The Patient Protection and Affordable Care Act (the “ACA or Act”) is reaching its three year anniversary, which means that some of its mandates will soon take effect. In particular, section 6102 (42 U.S.C. § 1320a-7j) requires that nursing facilities (“NFs”) and skilled nursing facilities (“SNFs”) have in place a compliance and ethics program effective in “preventing and detecting criminal, civil, and administrative violations under this Act and in promoting quality of care” on or before March 23, 2013. Facilities have established compliance programs for years, whether voluntarily or required by state law. Under the ACA, however, the programs are mandatory and must be effective. In other words, NFs and SNFs must anticipate problems or issues before they arise so that they can be prevented. This requirement comes with little guidance.
Section 6102 required the U.S. Department of Health and Human Services (“HHS”) and Office of Inspector General (“OIG”) to "promulgate regulations for an effective compliance and ethics program, which may include a model compliance program" a year ago (March 23, 2012). The regulations regarding the specific elements or formality of a plan are to vary with size for organizations with five or more facilities. HHS/CMS solicited comments on how to approach the new compliance program requirements under sections 6102 and 6401(a) when it published a proposed regulation regarding other aspects of the ACA in September 2010, and again in February 2011 when it published the final regulation. Yet it stressed that it was not doing any rulemaking on the compliance programs at that time, but would “advance specific proposals at some point in the future.”
These regulations still have not been implemented, nor have they been proposed. Notwithstanding, section 6102 requires that NF’s and SNF’s have their compliance programs in place by March 23, 2013, and the delay by HHS and OIG will not excuse NFs and SNFs from that deadline.
So, what are NFs and SNFs to do?
Section 6102 sets forth eight (8) general requirements for a compliance and ethics program based, in large part, on the Federal Sentencing Guidelines used in prior HHS publications regarding compliance program guidance. These requirements, while helpful, are very general:
(A) The organization must have established compliance standards and procedures to be followed by its employees and other agents that are reasonably capable of reducing the prospect of criminal, civil, and administrative violations under this Act.
(B) Specific individuals within high-level personnel of the organization must have been assigned overall responsibility to oversee compliance with such standards and procedures and have sufficient resources and authority to assure such compliance.
(C) The organization must have used due care not to delegate substantial discretionary authority to individuals whom the organization knew, or should have known through the exercise of due diligence, had a propensity to engage in criminal, civil, and administrative violations under this Act.
(D) The organization must have taken steps to communicate effectively its standards and procedures to all employees and other agents, such as by requiring participation in training programs or by disseminating publications that explain in a practical manner what is required.
(E) The organization must have taken reasonable steps to achieve compliance with its standards, such as by utilizing monitoring and auditing systems reasonably designed to detect criminal, civil, and administrative violations under this Act by its employees and other agents and by having in place and publicizing a reporting system whereby employees and other agents could report violations by others within the organization without fear of retribution.
(F) The standards must have been consistently enforced through appropriate disciplinary mechanisms, including, as appropriate, discipline of individuals responsible for the failure to detect an offense.
(G) After an offense has been detected, the organization must have taken all reasonable steps to respond appropriately to the offense and to prevent further similar offenses, including any necessary modification to its program to prevent and detect criminal, civil, and administrative violations under this Act.
(H) The organization must periodically undertake reassessment of its compliance program to identify changes necessary to reflect changes within the organization and its facilities.
With the March 23rd deadline rapidly approaching, NFs and SNFs will have to move quickly to implement their compliance programs, if they have not done so already. Once HHS and OIG establish and issue the regulations, organizations will have to revisit their programs to ensure that they conform to any new or additional requirements.
 Similarly, section 6401(a) requires all providers to “establish a compliance program that contains the core elements established under subparagraph (B) with respect to that provider or supplier and industry or category.” HHS stated that it intends “to establish compliance program core elements per section 6401(a) of the ACA for NFs and SNFs that closely match the required components of a compliance program per section 6102 of the ACA.” 75 Fed. Reg. 58204, 58227 (September 23, 2010). But like the regulations under 6102, the “core elements” have not been established.