Skip to main content
CRM 500-999

978. Health Care Fraud and Abuse Control Program and Guidelines

AS MANDATED BY THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996

Approved by:

Janet Reno, Attorney General, and Donna Shalala, Secretary, Department of Health and Human Services

Effective January 1, 1997

  Introduction
  Statement of Program Goals
  Funding
  Evaluation
  Revisions
  Definitions
I. COORDINATE FEDERAL, STATE, AND LOCAL LAW ENFORCEMENT PROGRAMS TO CONTROL FRAUD AND ABUSE WITH RESPECT TO HEALTH PLANS
II. CONDUCT INVESTIGATIONS, AUDITS, EVALUATIONS AND INSPECTIONS RELATING TO THE DELIVERY OF AND PAYMENT OF HEALTH CARE IN THE UNITED STATES
III. FACILITATE THE ENFORCEMENT OF THE CIVIL, CRIMINAL AND ADMINISTRATIVE STATUTES APPLICABLE TO HEALTH CARE
IV. PROVIDE INDUSTRY GUIDANCE, INCLUDING ADVISORY OPINIONS, SAFE HARBORS, AND SPECIAL FRAUD ALERTS RELATING TO FRAUDULENT HEALTH CARE PRACTICES
V. ESTABLISH A NATIONAL DATA BANK TO RECEIVE AND REPORT FINAL ADVERSE ACTIONS AGAINST HEALTH CARE PROVIDERS
VI. COORDINATION AND EXCHANGE OF INFORMATION
VII. HEALTH CARE FRAUD AND ABUSE CONTROL PROGRAM CONFIDENTIALITY PROCEDURES: PROVISION AND USE OF INFORMATION AND DATA

Introduction: The Health Insurance Portability and Accountability Act of 1996 establishes and funds a program to combat fraud and abuse committed against all health plans, both public and private. This legislation requires the Attorney General and the Secretary of Health and Human Services ("Secretary") to establish a Health Care Fraud and Abuse Control Program within the specific parameters set forth by the statute. Under the joint direction of the Attorney General and the Secretary (acting through the agency's Inspector General ("HHS-OIG")), the Health Care Fraud and Abuse Control Program is to achieve the following goals:

  1. Coordinate Federal, State, and local law enforcement programs to control fraud and abuse with respect to health plans;

  2. Conduct investigations, audits, evaluations, and inspections relating to the delivery of and payment for health care in the United States;

  3. Facilitate the enforcement of the civil, criminal and administrative statutes applicable to health care;

  4. Provide industry guidance, including advisory opinions, safe harbors, and special fraud alerts relating to fraudulent health care practices; and

  5. Establish a national data bank to receive and report final adverse actions against health care providers.

To fund the program, the Act directs that an amount equalling recoveries from health care fraud investigations[FN1] be deposited in or transferred to the Federal Hospital Insurance Trust Fund ("Trust Fund"). Monies are then appropriated from the Trust Fund to a newly-created expenditure account, called the Health Care Fraud and Abuse Control Account ("Control Account"), in an amount the Attorney General and Secretary jointly certify are necessary to finance anti-fraud activities. Certain of these sums are available only for "activities of the Office of the Inspector General (OIG) of the Department of Health and Human Services, with respect to Medicare and Medicaid programs." To the extent that funds are not spent directly by the Departments of Health and Human Services and Justice on the establishment and operation of the Program, Control Account funds may be made available to others engaged in health care fraud control for purposes in furtherance of the Program.

In addition to establishing the Program, (as set forth in this overview), the Act directs the Attorney General and the Secretary to issue joint guidelines to carry out the Fraud and Abuse Control Program, including guidelines on the collection of information from health plans, and the preservation of the confidentiality of that information.

Statement of Program Goals

The overall goal of the Health Care Fraud and Abuse Program is to further enable the identification, investigation and, where appropriate, prosecution of those individuals and entities who commit fraud against the nation's health care delivery system. Also, the Program is to alert the public, service providers, industry groups, and consumers to such schemes; to identify systemic problems that permit fraud and abuse to occur and correct such vulnerabilities; to safeguard the confidentiality of health care information that is gathered for these law enforcement purposes; to educate consumers with the goal of preventing fraud and abuse; and to furnish the industry with guidance concerning permissible business practices arising from the provision of health care services and equipment.

