
coverage/8d4.asp.
---------------------------------------------------------------------------

     Improper claims for organ acquisition costs--Hospitals 
that are approved transplantation centers may receive reimbursement on 
a reasonable cost basis to cover the costs of acquisition of certain 
organs.\31\ Organ acquisition costs are only reimbursable if a hospital 
satisfies several requirements, such as having adequate cost 
information, supporting documentation, and supporting medical 
records.\32\ Hospitals must also ensure that expenses not related to 
organ acquisition, such as transplant and post-transplant activities 
and costs from other cost centers, are not included in the hospital's 
organ acquisition costs.\33\
---------------------------------------------------------------------------

    \31\ See 42 CFR 412.2(e)(4), 42 CFR 412.113(d), and 42 CFR 
413.203. See generally 42 CFR part 413 (setting forth the principles 
of reasonable cost reimbursement).
    \32\ See Medicare's Provider Reimbursement Manual (PRM), Part I, 
section 2304 and Part II, section 3610, available on CMS's Web page 
at https://www.cms.gov/manuals/cmsfoc.asp.
    \33\ See 42 CFR 412.100. See also, chapter 3, section 90 of the 
Medicare Claims Processing Manual, available on CMS's Web page at 
http: // www.cms.gov/manuals/104_claims/ clm104c03. 
pdf.See, e.g., OIG Audit Report A-04-02-02017, ``Audit of Medicare 
Costs for Organ Acquisitions at Tampa General Hospital,'' April 
2003, available on our Web page at https://oig.hhs.gov/oas/reports/
region4/40202017.pdf.
---------------------------------------------------------------------------

     Improper claims for cardiac rehabilitation services--
Medicare covers reasonable and necessary cardiac rehabilitation 
services under the hospital ``incident-to'' benefit, which requires 
that the services of nonphysician personnel be furnished under a 
physician's direct supervision. In addition to satisfying the 
supervision requirement, hospitals must ensure that cardiac 
rehabilitation services are reasonable and necessary.\34\
---------------------------------------------------------------------------

    \34\ See section 35-25 of the Medicare Coverage Issues Manual. 
See, e.g., OIG Audit Report A-01-03-00516, ``Review of Outpatient 
Cardiac Rehabilitation Services at the Cooley Dickinson Hospital,'' 
December 2003, available on our Web page at https://oig.hhs.gov/
oas/ reports/region 1/10300516.pdf.
---------------------------------------------------------------------------

     Failure to follow Medicare rules regarding payment for 
costs related to educational activities\35\--Hospitals should pay 
particular attention to these rules when implementing dental or other 
education programs, particularly those not historically operated at the 
hospital.
---------------------------------------------------------------------------

    \35\ Payments for direct graduage medical education (GME) and 
indirect graduate medical education (IME) costs are, in part, based 
upon the number of full-time equivalent (FTE) residents at each 
hospital and the proportion of time residents spend in training. 
Hospitals that inappropriately calculate the number of FTE residents 
risk receiving inappropriate medical education payments. Hospitals 
should have in place procedures regarding: (i) Resident rotation 
monitoring; (ii) resident credentialing; (iii) written agreements 
with non-hospital providers; and (iv) the approval process for 
research activities. For more information regarding medical 
education reimbursement, see 42 CFR 413.75 et. seq. (GME 
requirements) and 42 CFR 412.105 (IME requirements). See, e.g., OIG 
Audit Report A-01-01-00547 ``Review of Graduate Medical Education 
Costs Claimed by the Hartford Hospital for Fiscal Year Ending 
September 30, 1999,'' October 2003, available on our Web page at 
https://oig.hhs.gov/oas/reports/region 1/10100547.pdf.
---------------------------------------------------------------------------

4. Use of Information Technology
    The implementation of the OPPS increased the need for hospitals to 
pay particular attention to their computerized billing, coding, and 
information systems. Billing and coding under the OPPS is more data 
intensive than billing and coding under the inpatient PPS. When the 
OPPS began, many hospitals' existing systems were unable to accommodate 
the new requirements and required adjustments.
    As the health care industry moves forward, hospitals will 
increasingly rely on information technology. For example, HIPAA Privacy 
and Security Rules (discussed below in section II.G), electronic claims 
submission,\36\ electronic prescribing, networked information sharing 
among providers, and systems for the tracking and reduction of medical 
errors, among others, will require hospitals to depend more on 
information technologies. Information technology presents new 
opportunities to advance health care efficiency, but also new 
challenges to ensuring the accuracy of claims and the information used 
to generate claims. It may be difficult for purchasers of computer 
systems and software to know exactly how the system operates and 
generates information. Prudent hospitals will take steps to ensure that 
they thoroughly assess all new computer systems and software that 
impact coding, billing, or the generation or transmission of 
information related to the Federal health care programs or their 
beneficiaries.
---------------------------------------------------------------------------

