September 26, 2020

Volume X, Number 270

September 25, 2020

Subscribe to Latest Legal News and Analysis

September 24, 2020

Subscribe to Latest Legal News and Analysis

Impending November 28, 2019 Deadline for Long-Term Care Providers:

2016 Final Rule from CMS created a new regulatory requirement for long-term care facilities, 42 C.F.R. § 483.85, that mandates such facilities have in operation, by November 28, 2019, a compliance and ethics program that is “reasonably designed to be effective in preventing and detecting criminal, civil, and administrative violations under the [Social Security] Act and in promoting quality of care.” The following eight components of a compliance and ethics program are required for all long-term care facilities’ operating organizations:

  1. Written compliance and quality of care policies and procedures. Such policies and procedures should include, but not be limited to, designating an appropriate compliance and ethics program contact to whom suspected violations may be reported; providing an alternate method of reporting suspected violations anonymously without fear of retribution; and disciplinary standards that set out the consequences for committing violations for the operating organization’s entire staff. These may take the form of a Code of Conduct or other general quality of care and health care compliance standards.

  2. High-level compliance oversight. An individual within the “high-level personnel,” who has substantial control over the operating organization or who has a substantial role in the making of policy within the operating organization, must be assigned overall responsibility to oversee compliance with the compliance and ethics program’s standards, policies, and procedures. This individual may be the CEO, a member of the board of directors, or a director of a major division in the operating organization. The person charged with responsibility for compliance oversight may have responsibilities outside of compliance, but should make routine compliance reports to the board, reporting not only issues but the status of complaint investigations and policy developments, trends, and budget.

  3. Sufficient resources and authority. The individual(s) tasked with compliance oversight must be supported within the organization, in both resources and authority, to reasonably assure compliance with such standards, policies, and procedures. This includes budget, staffing, and enforcement capabilities.

  4. Due care in delegating substantial discretionary authority. Operating organizations are required to exercise “due care” in delegating such authority to individuals, avoiding people the organization knew, or should have known through the exercise of due diligence, have a propensity to engage in criminal, civil, and administrative violations. Such individuals should not be put into positions of power, authority, policymaking, or oversight. “Due care” includes screening all hired and contracted individuals and staff for exclusion from federal health care programs.

  5. Effective communication of compliance standards. The operating organization must take steps to effectively communicate the standards, policies, and procedures in the organization’s compliance and ethics program to the operating organization’s entire staff, individuals providing services under a contractual arrangement, and volunteers. Requirements include, but are not limited to, mandatory participation in training or orientation programs, or disseminating information that explains, in a practical manner, what is required under the organization’s program. Operating organizations should develop orientation and training materials specific to compliance that are routinely updated.

  6. Procedures to promote compliance. The operating organization is also required to take reasonable steps to achieve compliance with its program’s standards, policies, and procedures. Such steps include utilizing monitoring and auditing systems, often requiring the development of a monitoring and auditing plan based on external and internal risk in an “ongoing evaluation process.” These steps should also include having in place and publicizing an anonymous reporting system which individuals may use without fear of retribution, and having a process for ensuring the integrity of any reported data. Such a system normally takes the form of an anonymous hotline.

  7. Consistent enforcement of compliance standards. Consistent enforcement should occur through appropriate disciplinary mechanisms, including, as appropriate, discipline of individuals responsible for the failure to detect and report a violation to the compliance and ethics program contact.

  8. Appropriate responses to violations. After a violation is detected, the operating organization must ensure that all reasonable steps identified in its compliance program are taken to respond appropriately to the violation and to prevent further similar violations, including any necessary modification to the operating organization’s program.

If an operating organization has five or more facilities, in addition to meeting these eight requirements, it is also expected to designate a dedicated compliance officer, for whom the operating organization’s compliance and ethics program is a major responsibility. The compliance officer must report directly to the operating organization’s governing body and not be subordinate to the general counsel, chief financial officer, or chief operating officer. An operating organization with five or more facilities also must designate compliance liaisons at each facility.

Once the compliance program is established, long-term care organizations must review their programs annually, revising as necessary to reflect changes in all applicable laws or regulations and to deter, reduce, and detect violations. This annual review, and any resulting changes, should be documented.

More compliance program guidance for nursing facilities may be found here.

Copyright © 2020, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume IX, Number 249


About this Author

Kathleen Stratton, Sheppard Mullin Law Firm, Washington DC, Corporate Law Attorney
Senior Counsel

Kathleen M. Stratton is Special Counsel in the Corporate Practice Group in the firm’s Washington D.C. office.

Areas of Practice

Kathleen Stratton represents health care industry clients in a range of matters focusing predominantly on regulatory compliance, licensure, certification, and operational issues facing a vast array of provider types. Over the past 30 years, her provider clients have included hospitals, specialty pharmacies, ambulatory surgery centers, durable medical equipment suppliers,...

Theresa E. Thompson, Sheppard Mullin Law Firm, Washington DC, Corporate Law Attorney

Theresa E. Thompson is an associate in the Corporate and Securities Practice Group in the firm's Washington, D.C. office.

Areas of Practice

Ms. Thompson's practice focuses on such areas as health care fraud and abuse, particularly in matters relating to the civil False Claims Act, physician self-referral (Stark law), and anti-kickback issues, as well as telehealth and telemedicine. She has experience in government investigations, litigation, and regulatory compliance, including in response to government anti-fraud and abuse enforcement efforts and regulatory inquiries.

A contributing author for the American Health Lawyers Association's Health Care Reform Educational Task Force, Ms. Thompson received her J.D., with a Health Law Certificate, from the University of Maryland Francis King Carey School of Law, where she also served as the Manuscripts Editor of the Journal of Health Care Law and Policy, President of the Student Health Law Organization, and Treasurer of the Women’s Bar Association. She is a recipient of two CALI Excellence for the Future Awards—one for the study of Health Law Fraud and Abuse and the other for Written and Oral Advocacy—and was part of a team that won first place in the Fifth Annual Health Law Regulatory and Compliance Competition.