Specifically, the goals of the Program are as follows:

  1. Coordinate Federal, State and local law enforcement programs to control fraud and abuse with respect to public and private health plans.

    There are a wide range of entities at the federal, state and local levels responsible for enforcing the laws and regulations prohibiting fraud and abuse by the health care industry. These entities include criminal and civil prosecutors at the federal level, state prosecutors and Medicaid Fraud Control Units, to local prosecuting attorneys, regulatory agencies and licensing boards. While these entities may have jurisdiction over varying legal proscriptions, in the context of fraud against public or private health plans, they share one common goal: to detect and eliminate fraud and abuse by the health care industry.

    The program strives to maximize the effectiveness of these law enforcement programs by ensuring that there is both (1) adequate coordination on issues concerning enforcement policy as well as (2) appropriate sharing of information among law enforcement entities about specific law enforcement efforts. To these ends, the Attorney General and the Secretary shall establish specific guidelines to promote this coordination and shared information.

  2. Conduct investigations, audits, evaluations and inspections relating to the delivery of and payment for health care in the United States.

    The heart of the law enforcement effort is the fact-gathering that must occur in the investigative and audit stage of each case. In addition, fact-gathering is important in the regulatory oversight of the various agencies which have jurisdiction over segments of the health care industry. Law enforcement as well as regulatory agencies at the federal, state and local levels are charged with the responsibility to conduct investigation, audits and inspections and to utilize the tools at their disposal to undertake these responsibilities.

    The program's mission is to encourage and to maximize the ability to conduct fact-gathering by both law enforcement and regulatory agencies by ensuring that methods are understood by those responsible for these tasks, to provide guidance on how to maximize the effectiveness of these tools, to encourage the sharing of information among those responsible for fact-gathering and to set forth other guidelines that will ensure that investigations, audits, evaluations and inspections are conducted in a timely and efficient manner.

  3. Facilitate the enforcement of the civil, criminal and administrative statutes applicable to health care.

    Essential to the mission of the fraud and abuse control program is enforcement of existing statutes relating to fraud and abuse by the public and private health care sectors. While criminal statutes have as their purpose punishment and deterrence, civil statutes focus on returning monies lost to fraud to those defrauded, stopping the fraudulent conduct through injunctive means, and imposing monetary penalties. Administrative sanctions similarly may be used to impose civil monetary penalties, to prohibit those who have engaged in fraud or other wrongdoing from receiving further funds, and to ensure future compliance with the law.

    The use of these remedies in a coordinated fashion is an essential element of the fraud and abuse control program. By using all the government's complementary remedies, law enforcement both ensures that all aspects of fraudulent conduct are addressed, and sends a clear message to the health care industry that fraudulent conduct will not be tolerated. Also, by punishing the past conduct and recovering wrongfully obtained funds, and then addressing potential future misconduct by ensuring long term compliance, law enforcement furthers another critical mission of the program: prevention of fraud and abuse.

    An important element of promoting effective enforcement of the statutes applicable to health care is education and training of health care professionals and others -- including patients and their families -- about fraud and abuse.

  4. Provide industry guidance, including advisory opinions, safe harbors, and special fraud alerts relating to fraudulent health care practices.

    Prior to the passage of the Health Insurance Portability and Accountability Act of 1996, the HHS-OIG offered advice to the public with respect to the Medicare and Medicaid Anti-Kickback statute, 42 U.S.C. 1320a-7b(b), in the form of "safe harbor" regulations and Special Fraud Alerts. The safe harbor regulations specify particular lawful practices which are not subject to enforcement action under the Anti-kickback Statute. HHS-OIG also has published Special Fraud Alerts, which are intended to put the public on notice that the HHS-OIG considers particular practices violative of the law.

    Section 205 of the Health Insurance Portability and Accountability Act requires the HHS-OIG to solicit on an annual basis, in a Federal Register notice, proposals for (1) modifications to existing safe harbors, (2) additional safe harbors, and (3) special fraud alerts. HHS-OIG will evaluate each proposal received relating to safe harbors, and will respond either by proposing a new or modified safe harbor, or specify in a report to Congress why a proposal was rejected. OIG will also evaluate each proposal received relating to Special Fraud Alerts and will respond by publishing a fraud alert, if appropriate.

