Florida Senate - 2017 SB 1764
By Senator Perry
8-01335A-17 20171764__
1 A bill to be entitled
2 An act relating to Medicaid compliance; amending s.
3 395.003, F.S.; requiring that certain hospitals comply
4 with provisions relating to the establishment of a
5 Medicaid compliance office and procedures as a
6 condition of licensure; amending s. 409.913, F.S.;
7 defining the term “covered person”; requiring that
8 certain hospitals establish a Medicaid compliance
9 office; requiring that the hospitals appoint a
10 compliance officer and committee; providing
11 responsibilities for such compliance officer and
12 committee; requiring the hospitals to develop a code
13 of conduct, policies and procedures, a risk assessment
14 and internal review process, a training plan, and
15 other specified procedures; providing requirements for
16 such code of conduct, policies and procedures, risk
17 assessment and internal review process, training plan,
18 and other specified procedures; requiring a hospital
19 to notify the inspector general of the Agency for
20 Health Care Administration of certain reportable
21 events; providing requirements for such notifications;
22 establishing a daily fine for failing to notify the
23 inspector general of a reportable event; requiring
24 that each hospital submit an annual report to the
25 agency by a specified date; providing requirements for
26 such report; providing definitions; providing an
27 effective date.
28
29 Be It Enacted by the Legislature of the State of Florida:
30
31 Section 1. Subsection (11) is added to section 395.003,
32 Florida Statutes, to read:
33 395.003 Licensure; denial, suspension, and revocation.—
34 (11) A hospital that is subject to s. 409.913(39) must
35 comply with the requirements in that subsection as a condition
36 of licensure.
37 Section 2. Subsection (39) is added to section 409.913,
38 Florida Statutes, to read:
39 409.913 Oversight of the integrity of the Medicaid
40 program.—The agency shall operate a program to oversee the
41 activities of Florida Medicaid recipients, and providers and
42 their representatives, to ensure that fraudulent and abusive
43 behavior and neglect of recipients occur to the minimum extent
44 possible, and to recover overpayments and impose sanctions as
45 appropriate. Beginning January 1, 2003, and each year
46 thereafter, the agency and the Medicaid Fraud Control Unit of
47 the Department of Legal Affairs shall submit a joint report to
48 the Legislature documenting the effectiveness of the state’s
49 efforts to control Medicaid fraud and abuse and to recover
50 Medicaid overpayments during the previous fiscal year. The
51 report must describe the number of cases opened and investigated
52 each year; the sources of the cases opened; the disposition of
53 the cases closed each year; the amount of overpayments alleged
54 in preliminary and final audit letters; the number and amount of
55 fines or penalties imposed; any reductions in overpayment
56 amounts negotiated in settlement agreements or by other means;
57 the amount of final agency determinations of overpayments; the
58 amount deducted from federal claiming as a result of
59 overpayments; the amount of overpayments recovered each year;
60 the amount of cost of investigation recovered each year; the
61 average length of time to collect from the time the case was
62 opened until the overpayment is paid in full; the amount
63 determined as uncollectible and the portion of the uncollectible
64 amount subsequently reclaimed from the Federal Government; the
65 number of providers, by type, that are terminated from
66 participation in the Medicaid program as a result of fraud and
67 abuse; and all costs associated with discovering and prosecuting
68 cases of Medicaid overpayments and making recoveries in such
69 cases. The report must also document actions taken to prevent
70 overpayments and the number of providers prevented from
71 enrolling in or reenrolling in the Medicaid program as a result
72 of documented Medicaid fraud and abuse and must include policy
73 recommendations necessary to prevent or recover overpayments and
74 changes necessary to prevent and detect Medicaid fraud. All
75 policy recommendations in the report must include a detailed
76 fiscal analysis, including, but not limited to, implementation
77 costs, estimated savings to the Medicaid program, and the return
78 on investment. The agency must submit the policy recommendations
79 and fiscal analyses in the report to the appropriate estimating
80 conference, pursuant to s. 216.137, by February 15 of each year.
81 The agency and the Medicaid Fraud Control Unit of the Department
82 of Legal Affairs each must include detailed unit-specific
83 performance standards, benchmarks, and metrics in the report,
84 including projected cost savings to the state Medicaid program
85 during the following fiscal year.
