Every skilled nursing facility (SNF) owner or operator should know by now that one provision of the infamous health care reform act required that all SNFs have effective corporate compliance programs in place by March of 2013.  We’ve received many calls and emails from our readers asking if we plan to issue guidance on compliance programs to help providers and why we haven’t already done that.

The answer to question one is yes, we plan to offer guidance.  The answer to question two is that we haven’t issued any guidance yet because the March 2013 deadline for “mandatory” SNF compliance programs came and went without the Centers for Medicare and Medicaid Services (CMS) issuing the regulation  required to flesh out and implement the statutory requirement for mandatory compliance programs. 

In fact, CMS officials have been deafeningly quiet about the status of the compliance program regulation.  This while SNFs should already have effective compliance programs to comply with the statutory deadline in place, we have not heard of any enforcement by CMS.  It’s not clear if CMS has adopted an official policy of “no enforcement” until its regulation is issued.  As for timing of the regulation, the “best guess” we’ve heard is sometime late this summer or early fall.

We’ve also frequently been asked what we expect to see in the regulation when it is issued.  That is anybody’s guess.  So I’ll share with you my best guess at the very real risk of being wrong.  I would expect to see a CMS regulation that looks a lot like the existing “voluntary” CMS guidance on compliance programs that was first issued by CMS in 2000 and updated in 2008.  It seems to me unlikely that the primary structural components of a compliance program will change in the regulation (that is, the requirement for a code of conduct; a compliance officer and committee; employee education and discipline components and the other mechanical aspects of the program).

I would also guess that CMS will update the “risk areas” it previously defined in the voluntary guidance.  Risk areas are those operational and legal issues that CMS has determined pose the greatest risk for noncompliance and the greatest harm or loss to the Medicare program and/or to program beneficiaries (SNF residents).  Risk areas identified by CMS to date, during the “voluntary” stage of SNF compliance programs, include such things as violations of the Anti-Kickback Statute or the False Claims Act; hiring or contracting with individuals or entities who have been excluded from the Medicare program or other federal health care programs; HIPAA violations and others.  In its last “update” to the list of risk areas published in 2008, CMS identified 18 broad categories of risk areas, many with sub-issues.  We worked with AHCA during 2009-2010 to develop an online tool to help providers design and/or test and update their compliance programs.  That tool detailed each of the risk areas identified by CMS as of that date and CMS has issued no further guidance since then.  That tool is still available on the AHCA website.

So like you, we are waiting, watching and keeping our ear close to the ground for any information on the timing of a compliance program regulation, effective dates and content.  The other issue we’re often asked about is how will CMS enforce the statutory mandate for SNF compliance programs and the implementing regulation.  Again, we don’t know.

I have assumed that state survey agencies will have some role in ensuring that SNFs have compliance programs in place but that is just my guess.  There is no other federal agency with a routine presence in nursing facilities that could take on that role so if compliance with the requirement is going to be systematically examined, it stands to reason that survey agencies may play a role. Otherwise, it would seem that violations of the compliance program requirement would be measured by another federal agency (perhaps the Office of Inspector General) based on complaints or by looking at state survey results for evidence of system failures that could suggest the lack of an effective compliance program.  Our contacts at the N.C. Division of Health Service Regulation tell us that, to date, they have received no information to suggest that they will play a role in measuring compliance with this requirement.