    In addition, the Department of Health and Human Services (in consultation with the Department of Justice) is now required to provide formal written advisory opinions to the public on the application of the anti-kickback statute, the safe harbor provisions and the other HHS-OIG health care fraud and abuse sanctions found in Section 1128, 1128A and 1128B of the Social Security Act. While the safe harbors and Special Fraud Alerts address hypothetical or generalized fact patterns, advisory opinions address particular factual circumstances of particular parties.

    Generally, Section 1128 contains the bases for exclusion of a party from the Medicare and Medicaid programs, and by operation of law, from all federal procurement and non-procurement programs. Section 1128A contains the Civil Monetary Penalty law, which proscribes penalties and assessments for claims to Medicare and Medicaid which are false, fraudulent, or otherwise not provided as claimed. Section 1128B contains criminal provisions specifically directed to Medicare and Medicaid, such as false claims and the prohibition on offering to pay or receive kickbacks.

    The purpose of these industry guidance provisions is to provide meaningful guidance principally to the health care provider community with respect to what conduct is lawful and unlawful under these statutes. However, it is also important that the process and content of the guidance not create obstacles to the prosecution of those who have violated the law. In his statement at the time of signing Pub.L. 104-191, the President specifically cited the concerns of the Secretary of HHS and the Attorney General, that "advisory opinions [relating to criminal statutes] could create complexities that would burden the efforts to enforce laws against health care fraud and abuse." As a result, the President directed the Departments of HHS and Justice, "to work closely together in implementing this provision to ensure that it promotes and protects Federal law enforcement activities relating to health care fraud."

  5. Establish a national data bank to receive and report final adverse actions against health care providers.

    The final mission of the Program is to establish a network of information designed to facilitate the sharing of information with interested parties regarding adverse actions taken against providers. Shared information in this regard will be beneficial to law enforcement, and others as well as those agencies at the federal, state, and local level who regulate the provider community. Guidelines will be implemented to ensure that timely, accurate information is collected by the adverse action data bank and that authorized entities may quickly and easily obtain this information.

FUNDING

Control Account funds are provided by the Act to cover costs (including equipment, salaries and benefits, and travel and training) of the administration and operation of the Program, including the costs of:

  • prosecuting health care matters (through criminal, civil, and administrative proceedings);

  • investigations;

  • financial and performance audits of health care programs and operations;

  • inspections and other evaluations; and

  • provider and consumer education regarding compliance with the provisions of title XI.

EVALUATION

Annually the Department of Justice and the Department of Health and Human Services will assess the effectiveness of the Program in combatting health care fraud and abuse. This assessment will include factors such as the appropriateness of the program's goals and objectives, the performance of the organizations which receive funds from the Account, and possible new areas to direct resources.

REVISIONS

This Program statement and accompanying Guidelines may be modified, as appropriate, upon agreement of the Attorney General and the Secretary.

NOTE: Neither the Health Care Fraud and Abuse Control Program nor these guidelines create any rights, privileges or benefits, either substantive or procedural, enforceable at law by any person in any administrative, civil or criminal matter; nor do they limit any rights, privileges, or benefits the Department of Justice and Health and Human Services may assert in such matters.

Definitions

The following acronyms and definitions are used herein:

  • "AG" shall mean the Attorney General of the United States.

  • "AOA" shall mean the United States Administration on Aging within the Department of Health and Human Services

  • "CHAMPUS" shall mean the Civilian Health and Medical Program of the Uniformed Services.

  • "DCAA" shall mean the Defense Contract Audit Agency of the United States Department of Defense.

  • "DCIS" shall mean the Defense Criminal Investigative Service of the United States Department of Defense.

  • "DOJ" shall mean the United States Department of Justice, including its litigating Divisions and the Offices of the United States Attorneys.

  • "DOL" shall mean the United States Department of Labor.

  • "DOL-OIG" shall mean the Inspector General of the United States Department of Labor.

  • "FBI" shall mean the Federal Bureau of Investigation of the United States Department of Justice.

  • "FEHBP" shall mean the United States Federal Employees Health Benefits Program, administered by the Office of Personnel Management.