    \36\ For more information regarding Medicare's Electronic Data 
Interchange programs, see https://www.cms.gov/providers/edi/.
---------------------------------------------------------------------------

B. The Referral Statutes: The Physician Self-Referral Law (the 
``Stark'' Law) and the Federal Anti-Kickback Statute
1. The Physician Self-Referral Law
    From a hospital compliance perspective, the physician self-referral 
law (section 1877 of the Social Security Act (Act), commonly known as 
the ``Stark'' law) should be viewed as a threshold statute. The statute 
prohibits hospitals from submitting--and Medicare from paying--any 
claim for a ``designated health service'' (DHS) if the referral of the 
DHS comes from a physician with whom the hospital has a prohibited 
financial relationship.\37\ This is true even if the prohibited 
financial relationship is the result of inadvertence or error. In 
addition, hospitals and physicians that knowingly violate the statute 
may be subject to CMPs and exclusion from the Federal health care 
programs. Furthermore, under certain circumstances, a knowing violation 
of the Stark law may also give rise to liability under the False Claims 
Act. Because all inpatient and outpatient hospital services furnished 
to Medicare or Medicaid patients

[[Page 4863]]

(including services furnished directly by a hospital or by others 
``under arrangements'' with a hospital) are DHS under the statute,\38\ 
hospitals must diligently review all financial relationships with 
referring physicians for compliance with the Stark law. Simply put, 
hospitals face significant financial exposure unless their financial 
relationships with referring physicians fit squarely in statutory or 
regulatory exceptions to the Stark law.
---------------------------------------------------------------------------

    \37\ The statute also prohibits physicians from referring DHS to 
entities, including hospitals, with which they have prohibited 
financial relationships. However, the billing prohibition and 
nonpayment sanction apply only to the DHS entity (e.g., the 
hospital). See section 1877(a) of the Act. Section 1903(s) of the 
Act extends the statutory prohibition to Medicaid-covered services.
    \38\ The statute lists ten additional categories of DHS, 
including, among others, clinical laboratory services, radiology 
services, and durable medical equipment. See section 1877(h)(6) of 
the Act. Hospitals and health systems that own or operate free-
standing DHS entities should be mindful of the ten additional DHS 
categories. CMS has clarified that lithotripsy services furnished to 
hospital inpatients are not DHS. See 69 FR 16054, 16106 (March 26, 
2004).
---------------------------------------------------------------------------