86 (39)(a) For purposes of this subsection, the term “covered
87 person” means:
88 1. An owner, officer, director, commissioner, or employee
89 of the hospital;
90 2. A contractor, subcontractor, agent, or other person who
91 provides patient care items or services or who performs billing
92 or coding functions on behalf of the hospital, excluding a
93 vendor whose only connection with the hospital is selling or
94 otherwise providing medical supplies or equipment and who does
95 not bill any federal health care program for such medical
96 supplies or equipment; or
97 3. Physician or nonphysician personnel who are members of
98 the hospital’s active medical staff.
99 (b) Each hospital licensed under chapter 395 that annually
100 accepts state or federal funds in the amount of $10 million or
101 more to provide services to Medicaid recipients shall establish
102 an office of Medicaid compliance within the hospital. The
103 hospital shall appoint a compliance officer who is a member of
104 senior management of the hospital and who shall report directly
105 to the chief executive officer or president of the hospital. The
106 compliance officer shall:
107 1. Develop and implement policies, procedures, and
108 practices designed to ensure compliance with all state and
109 federal health care program requirements.
110 2. At least quarterly, submit a report regarding compliance
111 matters directly to the chief executive officer or president of
112 the hospital.
113 3. Monitor the day-to-day compliance activities of the
114 hospital and analyze the hospital’s risk areas for
115 noncompliance.
116 4. Report any suspected or substantiated violations of the
117 hospital’s code of conduct or policies and procedures to the
118 chief executive officer or president of the hospital and to the
119 agency.
120 (c) Each hospital shall appoint a compliance committee that
121 must include, at a minimum, a compliance officer and other
122 members of senior management. The compliance officer shall serve
123 as chair of the compliance committee. The compliance committee
124 shall assist the compliance officer in fulfilling his or her
125 responsibilities as provided in paragraph (b).
126 (d)1. Each hospital shall develop, implement, and annually
127 distribute a written code of conduct to each covered person. The
128 code of conduct must, at a minimum, address the hospital’s:
129 a. Commitment to fully comply with all state and federal
130 health care program requirements.
131 b. Requirement that each covered person is expected to
132 comply with all state and federal health care program
133 requirements and with the hospital’s policies and procedures.
134 c. Requirement that each covered person is expected to
135 report to the compliance officer suspected violations of any
136 state and federal health care program requirements or the
137 hospital’s policies and procedures.
138 d. Commitment to not retaliate against a covered person who
139 reports a suspected violation as provided in sub-subparagraph c.
140 and to maintain, as appropriate, the confidentiality and
141 anonymity of such reports.
142 2. Each hospital shall evaluate the performance of its
143 employees based on their compliance with the code of conduct. At
144 least annually, the hospital shall review the code of conduct
145 and make any necessary revisions.
146 (e)1. Each hospital shall develop and implement written
147 policies and procedures regarding the operation of its
148 compliance office and program. The policies and procedures must
149 address the criminal penalties for violations under Title XI of
150 the Social Security Act, 42 U.S.C. ss. 1320a-7b(b) and 1395nn,
151 including implementing regulations and other federal guidance;
152 the types of business or financial arrangements that violate
153 such federal laws and regulations; and the penalties associated
154 with violations of state anti-rebating and anti-kickback laws
155 applicable to hospitals and health care providers.
156 2. The hospital shall distribute the policies and
157 procedures to each covered person. The hospital shall enforce
158 and comply with its policies and procedures and shall evaluate
159 the performance of its employees based on their compliance with
160 the policies and procedures. At least annually, the hospital
161 shall assess and update the policies and procedures as
162 necessary.
163 3. Within 90 days after implementing the policies and
164 procedures required under this paragraph, each hospital subject
165 to this subsection shall develop and implement a centralized
166 annual risk assessment and internal review process to identify
167 and address risks associated with arrangements as defined in
168 paragraph (f). The risk assessment and internal review process
169 shall be evaluated and updated annually, if necessary, and must
170 include procedures for:
171 a. Identifying and prioritizing risks;
172 b. Developing and implementing remediation plans in
173 response to such risks, including internal auditing and
174 monitoring of the identified risk areas; and
175 c. Tracking results to assess the effectiveness of the
176 remediation plans.