  • "HCFA" shall mean the United States Health Care Financing Administration.

  • "HHS" shall mean the United States Department of Health and Human Services.

  • "HHS-OIG" shall mean the Inspector General of the United States Department of Health and Human Services.

  • "OPM" shall mean the United States Office of Personnel Management.

  • "OPM-IG" shall mean the Inspector General of the Office of Personnel Management.

  • "VA" shall mean the United States Department of Veterans Affairs.

  • "VA-IG" shall mean the Inspector General of the United States Department of Veterans Affairs.

  • "The Act" shall mean the Health Insurance Portability and Accountability Act of 1996.

  • "The Program" shall mean the Fraud and Abuse Control Program, as mandated by the Act.

  • "The Secretary" shall mean the Secretary of the United States Department of Health and Human Services.


I. COORDINATE FEDERAL, STATE, AND LOCAL LAW ENFORCEMENT PROGRAMS TO CONTROL FRAUD AND ABUSE WITH RESPECT TO HEALTH PLANS

  1. General

    1. Health care fraud and abuse control is promoted when Federal, State, and local law enforcement entities share information about trends in health care fraud, emerging investigative and prosecutorial techniques, and other information necessary to achieve the common goal of controlling health care fraud.

    2. Health care fraud and abuse control is promoted when Federal, State, and local law enforcement coordinate and communicate with respect to specific law enforcement initiatives.

  2. Means

    1. Opportunities at the national, State, and local levels should exist or be established to enable all interested Federal, State, and local law enforcement entities, both investigative and prosecutive, to share periodically information about trends in health care fraud and emerging investigative and prosecutorial techniques, applicable statutes and regulations, and to coordinate and communicate with respect to specific law enforcement initiatives. Federal, State, and local law enforcement can explore the development and sharing of appropriate data bases. It is the expectation that the United States Attorneys will act in a leadership role in the establishment and operation of this coordination and communication at the district level.

    2. These opportunities may include periodic meetings, newsletters, exchange of information, liaisons with other groups, and working groups.

  3. National Efforts

    1. At the national level, the Executive Level Health Care Fraud Policy Group, the National Health Care Fraud Working Group, and the Inspector General Health Care Fraud Coordinating Council, are existing groups that serve the goal of coordination. Those bodies should continue to meet on a regular basis.

    2. The Executive Level Health Care Fraud Policy Group is composed of representatives of the Department of Justice (criminal and civil prosecutors and Federal Bureau of Investigations); HHS OIG; and HCFA as appropriate. In addition, this group will meet at least semi-annually with representatives of other federal and state law enforcement agencies engaged in health care fraud control and as appropriate, associations such as the National Association of Attorneys General and National Association of District Attorneys.

    3. The Executive Level Health Care Fraud Policy Group will provide national leadership in coordinating various activities which may include:

      1. Establishment of working groups to examine particular areas of the health care industry or issues in order to develop recommendations on enforcement policy. For example, the Managed Care Working Group has been established and should continue to address issues of importance in the managed care arena, such as methods of obtaining and analyzing managed care encounter data, considering audit protocols, examining legislative issues relevant to enforcement in this area, and development adequate training for law enforcement authorities and managed care administrators.

      2. Identification of trends of fraudulent activity which warrant intensified enforcement scrutiny, and where appropriate, will facilitate a coordinated enforcement effort. Trends in fraudulent activity will be developed through an analysis of changes in health care billing, expenditures and/or spending, and other appropriate factors. As appropriate, the coordinated enforcement effort will be developed in conjunction with federal, state and local law enforcement and health care program agencies.

      3. Monitoring of information concerning expected future trends in health care fraud and abuse involving public and private health plans and disseminating this information to federal, state, and local law enforcement, and to public and private health care program agencies.

      4. Development of a mechanism for identifying information concerning payment or record keeping policies, structures or practices which render a health care plan (public or private) vulnerable to fraud and abuse. All law enforcement authorities should be encouraged to use this mechanism to report systemic vulnerabilities which they recognize in the course of their investigations. At the national level, these reports will be compiled by HHS-OIG and transmitted to the specified health care plans so that corrective action may be taken.

      5. Development of a policy statement concerning the need to, consistent with existing law, refer investigative product to state licensing and regulatory bodies, so that appropriate administrative action may be taken.