    For purposes of analyzing a financial relationship under the Stark 
law, the following three-part inquiry is useful:
     Is there a referral from a physician for a designated 
health service? If not, then there is no Stark law issue (although 
other fraud and abuse authorities, such as the anti-kickback statute, 
may be implicated). If the answer is ``yes,'' the next inquiry is:
     Does the physician (or an immediate family member) have a 
financial relationship with the entity furnishing the DHS (e.g., the 
hospital)? Again, if the answer is no, the Stark law is not implicated. 
However, if the answer is ``yes,'' the third inquiry is:
     Does the financial relationship fit in an exception? If 
not, the statute has been violated.
    Detailed definitions of the highlighted terms are set forth in 
regulations at 42 CFR 411.351 through 411.361 (substantial additional 
explanatory material appears in the regulatory preambles to the final 
regulations: 66 FR 856 (January 4, 2001); 69 FR 16054 (March 26, 2004); 
and 69 FR 17933 (April 6, 2004)). Importantly, a financial relationship 
can be almost any kind of direct or indirect ownership or investment 
relationship (e.g., stock ownership, a partnership interest, or secured 
debt) or direct or indirect compensation arrangement, whether in cash 
or in-kind (e.g., a rental contract, personal services contract, 
salary, gift, or gratuity), between a referring physician (or immediate 
family member) and a hospital. Moreover, the financial relationship 
need not relate to the provision of DHS (e.g., a joint venture between 
a hospital and a physician to operate a hospice would create an 
indirect compensation relationship between the hospital and the 
physician for Stark law purposes).
    The statutory and regulatory exceptions are the key to compliance 
with the Stark law. Any financial relationship between the hospital and 
a physician who refers to the hospital must fit in an exception. 
Exceptions exist in the statute and regulations for many common types 
of business arrangements. To fit in an exception, an arrangement must 
squarely meet all of the conditions set forth in the exception. 
Importantly, it is the actual relationship between the parties, and not 
merely the paperwork, that must fit in an exception. Unlike the anti-
kickback safe harbors, which are voluntary, fitting in an exception is 
mandatory under the Stark law.
    Compliance with a Stark law exception does not immunize an 
arrangement under the anti-kickback statute. Rather, the Stark law sets 
a minimum standard for arrangements between physicians and hospitals. 
Even if a hospital-physician relationship qualifies for a Stark law 
exception, it should still be reviewed for compliance with the anti-
kickback statute. The anti-kickback statute is discussed in greater 
detail in the next subsection.
    Because of the significant exposure for hospitals under the Stark 
law, we recommend that hospitals implement systems to ensure that all 
conditions in the exceptions upon which they rely are fully satisfied. 
For example, many of the exceptions, such as the rental and personal 
services exceptions, require signed, written agreements with 
physicians. We are aware of numerous instances in which hospitals 
failed to maintain these signed written agreements, often inadvertently 
(e.g., a holdover lease without a written lease amendment; a physician 
hired as an independent contractor for a short-term project without a 
signed agreement). To avoid a large overpayment, hospitals should 
ensure frequent and thorough review of their contracting and leasing 
processes. The final regulations contain a new limited exception for 
certain inadvertent, temporary instances of noncompliance with another 
exception. This exception may only be used on an occasional basis. 
Hospitals should be mindful that this exception is not a substitute for 
vigilant contracting and leasing oversight. In addition, hospitals 
should review the new reporting requirements at 42 CFR 411.361, which 
generally require hospitals to retain records that the hospitals know 
or should know about in the course of prudently conducting business. 
Hospitals should ensure that they have policies and procedures in place 
to address these reporting requirements.
    In addition, because many exceptions to the Stark law require fair 
market value compensation for items or services actually needed and 
rendered, hospitals should have appropriate processes for making and 
documenting reasonable, consistent, and objective determinations of 
fair market value and for ensuring that needed items and services are 
furnished or rendered. Other areas that may require careful monitoring 
include, without limitation, the total value of nonmonetary 
compensation provided annually to each referring physician, the value 
of medical staff incidental benefits, and the provision of professional 
courtesy.\39\ As discussed further in the anti-kickback section below, 
hospitals should exercise care when recruiting physicians. Importantly, 
while the final regulations contain a limited exception for certain 
joint recruiting by hospitals and existing group practices, the 
exception strictly forbids the use of income guarantees that shift 
group practice overhead or expenses to the hospital or any payment 
structure that otherwise transfers remuneration to the group practice.
---------------------------------------------------------------------------

    \39\ Hospitals affiliated with academic medical centers should 
be aware that the regulations contain a special exception for 
certain academic medical center arrangements. See 42 CFR 411.355(e). 
Specialty hospitals should be mindful of certain limitations on new 
physician-owned specialty hospitals contained in section 507 of the 
Medicare Prescription Drug, Improvement and Modernization Act of 
2003. See CMS's One-Time Notification regarding the 18-month 
moratorium on physician investment in specialty hospitals, CMS 
Manual System Pub. 100-20 One-Time Notification, Transmittal 26 
(March 19, 2004), available on CMS's Web page at https://www.cms.gov/
manuals/pm_trans/R62OTN.pdf.
---------------------------------------------------------------------------

    Further information about the Stark law and applicable regulations 
can be found on CMS's Web page at https://cms.gov/medlearn/refphys.asp. 
Information regarding CMS's Stark advisory opinion process can be found 
at https://cms.gov/physicians/aop/default.asp.
2. The Federal Anti-Kickback Statute
    Hospitals should also be aware of the Federal anti-kickback 
statute, section 1128B(b) of the Act, and the constraints it places on 
business arrangements related directly or indirectly to items or 
services reimbursable by any Federal health care program, including, 
but not limited to, Medicare and Medicaid. The anti-kickback statute 
prohibits in the health care industry some practices that are common in 
other business sectors, such as offering gifts to reward past or 
potential new referrals.
    The anti-kickback statute is a criminal prohibition against 
payments (in any form, whether the payments are direct