177 (f)1. Each hospital shall develop a written training plan
178 that ensures:
179 a. A covered person, except an individual employed only in
180 food service, maintenance, or housekeeping, receives adequate
181 training regarding the hospital’s code of conduct and policies
182 and procedures.
183 b. A covered person receives adequate training regarding
184 business or financial arrangements that may violate Title XI of
185 the Social Security Act, 42 U.S.C. ss. 1320a-7b(b) and 1395nn,
186 including implementing regulations and other federal guidance;
187 the hospital’s policies and procedures governing such
188 arrangements; the hospital’s internal review and approval
189 processes for such arrangements; the hospital’s tracking of
190 remuneration to and from sources of health care business or
191 referrals; and the penalties associated with violations of state
192 anti-rebating and anti-kickback laws applicable to hospitals and
193 health care providers.
194 c. Each individual involved in the development, approval,
195 management, or review of the hospital’s arrangements understands
196 his or her personal obligation to know the applicable legal
197 requirements and the hospital’s code of conduct and policies and
198 procedures.
199 d. A covered person understands the criminal penalties and
200 sanctions imposed under Title XI of the Social Security Act, 42
201 U.S.C. ss. 1320a-7b(b) and 1395nn, and has been provided
202 examples of violations under such federal laws and related
203 regulations.
204 2. The training plan must include information regarding the
205 topics to be addressed, the identification of covered persons
206 required to attend each training session, the length of the
207 training, the schedule for training, and the format of the
208 training.
209 3. For purposes of this paragraph, the term “arrangements”
210 means any contract, transaction, or agreement that:
211 a. Involves, directly or indirectly, the offer, payment,
212 solicitation, or receipt of anything of value;
213 b. Is between the hospital and any actual or potential
214 source of health care business or referrals, or any actual or
215 potential recipient of health care business or referrals from
216 the hospital; or
217 c. Is between the hospital and a physician or a physician’s
218 immediate family member who makes a referral to the hospital for
219 health services.
220 (g)1. For purposes of this paragraph, the term “focus
221 arrangement” means each arrangement, as defined in paragraph
222 (f), that is between a hospital subject to this subsection and:
223 a. Any actual source of health care business or referrals
224 to the hospital and involves, directly or indirectly, the offer,
225 payment, or provision of anything of value; or
226 b. Any physician or a physician’s immediate family member,
227 as defined in 42 C.F.R. s. 411.351, who makes a referral, as
228 defined at 42 U.S.C. s. 1395nn(h)(5), to the hospital for
229 designated health services, as defined in 42 U.S.C. s.
230 1395nn(h)(6).
231 2. Each hospital subject to this subsection shall create
232 procedures reasonably designed to ensure that each existing and
233 new or renewed focus arrangement does not violate Title XI of
234 the Social Security Act, 42 U.S.C. ss. 1320a-7b(b) and 1395nn,
235 or the federal regulations, directives, and guidance related to
236 those statutes. The procedures must include the following:
237 a. Creating and maintaining a centralized tracking system
238 for all existing and new or renewed focus arrangements;
239 b. Tracking remuneration to and from all parties to focus
240 arrangements;
241 c. Tracking service and activity logs to ensure that
242 parties to the focus arrangement are performing the services
243 required under the applicable focus arrangement, if applicable;
244 d. Monitoring the use of leased space, medical supplies,
245 medical devices, equipment, or other patient care items to
246 ensure that such use is consistent with the terms of the
247 applicable focus arrangement, if applicable;
248 e. Establishing and implementing a written review and
249 approval process for all focus arrangements to ensure that all
250 existing and new or renewed focus arrangements do not violate
251 Title XI of the Social Security Act, 42 U.S.C. ss. 1320a-7b(b)
252 and 1395nn, which must, at a minimum, include:
253 (I) A legal review of all focus arrangements;
254 (II) A process for specifying the business need or business
255 rationale for all focus arrangements; and
256 (III) A process for determining and documenting the fair
257 market value of the remuneration specified in the focus
258 arrangement;
259 f. Requiring the compliance officer to, at least annually,
260 review the focus arrangements tracking system, internal review
261 and approval process, and other focus arrangement procedures and
262 to provide a report on the results of such review to the
263 compliance committee; and
264 g. Implementing effective responses when suspected
265 violations of Title XI of the Social Security Act, 42 U.S.C. ss.