      6. Facilitation of a coordinated training effort

        1. for federal, state and local agencies in the following areas: law enforcement techniques, full range of federal, state and local remedies, including licensure and regulatory action, best practices guides and corporate compliance plans.

        2. for health professionals and consumers on identifying and reporting fraud and abuse

        3. Appropriate opportunities at the national level should be devised to coordinate and enhance the efforts of nongovernmental individuals and entities in combatting health care fraud. This group or groups consisting of insurers, providers, consumers, and others, will meet at least semi-annually to identify and address opportunities to combat health care fraud.

  4. Efforts at the state and local level.

    1. Numerous regional, state, or local health care fraud task forces/working groups presently exist; where they do not presently exist, they should be established. They serve the purposes of improving health care fraud enforcement by encouraging communication and coordination among law enforcement officials in the sharing of information on health care fraud and the use of criminal, civil, and/or administrative remedies. Successful resolution of these cases and operation of the task forces depends on mutual cooperation. In order to assist enforcement agencies in setting up such a task force, or in improving the operation of an existing task force, the Department of Justice will prepare descriptions of model task forces.

    2. Health care fraud task forces should include any federal, state, or local law enforcement agency indicating an interest in participation.

    3. Health care fraud task forces should establish a liaison with licensing and regulatory bodies at the state level and should, consistent with law, share information concerning fraudulent or abusive conduct by providers with these bodies.

    4. Health care fraud task forces should institute a channel of communication with private entities such as private insurers, provider groups, and consumer groups, in an effort to identify specific fraudulent activity, share information on fraudulent schemes, strengthen investigative techniques, and to encourage the referral of information about such activity to the health care fraud task force.


II. CONDUCT INVESTIGATIONS, AUDITS, EVALUATIONS AND INSPECTIONS RELATING TO THE DELIVERY OF AND PAYMENT OF HEALTH CARE IN THE UNITED STATES

  1. General The Program will encourage a coordinated and focused approach to investigations, audits, evaluations and inspections. To effectuate this focused and coordinated approach, the Program encourages the following:

    1. Coordination and cooperation between investigative agencies, auditors, prosecutors, other government attorneys with responsibilities under the Program, and persons conducting evaluations and/or inspections of providers and suppliers;

    2. Coordinated, multi-agency investigations whenever appropriate;

    3. Coordination with health plan administrators and officials;

    4. Development by investigative agencies and auditors of focused, in-depth knowledge of specific marketplaces and provider and supplier characteristics;

    5. Provision of recommendations for program improvements to deter future fraud;

    6. Increased involvement of private health plans in developing cases for prosecution by federal and state prosecutors;

    7. Heightened scrutiny of identified sectors of the health care industry; and

    8. Participation in national projects in areas which receive law enforcement priority.

  2. Investigative Organizations

    1. Federal Investigative Agencies: At the federal level, there are numerous law enforcement agencies with authority to investigate health care fraud including those listed below. The description of the primary responsibility of each agency to investigate fraud on particular health care programs shall not be interpreted to exclude any federal investigative agency with jurisdiction from investigating fraud on any other health care program. The Program encourages greater coordination among law enforcement agencies, including investigations which cross jurisdictional boundaries of the law enforcement agencies described.

      1. The Department of Health and Human Services Office of Inspector General (HHS-OIG) focuses primarily on fraud on the Medicare and Medicaid programs and the health benefits programs of the United States Public Health Service (PHS) such as the Indian Health Service.

      2. The Federal Bureau of Investigation (FBI) focuses on fraud on private health plans and on any health plan receiving federal funds such as Medicare, Medicaid, the Civilian Health and Medical Program of the Uniformed Services (CHAMPUS), and the Federal Employees Health Benefits Program (FEHBP).

      3. The Defense Criminal Investigative Service (DCIS), the investigative arm of the Office of the Inspector General), Department of Defense (DoD), is responsible for investigating alleged fraud and abuse in DoD programs. The programs include those which provide health care to active duty and retired military personnel, their dependents and survivors through: (1) direct care provided by a military medical treatment facility; and (2) civilian care provided through an indemnity type health insurance program known as the Civilian Health and Medical Program of the Uniformed Services (CHAMPUS). The DCIS has primary investigative jurisdiction of all allegations of fraud committed by health care providers throughout the DoD Military Health Services System.

