Mandatory False Claims Act Education Under the Deficit Reduction Act of 2005by Lezlie B. Willis, Fish & Richardson PC, Dallas, TX
Time is running out for certain healthcare entities to comply with the new employee education requirements aimed at minimizing losses from fraud and abuse outlined in the Deficit Reduction Act of 2005 (the "DRA") that President Bush signed into law on February 8, 2006. Section 6032 of the DRA requires entities that receive more than $5 million of Medicaid funds annually to establish an employee education plan about state and federal false claims laws and whistleblower protections no later than January 1, 2007. Of course, the stakes are high for compliance with the DRA's terms. Missing the January 1, 2007 deadline could expose an entity to a false claims lawsuit or to exclusion from federal healthcare programs because the education requirement is a condition for participation in Medicaid.Congress believes these education requirements will directly impact Medicaid's bottom line. The Congressional Budget Office estimates that these provisions alone will reduce Medicaid spending by $1.1 billion from 2006 to 2015. As a condition of participating in a state's Medicaid program and receiving Medicaid funds, a covered entity must provide written policies that provide detailed information about four major topics: (1) the federal False Claims Act; (2) administrative remedies for false claims and statements; (3) any civil or criminal penalties under state false claims laws; and (4) whistleblower protections under federal and state law. The written materials must explain the role these laws play in preventing Medicaid fraud and abuse and describe the "entity's policies and procedures for detecting and preventing fraud, waste, and abuse." The DRA further requires that the entity's employee handbook contain a specific discussion of these topics. For most healthcare entities falling within the $5 million threshold, implementing this employee education requirement will require significant planning and coordination. The scope of the persons to be educated is much wider than just the recipient entity's own employees. The DRA not only requires that the covered entities educate their own employees, but also that they take steps to educate "any contractor or agent of the entity." The DRA also makes it clear that the education requirement applies from the top to the bottom: under its terms, even management must be educated. While the DRA is long on requirements, it is notably short on guidance to covered entities about exactly how to comply. The DRA does not clarify what it means to provide "detailed information" about the topics of state and federal law. It does not address how an entity that does not have an employee handbook should provide the information, nor does it explicitly state how an employee is to be informed of the entity's policies and the legal landscape behind those policies. The Department of Health and Human Services has not yet promulgated any regulatory guidance.Because the DRA does not make plain exactly what is required, covered entities should take immediate steps to make sure they are following the best practices in this area. Taking the time now to make sure the entity is fully compliant will pay huge dividends later, especially if there are ever civil or criminal allegations of false claims against the entity or any of its management, employees, contractors, or agents. Covered entities should take the following steps as soon as possible to ensure compliance by January 1, 2007:
- Examine the entity's current policies for detecting fraud and abuse. Create or revise written policies for detecting fraud and abuse. Make sure the revisions reflect an up-to-date understanding of the entity's practices and technological capacities.
- Tailor the policies to the needs of different departments. Avoiding and detecting abuse will likely vary from department to department because different departments interact with federal healthcare programs in different ways. For instance, conduct that could indicate fraud or abuse in a cardiology practice will be substantially different than in a hospital laboratory.
- If the entity does not have a written employee handbook, consider creating one. This is a costly but worthwhile endeavor. It is always advisable for employees to know, understand, and acknowledge their employer's policies and procedures.
- Make sure that the written policies inform employees about what they should do if they suspect fraud or abuse.
- Make sure that the employees know who they should tell in the event of some suspicion and that they should disclose any suspicion as soon as possible.
- Eliminate any confusing policies.
- Draft an understandable, yet thorough, description of the laws the DRA requires to be explained. Include an "executive summary," but make sure the full description in the written materials is as comprehensive as possible.
- Even though not required, implement an in-person training program about the DRA's requirements. At this training, distribute the new, DRA-compliant employee handbook, present the information orally, and require that the employees acknowledge receipt of the handbook, attendance at the presentation, and understanding of the material presented.
- For contractors and agents, consider requiring an in-person training program. If this is not possible, distribute written materials containing the entity's policies and procedures and the DRA-required information to the contractor or agent. Require that the contractor or agent distribute the materials to their employees and have all the employees acknowledge that they received, understand, and agree to follow the requirements spelled out in the materials. Make sure the entity receives a copy of this acknowledgment.
While undoubtedly burdensome to implement in the short term, the DRA's requirements will ultimately benefit covered entities, as well as Medicaid, in the long run. Making sure employees understand their rights and obligations is probably the best way to minimize losses of all kinds. Plus, evidence that the entity has clear policies that were followed can be some of the most potent evidence against an allegation of a false claim, should one arise.
- Alternatively, an entity could establish an Internet-based distribution and acknowledgment process, if an in-person program is impossible because of the entity's size or distance.