Small to Mid-Size Businesses Also Need a Strong Compliance Plan in A Post ACA Environment

by Marlon A Onias on Jan. 02, 2017

Health Care 

Summary: Small to Mid-Size Business Also Need a Strong Compliance Program in A Post ACA Environment.

Businesses that provide medical services or supplies to the federal government have been lulled into a false belief that
having a compliance plan in place is too costly. Some make the mistake of relying on their contracted sponsors or
pharmacy benefit manager to provide the essential training needed for their organization to combat fraud, waste
and abuse (FWA). 

Many businesses have mistakenly believed that having a strong compliance plan in place is only a requirement
for the larger organizations that have the means, and employees, to support such efforts; however, this is no longer
the case. 

Since the passage and reaffirmation of the Patient Protection and Affordable Care Act (PPACA), the nation’s healthcare
landscape has undergone broad, sweeping changes. The Department of Health and Human Services (HHS) and its undersigned, the Centers for Medicare and Medicaid (CMS), have been dubiously delegated responsibility for assuring all
entities engaging the government with services or supplies for Medicare/Medicaid or the Children’s Health Insurance
Plan (CHIP) have an effective compliance plan in place. Section 6401 of the PPACA holds that any entity providing the federal government with services or supplies must have an effective compliance plan in place. This includes pharmacy benefits managers, pharmacies and durable medical equipment companies, to name a few. Prior to the passage of the PPACA, many small to medium-size health service providers and suppliers operated without a compliance plan in place.
Now, with the advent of the PPACA, there is a shift in value and increased risk for suppliers and providers to begin
to self-police and aid the federal government in combating fraud, waste and abuse. Per CMS, fraud, waste and abuse encompass three separate areas of concern in which compliance is geared toward regulating. In the case of fraud, CMS or its contractors, such as Zone Program Integrity Contractors (ZPIC), look for a knowing and willing misrepresentation of a claim for payment in which services where not rendered or charges have been inflated. Any allegations of waste are due to the overutilization of services that may not be necessary. As for abuse, many may confuse it with fraud, and rightfully so; however, per CMS, the two are not the same, but bear a close nexus. Abuse is not necessary fraud, but can serve as a starting point of where fraud may be present. Abuse is viewed as an unnecessary cost to Medicare, via
submission of improper overpayments or payment for services that do not come in line with a professionally recognized
standard of care, in which there is no legal entitlement to payment. 

Federal compliance is a system in which rules and means are in place to address violation of those rules and means. It is
to establish, communicate, combat and punish violators. In a post PPACA environment, a compliance plan is now
no longer an option, but mandatory. This includes program sponsors, such as Humana and WellCare, first-tier providers,
pharmacy benefit managers, downstream entities such as pharmacies and other related entities.
No matter where you fall within the continuum, an effective compliance plan is now the norm.

The changed implemented by the PPACA can primarily be attributed to the excessive and rising cost of healthcare. CMS
recent data reveals that if Medicare/Medicaid spending is not curtailed now, by 2019 healthcare will become 19 to 20 percent of the federal government’s budget.  According to The Henry J. Kaiser Foundation and CMS,
healthcare spending has ballooned from $356 per capita in 1970 to $8,402 in 2010. One of the primary functions of the PPACA now becomes a cost containment unit with a corresponding focus on detecting FWA.

HHS and the Office of Inspector General (OIG) have established core elements needed for an effective compliance plan.
In January of 2013, CMS updated Chapter 9 of Medicare Prescription Drug Benefits Manual “Compliance Program Guidelines,” outlining these necessary elements. This article is meant to give a foundational perspective on
how to build a strong compliance plan tilted towards downstream entities within today’s current healthcare environment.
Having an effective compliance plan in place may save you thousands of dollars down the road in legal fees, audit repayments and government fines. 

The first step in developing a strong compliance plan is: 

1. Elect a compliance officer
Many other sources place this as number two; however,
they do not take into account that smaller entities operate
on budgets that are a fraction of what hospitals and major
chain drug retailers operate on. Therefore, the compliance officer
more likely will be the owner/pharmacist or pharmacy
drug manager (PDM). In such situations, it is imperative that
an open means of communication and accountability be established,
with the formation of a compliance committee used
as a safe guard to assure the compliance officer is adhering to
all rules and regulations. 