      4. The Office of Inspector General of the Department of Veterans Affairs (VA-IG) focuses on fraud on the VA which provides health benefits to our veterans.

      5. The Office of Inspector General of the Office of Personnel Management (OPM-IG) focuses on fraud on the FEHBP, which provides health benefits to federal civilian employees, retirees, and their dependents.

      6. The Office of Inspector General of the Department of Labor (DOL-OIG) focuses on health care fraud in three major Federal health benefit and disability program administered by DOL that compensate or provide benefits to Federal workers and certain coal miners and longshore/harbor workers, who sustain job-related injuries, illnesses or diseases. DOL-OIG also devotes significant attention to fraud within private sector health and welfare benefit plans regulated under the Employee Retirement Income Security Act.

      7. Other federal agencies investigate fraud by health care providers within their respective jurisdictions, e.g., the Internal Revenue Service of the United States Department of the Treasury, Federal Trade Communication, and the United States Postal Inspectors.

    2. State and Local Investigative Agencies: Federal, State and local investigative agencies should work as partners with each other:

      1. Almost all of the states have Medicaid Fraud Control Units (MFCUs). The state Medicaid Fraud Control Units were established by federal law in 1977. The MFCUs are responsible for the investigation and prosecution (or referral for prosecution) of all criminal violations of state laws regarding fraud on the Medicaid program, as well as the investigation and prosecution of patient abuse and neglect in Medicaid-funded facilities. The MFCUs are certified by HHS-OIG and are required by federal law and regulation to meet certain minimal standards, including the employment of a multi-disciplinary team of attorneys, auditors, and investigators. In the Omnibus Budget Reconciliation Act of 1993, Congress required all states to maintain MFCUs as a condition of participation in the Medicaid program, unless granted a waiver by HHS.

      2. State Attorneys General may have jurisdiction to investigate health care fraud offenses under state law.

      3. Many district attorneys' offices also enforce state and local laws relating to health care fraud.

      4. Several state oversight agencies whose focus is not health care fraud and abuse nevertheless may reveal problems which may constitute or be related to health care fraud and abuse. For example,

        • State Surveillance and Utilization Review Subsystems (S/URS). The S/URS staff reviews systems output and conducts preliminary reviews of Medicaid providers to determine whether they can substantiate a pattern of fraud. If so, such allegations must be referred for fraud investigation.

        • State Longterm Care Ombudsmen, funded through AOA,identify, investigate and resolve complaints involving the health and safety of residents of long-term care facilities.

        • State survey and certification agencies monitor quality of care in longterm care facilities.

      5. Investigations by Private Health Plans: Some private health plans investigate allegations of fraud. These efforts should be coordinated with the appropriate Federal, State and local investigative agencies.

    3. Audits

      1. General: Audit agencies contribute to the detection and elimination of fraud and abuse in a variety of ways, including: providing ongoing audit assistance in the investigation and prosecution of fraud cases, and conducting full-scale audits of the operations of health care providers, federal contractors, as well as the federal agencies themselves. Consistent with Federal auditing standards, audits may be traditional financial audits, or "performance audits," aimed at evaluating the performance of an entity or program in order to provide information to decisionmakers who have responsibility for overseeing the program or initiating corrective action.

      2. Federal: While HHS-OIG Office of Audit Services (HHS-OIG-OAS) provides the majority of resources that are devoted to health care audits, audit work also is performed by a variety of other government agencies, by outside auditors hired by the government, and by private health plans.

        At the federal level, the audit agencies include those listed below. The description of the primary responsibilities of each agency for audit of particular health care programs shall not be interpreted to exclude any federal audit agency from auditing for fraud on other programs within its jurisdiction. The Program encourages greater coordination among audit agencies and between audit agencies and other law enforcement agencies.

        1. HHS-OIG-OAS focuses primarily on audits on the Medicare and Medicaid programs and on the health benefits programs funded or administered by the Department of Health and Human Services.

        2. The Department of Justice has auditors who primarily work on civil fraud cases and who may work on audits related to investigations of health care fraud.