266 1320a-7b(b) and 1395nn are discovered, including disclosing
267 reportable events pursuant to paragraph (h).
268 (h)1. For purposes of this paragraph, the term “reportable
269 event” means:
270 a. A substantial overpayment for inpatient or outpatient
271 Medicare services, Medicaid managed care services, or any other
272 state or federal health care program service;
273 b. A matter that a reasonable person would consider a
274 probable violation of criminal, civil, or administrative laws
275 applicable to any state or federal health care program for which
276 penalties or exclusions may be authorized;
277 c. The employment of or contracting with a covered person
278 who is an “ineligible person,” which means an individual or
279 entity who:
280 (I) Is currently excluded, debarred, suspended, or
281 otherwise ineligible to participate in federal health care
282 programs or in federal procurement or non-procurement programs;
283 or
284 (II) Has been convicted of a criminal offense pursuant to
285 42 U.S.C. s. 1320a-7(a), but has not yet been excluded,
286 debarred, suspended, or otherwise declared ineligible; and
287 d. The filing of a bankruptcy petition by the hospital.
288 2. If a hospital subject to this subsection determines,
289 after a reasonable opportunity to conduct an appropriate review
290 or investigation of the allegations, that a reportable event has
291 occurred or is occurring, the hospital shall notify the agency’s
292 inspector general within 30 days after making such
293 determination.
294 3. When notifying the agency’s inspector general of a
295 reportable event, the hospital shall include a complete
296 description of all details relevant to the reportable event,
297 including the types of claims, transactions, or other conduct
298 giving rise to the reportable event; the period during which the
299 conduct occurred; the names of entities and individuals believed
300 to be implicated, including an explanation of their roles in the
301 reportable event; and any additional information necessary for
302 the agency’s inspector general to investigate the reportable
303 event.
304 4. The agency’s inspector general shall, after
305 investigating the reportable event and concluding that it is a
306 violation of federal law governing a state or federal health
307 care program, report all relevant details regarding the
308 reportable event to the appropriate federal agency for further
309 investigation.
310 5. In addition to any actions that may be taken against a
311 license under s. 395.003, a hospital that fails to notify the
312 agency’s inspector general of a reportable event within the
313 timeframe required in subparagraph 2. shall be fined $1,000 each
314 day per reportable event until the agency’s inspector general is
315 notified.
316 (i) By January 1, 2019, and each year thereafter, a
317 hospital that is subject to this subsection shall submit to the
318 agency a report detailing the hospital’s compliance activities
319 during the preceding year. Each report must include, at a
320 minimum:
321 1. Any change in the identity, position description, or
322 other noncompliance job responsibilities of the compliance
323 officer.
324 2. Any change in the membership of the compliance
325 committee.
326 3. The dates of each report made by the compliance officer
327 to the chief executive officer or president of the hospital.
328 4. A summary of any change or amendment to the hospital’s
329 code of conduct or policies and procedures as required in
330 paragraphs (d) and (e).
331 5. A copy of the hospital’s training plan developed
332 pursuant to paragraph (f) and for each type of training required
333 by the training plan, a description of the training, including a
334 summary of the topics to be addressed; the length of sessions; a
335 schedule of training sessions; a general description of the
336 categories of individuals required to complete the training; and
337 the process by which the hospital ensures that each covered
338 person receives the required training.
339 6. All reports of suspected or substantiated violations of
340 the hospital’s code of conduct or policies and procedures
341 reported to the chief executive officer or president of the
342 hospital and the agency.
343 7. Details regarding the hospital’s risk assessment and
344 internal review process required in paragraph (e).
345 8. Details of all reportable events as defined in paragraph
346 (h), when the agency’s inspector general was notified of each
347 reportable event, and the status of the state investigation of
348 each reportable event, and, if applicable, the status of the
349 federal investigation of each reportable event.
350 Section 3. This act shall take effect July 1, 2017.