2. Develop a strong set of policies, procedures
and standards of conduct.
No organization can exist without properly delineated
rules and regulations used as a guiding point to direct, correct
and affect employee behavior. CMS has made great efforts
to assure Congress that all those providing services or
supplies to the federal government have in place effective
compliance plans that are updated annually. Policy and procedures
(P&P) are the vocal cord of any organization’s regulations.
Owners must assure that P&P and standards of conduct
clearly state what is accepted and not accepted behavior.
They state the organization’s unyielding efforts to abide by
government rules and provide in detail who is responsible for
addressing noncompliance and FWA concerns and how they
are handled. This policy is to be one of non-intimidation or retaliation
for any employee revealing noncompliance or FWA

3. Provide quarterly training, and training 90
days from the date of initial hiring.
In many smaller pharmacies, due to the size of the staff,
it can be difficult to find the time to provide necessary training;
although difficult, training is absolutely necessary and
required. CMS has provided an online video that is available
through their learning network at
and can be viewed to help meet internal FWA training
required by Medicare Part D participants. Assure that
PDMs or owners carve out compensated time at work to allow
staff to view this video, whether before, during or after
work hours. Once each employee has completed training, assure
that a signed attestation of participation is placed within
employee folder. 

4. Develop an internal audit system.
Preventing noncompliance and FWA starts with a strong
internal auditing system that monitors and identifies compliance
risk. Monitoring and auditing are to be tested against
Medicare regulations, and other contractual matters.
The selected compliance officer should have a system in
place in which, on a monthly basis, he reviews purchase orders,
filled prescription receipts and other pertinent documents
that may reveal noncompliance or FWA concerns. The
compliance officer is also responsible for assuring diversion is
not occurring within his/her pharmacy. 

5. Assure employees are given open means of
communication. Effective lines of communication must be established and
implemented between the compliance officer and compliance
committee and employees. Employees must have a reasonable
means in which they may communicate any suspected violations.
In the event of noncompliance or FWA allegations, employees
should not be shunned, but management is to maintain
an open door policy with regards to reporting suspected violations.
Any retaliation against whistle blowers violates the
False Claim Act and Florida’s Private Whistle Blower Act and
is actionable in a court of law. 

6. Quickly resolve issues firmly.
Upon receipt of complaints of noncompliance or FWA concerns,
the compliance officer is to conduct a reasonable inquiry
immediately, or no later than two weeks from the date
of report. If, upon investigation, alleged offenses prove true,
the entity may have to self-report, inform the National Benefit
Institute or Medicare Drug Integrity Contractor (MEDIC)
or contact legal counsel to advise on how to further proceed.
If your organization has observed or is in receipt of information
regarding noncompliance or FWA on the part of your
sponsor or another entity, you may contact CMS or your attorney
on how to further proceed.

7. Update P&P annually.
Keeping abreast of changing laws, rules and regulation are
essential to maintaining an effective compliance plan. Every
year CMS proposes new rules and regulations that may impact
the way you interact with the federal government. Staying
in tune to proposed legislation and changes to legislation
will keep you on the right side on the compliance track.

If you need any assistance in developing an effective compliance
plan, or have other legal questions pertaining to
health law, please contact our office at 561-226-7671.

Marlon Onias is the Chief Managing Member of Onias Law,
P.L.a Boca Raton, FL based law firm focusing on health law concerns.

Legal Articles Additional Disclaimer is not a law firm and does not offer legal advice. Content posted on is the sole responsibility of the person from whom such content originated and is not reviewed or commented on by The application of law to any set of facts is a highly specialized skill, practiced by lawyers and often dependent on jurisdiction. Content on the site of a legal nature may or may not be accurate for a particular state or jurisdiction and may largely depend on specific circumstances surrounding individual cases, which may or may not be consistent with your circumstances or may no longer be up-to-date to the extent that laws have changed since posting. Legal articles therefore are for review as general research and for use in helping to gauge a lawyer's expertise on a matter. If you are seeking specific legal advice, recommends that you contact a lawyer to review your specific issues. See's full Terms of Use for more information.