        3. The Defense Contract Audit Agency (DCAA) of the Department of Defense performs audits of CHAMPUS contracts and, in accordance with auditing standards, reports observations of suspected fraud to appropriate authorities. Upon request, DCAA provides accounting/auditing assistance in fraud investigations of CHAMPUS contractors and providers.

        4. The VA-IG will focus on audits for the VA.

        5. The Corporate Audits Division of OPM-IG focuses on audits for the FEHBP. These audits concentrate primarily on health insurance carriers who contract with the federal government, but also may include health care providers and subscribers.

        6. The DOL-OIG focuses primarily on audits targeting medical providers who defraud the three major health and benefits programs administered by DOL. Emphasis also is placed on individuals illegally receiving benefits, particularly those who are fraudulently receiving survivor's benefits.

      3. State and Local Audits: As noted above, almost all states have Medicaid Fraud Control Units (MFCUs) which are responsible for the investigation and prosecution (or referral for prosecution) of all criminal violations of state laws regarding fraud on the Medicaid program. MFCUs employ a multi-disciplinary approach which includes audit work, along with investigative and prosecutive work. States also have other agencies with authority to conduct audits regarding health care fraud.

      4. Audits by Private Health Plans: Some private health plans may conduct audits of claims submitted to them in order to verify the accuracy of the claims and detect fraud. These audit efforts should be coordinated with the appropriate federal, state and local investigative agencies.

    4. Evaluations and Inspections

      1. General: Evaluations and inspections to be undertaken under the Program include, but are not limited to, program evaluations or inspections, medical reviews, utilization reviews and fraud reviews. A program evaluation, sometimes called an "inspection," is a process, other than an audit or investigation, that evaluates, reviews, studies and analyzes government activities, for the purposes of recommending improvements to programs, policy, or procedures. Objectives of program evaluations include providing and presenting factual and analytical information, monitoring compliance, measuring performance, assessing program efficiency and effectiveness, and determining the extent and causes of fraud, waste, abuse and mismanagement. Program evaluation activities in the context of federally-funded health care programs include reviews, studies and analysis of program operations to identify program vulnerabilities and requirements for integrity safeguards. The techniques frequently employed in conducting evaluations of health care programs include:

        1. Data analysis based upon claims for payment, program data related to beneficiaries and providers and other information collected or maintained by the government;

        2. Medical review related to claims for reimbursement, for the purposes of establishing the medical necessity of the service, verifying the appropriateness of the program payment, and assessing the quality of care provided under the program;

        3. Management and policy analysis to evaluate the efficiency and effectiveness of program policies and operations.

      2. Medicare and Medicaid: Program evaluations related to the Medicare and Medicaid programs will be conducted by the HHS-OIG Office of Evaluation and Inspections (HHS-OIG-OEI). The results of HHS-OIG-OEI evaluations will be used to make recommendations concerning policies and operations to program decision-makers, and to identify potential target areas for future action such as audit and investigation. For example, a study or series of studies conducted by HHS-OIG-OEI might identify and describe an area of significant vulnerability in a particular area of Medicare coverage and reimbursement. The results of this work would be used to shape appropriate policy changes, and the data and data analysis would be used further to support investigational activities that could eventually result in substantial fraud and abuse prosecutions and recoveries.

      3. DOD and CHAMPUS: Program evaluations or inspections, medical reviews, utilization reviews and fraud reviews for CHAMPUS and other DOD health plan programs will be conducted by DOD personnel or by contractors.

      4. FEHBP: Program evaluations related to the FEHBP will be conducted by the OPM-IG Office of Evaluation and Inspections. The evaluations gauge the efficiency and effectiveness of FEHBP policies and operations, as well as internal controls.

      5. VA: Program evaluations or inspections, medical reviews, utilization reviews and fraud reviews for the VA will be conducted either by VA employees or by contractors.

      6. Federally-funded health plans in general: Medical reviews, utilization reviews and fraud reviews for an investigation of health care fraud in any federally-funded health plan (including Medicaid and FEHBP) may, when necessary, be conducted by DOJ employees or contractors.

      7. Private health plans: Program evaluations or inspections, medical reviews, utilization reviews and fraud reviews for private health plan(s) may be conducted by employees of the private health plan(s), or contractors. The results of these efforts should be shared with appropriate federal, state, and local investigative agencies.