[[Page 4864]]

or indirect) made purposefully to induce or reward the referral or 
generation of Federal health care program business. The anti-kickback 
statute addresses not only the offer or payment of anything of value 
for patient referrals, but also the offer or payment of anything of 
value in return for purchasing, leasing, ordering, or arranging for or 
recommending the purchase, lease, or ordering of any item or service 
reimbursable in whole or in part by a Federal health care program. The 
statute extends equally to the solicitation or acceptance of 
remuneration for referrals or the generation of other business payable 
by a Federal health care program. Liability under the anti-kickback 
statute is determined separately for each party involved. In addition 
to criminal penalties, violators may be subject to CMPs and exclusion 
from the Federal health care programs. Hospitals should also be mindful 
that compliance with the anti-kickback statute is a condition of 
payment under Medicare and other Federal health care programs. See, 
e.g., Medicare Federal Health Care Provider/Supplier Application, CMS 
Form 855A, Certification Statement at section 15, paragraph A.3, 
available on CMS's Web page at http: // www.cms.gov/providers/
enrollment/ forms /. As such, liability may arise under the False 
Claims Act where the anti-kickback statute violation results in the 
submission of a claim for payment under a Federal health care program.
    Although liability under the anti-kickback statute ultimately turns 
on a party's intent, it is possible to identify arrangements or 
practices that may present a significant potential for abuse. For 
purposes of analyzing an arrangement or practice under the anti-
kickback statute, the following two inquiries are useful:
     Does the hospital have any remunerative relationship 
between itself (or its affiliates or representatives) and persons or 
entities in a position to generate Federal health care program business 
for the hospital (or its affiliates) directly or indirectly? Persons or 
entities in a position to generate Federal health care program business 
for a hospital include, for example, physicians and other health care 
professionals, ambulance companies, clinics, hospices, home health 
agencies, nursing facilities, and other hospitals.
     With respect to any remunerative relationship so 
identified, could one purpose of the remuneration be to induce or 
reward the referral or recommendation of business payable in whole or 
in part by a Federal health care program? Importantly, under the anti-
kickback statute, neither a legitimate business purpose for the 
arrangement, nor a fair market value payment, will legitimize a payment 
if there is also an illegal purpose (i.e., inducing Federal health care 
program business).
    Although any arrangement satisfying both tests implicates the anti-
kickback statute and requires careful scrutiny by a hospital, the 
courts have identified several potentially aggravating considerations 
that can be useful in identifying arrangements at greatest risk of 
prosecution. In particular, hospitals should ask the following 
questions, among others, about any potentially problematic arrangements 
or practices they identify:
     Does the arrangement or practice have a potential to 
interfere with, or skew, clinical decision-making?
     Does the arrangement or practice have a potential to 
increase costs to Federal health care programs, beneficiaries, or 
enrollees?
     Does the arrangement or practice have a potential to 
increase the risk of overutilization or inappropriate utilization?
     Does the arrangement or practice raise patient safety or 
quality of care concerns?
    Hospitals that have identified potentially problematic arrangements 
or practices can take a number of steps to reduce or eliminate the risk 
of an anti-kickback violation. Detailed guidance relating to a number 
of specific practices is available from several sources. Most 
importantly, the anti-kickback statute and the corresponding 
regulations establish a number of ``safe harbors'' for common business 
arrangements. The following safe harbors are of most relevance to 
hospitals:
     Investment interests safe harbor (42 CFR 1001.952(a)),
     Space rental safe harbor (42 CFR 1001.952(b)),
     Equipment rental safe harbor (42 CFR 1001.952(c)),
     Personal services and management contracts safe harbor (42 
CFR 1001.952(d)),
     Sale of practice safe harbor (42 CFR 1001.952(e)),
     Referral services safe harbor (42 CFR 1001.952(f)),
     Discount safe harbor (42 CFR 1001.952(h)),
     Employee safe harbor (42 CFR 1001.952(i)),
     Group purchasing organizations safe harbor (42 CFR 
1001.952(j)),
     Waiver of beneficiary coinsurance and deductible amounts 
safe harbor (42 CFR 1001.952(k)),
     Practitioner recruitment safe harbor (42 CFR 1001.952(n)),
     Obstetrical malpractice insurance subsidies safe harbor 
(42 CFR 1001.952(o)),
     Cooperative hospital service organizations safe harbor (42 
CFR 1001.952(q)),
     Ambulatory surgical centers safe harbor (42 CFR 
1001.952(r)),
     Ambulance replenishing safe harbor (42 CFR 1001.952(v)), 
and
     Safe harbors for certain managed care and risk sharing 
arrangements (42 CFR 1001.952(m), (t), and (u)).\40\
---------------------------------------------------------------------------

