Whatever Happened to Section 6032(a)(3) of the Deficit Reduction Act of 2005?
Remember the Deficit Reduction Act of 2005? It made certain Medicaid providers subject to additional compliance requirements, causing them to amend their compliance policies and add procedural steps. Now, nine years after its enactment, some state Medicaid agencies are checking on compliance through questionnaire audits.
To refresh your memory: Section 6032(a)(3) of the Deficit Reduction Act (“DRA”) of 2005; P.L. 109-171, added a new subsection 1902(a)(68) to the Social Security Act (42 U.S.C.§ 1396(a)(68)) that was effective January 1, 2007.
Who is Subject to the Act?
The amendment applies to entities who furnish items or services, whether for-profit or not-for-profit, that receive payments under a State plan approved under Title XIX [Medicaid] or any waiver of such plan, totaling at least $5,000,000 annually. The monetary threshold refers to dollars actually collected—not dollars billed or posted but not received.
“Entity” is not defined by the Act. It has been interpreted to have a commonly accepted meaning subject to the following clarifications:
- The $5 million threshold is calculated based on the Federal fiscal year—October 1 to September 30.
- Entity includes governmental agencies, organizations and sub-units; any business entity and Medicaid managed care organizations.
- Payments are aggregated among locations, affiliated corporations and tax or provider identification numbers within the same state to reach the $5 million threshold.
- Eligibility is determined every January based on the prior year’s Medicaid revenue.
What Are the Requirements?
- Establish detailed written policies for employees, contractors and agents.
- Policies must be disseminated. CMS says training is not specifically required, but “dissemination” is not defined.
- Policies must include detailed information and the False Claims Act (31 U.S.C. § 3729) and the rights of employees to be protected from retaliation as whistleblowers.
- Contractors and Agents: “One who on behalf of the entity, furnishes or otherwise authorizes the furnishing of Medicaid health items or services, performs billing or coding functions or is involved in monitoring of health care provided by the entity.”
- Contractors and agents must be notified of policies and required to adopt them.
Requirements of the Policies: The requisite policies must include information about:
- The Federal False Claims Act;
- Administrative remedies for false claims and statements established under Chapter 38 of Title 31;
- Any state laws pertaining to civil or criminal penalties for false claims and statements ; and
- Whistleblower protection under federal and any state statutes.
Medicaid Provider Agreements: Each of the state’s Medicaid provider agreements include language pertinent to DRA Compliance:
Nebraska: (Service Provider Agreement, Section C—Terms of Agreement)
As a provider for the Medicaid & Long-Term Care programs specified by this agreement, the provider assures:
For entities receiving or making Medicaid payments totally at least $5 million annually, to implement written policies and procedures for the education of all employees, contractors, and agents that includes information pertaining to the False Claims Act and other provisions named in section 1902(a)(68)(A) of the Social Security Act and to cooperate with the State’s audit process.
Iowa: (Iowa Medicaid Provider Agreement General Terms)
1.10 Comply, to the extent required, with 42 U.S.C. § 1396(a)(68) and the requirements of the False Claims Act by:
1.10.1 Establishing written policies for all employees that include detailed information about the False Claims Act and other provisions set forth in 42 U.S.C. § 1396(a)(68). The policies must include detailed information about the Provider’s policies and procedures for detecting and preventing fraud, waste and abuse.
1.10.2 Including in any employee handbook a specific discussion of the laws described in written policies, the rights of employees to be protected as whistleblowers and a specific discussion of the Provider’s policies and procedures for detecting and preventing fraud, waste, and abuse.
All Medicaid providers that hit the $5 million threshold should have compliant policies in place and evidence of “dissemination” to employees, contractors and agents available to document compliance and to respond to an audit if required. As a practical matter, dissemination has typically meant training for employees (usually as part of compliance training) and written communications to contractors and agents. In some cases, when contractors or agents are onsite a substantial amount of time, they may be included in employee training.
1 Nebraska and Iowa both have False Claims Acts: Nebraska False Medicaid Claims Act, 68 Neb. Rev. Stat.§§ 934 to 947; Iowa False Claims, Code of Iowa § 685