This blog is the fifth in a series about interacting with government regulators and is intended to help our clients understand and manage contact and outreach from government regulators, law enforcement, or both.
The Setup
You’re a health care provider who owns a pharmacy, and you’ve just received notice that your business is about to be visited by a government regulator or a third-party entity acting on their behalf or a vendor who, by contract, has the right to inspect your premises.1 You’re unsure whether the visit, commonly called an onsite, is a targeted audit, a credentialing verification review, or a full-fledged investigation. Either way, you need to be prepared. This blog highlights issues for you to consider and provides guidance.
The Law
For health care providers, onsite visits—be it an audit, an investigation, an inspection, or a credentialing verification review—are common and authorized by a variety of local, state, and federal laws. For instance, Medicaid providers in New York State are subject to “on-site field audit[s].”2 Federal law has a similar requirement: a requirement that is baked into all Medicaid contracts with all managed care organizations (MCOs)3 as well as within the contracts MCOs have with their subcontractors.4 Pharmacy owners who contract with PBMs are often additionally required to agree to an unannounced onsite as part of the enrollment process.
Our Advice
If you’ve gotten advanced notice of an onsite, that’s terrific. It means you’ll have time to prepare. To get ready, you should consider all of the following:
Call your attorney. A prudent first step is to contact whomever represents you on compliance matters. Your attorney in particular should be notified of the forthcoming onsite. If you’re already being audited by another agency, quasigovernment agency, or contractor on behalf of the government, giving your attorney a heads-up will allow them to put the onsite into context and be present when it happens. Maybe it’s related to, or an outgrowth of, a prior matter. It’ll also allow you and your attorney to strategize in advance of the onsite. Some audits or investigations, depending on the agency conducting it and other factors, trigger notice requirements. Your attorney will be best able to stay abreast of these requirements.
Clean up. In advance of any onsite, you should straighten up your premises. We aren’t suggesting anything should be thrown out or that records should be altered; on the contrary, records need to be filed or put where they belong. Visual impressions matter, and a neat and tidy premises makes a lasting impression. Government auditors and investigators, rightly or wrongly, often assume a business that is physically untidy is financially untidy.
Review and update your policy manuals. If your policy manuals are outdated, you should contact your compliance counsel to update them. Barclay Damon’s attorneys have broad experience with health care businesses and can assist you in augmenting your compliance manuals and procedures.
Train your staff. Any staff that are behind in required training should be brought up to speed and into compliance.
Address the issues. Review prior audits or inspections, and ensure that issues noted therein have been addressed.
Determine the focus of the investigation. If the focus of the audit or investigation is known in advance, you should determine yourself whether the targeted issue has merit. Don’t ignore any advance direction or guidance you receive and assume everything’s fine or going to be fine. Most inspections or audits, even routine ones, have a focus, and that focus exists for a reason. It may stem from a decision to systematically inspect or audit all providers for compliance with a particular requirement, or it may stem from a specific complaint about your business. Carefully weigh the information you learn, and advise your attorney of your findings. Whatever you know or learn in advance about the onsite will better prepare you for any questioning that’ll likely occur. The questioning of staff is a common component of any onsite.
Be cooperative. Failure to cooperate with the inspectors or auditors can be detrimental to your business. It can result in a more aggressive inspection or audit. If you fail to cooperate and happen to be an enrolled Medicaid provider, regulators have the option to impose sanctions.5 Being uncooperative may also violate provisions of your contract or provider agreement with third-party vendors and result in separate or additional negative consequences.
Take note of the records that are inspected, seized, or both. Make sure you retain copies if possible. You may need them. Take note of who is spoken to and what questions your employees are asked. Your notes can provide valuable insight into the focus of the audit or inspection and help guide your next steps.
If you’re a provider and file any claims for reimbursement with any government agency or private insurer (and, to a degree, even if you don’t), you can expect your business to be audited and subjected to an onsite visit. It will inevitably happen at some point in the life of your business—often more than once. Our best advice to prevent or reduce the chances of a negative outcome from an onsite is to accept that it will happen, to conduct your business as if you are about to be inspected, and to routinely monitor your policies, procedures, and other aspects of your business.
Our next Government Relations 101 blog post will explore how to act during a surprise onsite.
If you have any questions regarding the content of this blog, please contact Chris Shaw, partner, at cshaw@barclaydamon.com, or another member of the firm’s Health Care Controversies or Health & Human Services Providers Teams or White Collar & Government Investigations Practice Area.
1While the last scenario is common among pharmacy owners who contract with pharmaceutical benefit managers (PBMs), these contract clauses are not limited to the pharmaceutical industry.
2New York State Medicaid Information for all Providers – General Policy Manual at p. 29; see 18 NYCRR §504.3[g]) (permitting audits); see also 18 NYCRR §504.8[d]) (referencing “onsite” audit findings).
342 CFR §438.3(h), which states “Inspection and audit of records and access to facilities. All contracts must provide that the State, CMS, the Office of the Inspector General, the Comptroller General, and their designees may, at any time, inspect and audit any records or documents of the MCO, PIHP, PAHP, PCCM or PCCM entity, or its subcontractors, and may, at any time, inspect the premises, physical facilities, and equipment where Medicaid-related activities or work is conducted. The right to audit under this section exists for 10 years from the final date of the contract period or from the date of completion of any audit, whichever is later.” (Emphasis added).
442 CFR §438.230(c)(3).
5A provider’s failure to cooperate in an audit is an “unacceptable practice” (18 NYCRR §515.2[a][1], [b][6]) and, like all unacceptable practices, can subject the provider to sanctions, including exclusion from the program (18 NYCRR §515.3[a]).