    \40\ Importantly, the anti-kickback statute safe harbors are not 
the same as the Stark law exceptions described above at section 
II.B.1 of this guidance. An arrangement's compliance with the anti-
kickback statute and the Stark law must be evaluated separately.
---------------------------------------------------------------------------

    Safe harbor protection requires strict compliance with all 
applicable conditions set out in the relevant safe harbor.\41\ Although 
compliance with a safe harbor is voluntary and failure to comply with a 
safe harbor does not mean an arrangement is illegal per se, we 
recommend that hospitals structure arrangements to fit in a safe harbor 
whenever possible. Arrangements that do not fit in a safe harbor must 
be evaluated on a case-by-case basis.
---------------------------------------------------------------------------

    \41\ Parties to an arrangement cannot obtain safe harbor 
protection by entering into a sham contract that complies with the 
written agreement requirement of a safe harbor and appears, on 
paper, to meet all of the other safe harbor requirements, but does 
not reflect the actual arrangement between the parties. In other 
words, in assessing compliance with a safe harbor, the OIG examines 
not only whether the written contract satisfies all of the safe 
harbor requirements, but also whether the actual arrangement 
satisfies the requirements.
---------------------------------------------------------------------------

    Other available guidance includes special fraud alerts and advisory 
bulletins issued by the OIG identifying and discussing particular 
practices or issues of concern and OIG advisory opinions issued to 
specific parties about their particular business arrangements.\42\ A 
hospital concerned about an existing or proposed arrangement may 
request a binding OIG advisory opinion regarding whether the 
arrangement violates the Federal anti-kickback statute or other OIG 
fraud and abuse authorities, using the procedures set out at 42 CFR 
part 1008. The safe harbor regulations (and accompanying Federal 
Register preambles), fraud alerts and bulletins, advisory opinions (and 
instructions for obtaining them, including a list of frequently asked 
questions), and other guidance are

[[Page 4865]]

available on the OIG Web page at https://oig.hhs.gov.
---------------------------------------------------------------------------

    \42\ While informative for guidance purposes, an OIG advisory 
opinion is binding only with respect to the particular party or 
parties that requested the opinion. The analyses and conclusions set 
forth in OIG advisory opinions are very fact-specific. Accordingly, 
hospitals should be aware that different facts may lead to different 
results.
---------------------------------------------------------------------------

    The following discussion highlights several known areas of 
potential risk under the anti-kickback statute. The propriety of any 
particular arrangement can only be determined after a detailed 
examination of the attendant facts and circumstances. The 
identification of a given practice or activity as ``suspect'' or as an 
area of ``risk'' does not mean it is necessarily illegal or unlawful, 
or that it cannot be properly structured to fit in a safe harbor; nor 
does it mean that the practice or activity is not beneficial from a 
clinical, cost, or other perspective. Rather, the areas identified 
below are areas of activity that have a potential for abuse and that 
should receive close scrutiny from hospitals. The discussion highlights 
potential risks under the anti-kickback statute arising from hospitals' 
relationships in the following seven categories: (a) Joint ventures; 
(b) compensation arrangements with physicians; (c) relationships with 
other health care entities; (d) recruitment arrangements; (e) 
discounts; (f) medical staff credentialing; and (g) malpractice 
insurance subsidies. (In addition, the kickback risks associated with 
gainsharing arrangements are discussed below in section II.C of this 
guidance.)
    Physicians are the primary referral source for hospitals, and, 
therefore, most of the discussion below focuses on hospitals' 
relationships with physicians. Notwithstanding, hospitals also receive 
referrals from other health care professionals, including physician 
assistants and nurse practitioners, and from other providers and 
suppliers (such as ambulance companies, clinics, hospices, home health 
agencies, nursing facilities, and other hospitals). Therefore, in 
addition to reviewing their relationships with physicians, hospitals 
should also review their relationships with nonphysician referral 
sources to ensure that the relat