    5. Relationship to Medicare Integrity Program: The Health Care Financing Administration (HCFA) shares responsibility to detect fraud on the Medicare program. HCFA contracts for program integrity functions which include identification of Medicare fraud, referral to appropriate authorities, and prevention of Medicare fraud. Prior to the passage of the Health Insurance Portability and Accountability Act of 1996, HCFA contracted with the private insurance companies which process and pay claims for reimbursement made to the Medicare program to provide program integrity functions. The private insurance companies which process Medicare billings are called Medicare carriers and fiscal intermediaries.

      Section 202 of the Health Insurance Portability and Accountability Act of 1996 provides for the establishment of the Medicare Integrity Program. The Medicare Integrity Program is not part of the Fraud and Abuse Control Program mandated by Section 201 of the Act. The Medicare Integrity Program authorizes the Secretary to enter into contracts with eligible entities, other than their carriers and fiscal intermediaries, to carry out five activities:

      1. medical, utilization and fraud review;

      2. cost report audits;

      3. determinations of whether payments should be or should have been made under section 1862(b) of the Act, and recovery of payments that should not have been made;

      4. education of providers, beneficiaries and other persons regarding payment integrity and benefit quality assurance issues; and

      5. development and update of a list of items of durable medical equipment which are subject to prior authorization, pursuant to section 1834(a)(15).

      The Secretary is required to use procedures in entering into the contracts which the Secretary establishes through regulation, although the Secretary may enter into contracts even though final regulations have not been promulgated.

      Under the Fraud and Abuse Control Program, the HHS-OIG will coordinate referrals of matters for investigation and possible prosecution with the contractors engaged by HCFA to conduct program integrity functions under the Medicare Integrity Program.

    6. Conservation of Resources and Maximization of Results: To minimize resources needed to investigate and prosecute any provider and to develop the most effective investigative strategy, the following procedures should be implemented.

      1. Each investigative agency will be responsible for ascertaining whether a subject of an investigation is already under investigation by any other agency and/or in multiple jurisdictions.

      2. When a federal or state investigative agency, a United States Attorney's Office or the Department of Justice ascertains that a subject is under investigation in multiple jurisdictions (whether by one or multiple agencies), they should convey that information to the relevant investigative agencies and the Department of Justice and the appropriate United States Attorneys' Offices so that together they can develop a nationwide strategy to most effectively coordinate the multiple efforts and efficiently use resources. Where the subject operates only in one state or in one metropolitan area, communication to the relevant United States Attorneys is sufficient.

      3. In the event that a federal multidistrict investigation is leading to a global settlement, all relevant parties, including appropriate state and local agencies should be informed of negotiations at the earliest possible date so that the appropriate entities, such as National Association of Medicaid Fraud Control Units, can designate a team of representatives to negotiate on their behalf. Similarly, in the event that a state-led multidistrict investigation results in a global settlement, similar early communication should occur.


III. FACILITATE THE ENFORCEMENT OF THE CIVIL, CRIMINAL AND ADMINISTRATIVE STATUTES APPLICABLE TO HEALTH CARE

  1. Law Enforcement Cooperation: In order to apply the full range of remedies, as appropriate, in a particular case, DOJ, HHS, and other enforcement and program agencies will work together and with the private sector to pursue a comprehensive enforcement approach to health care fraud. The foundation of this approach is coordinating and exchanging information in a regularized manner.

  2. Health Care Fraud Victims: Department of Justice prosecutors and investigators shall ensure that victims' rights and services under federal statutes and administrative guidelines will be enforced for the benefit of victims of health care fraud, including provisions concerning notice to victims about case and offender status, appropriate consultation with victims, advocacy of restitution for victims, and enforcement of restitution awards for victims by the government.

  3. Coordination of Remedies: Health care fraud matters frequently lend themselves to investigation and resolution through a combination of criminal, civil and administrative sanctions. Increasingly, government prosecutes responsible companies and persons, collects civil damages and penalties, and imposes administrative sanctions such as exclusion or compliance agreements. Under the Program, DOJ and HHS should make maximum use of all available remedies to fight health care fraud and abuse. This includes joint and parallel investigations and civil and criminal proceedings, where appropriate. To ensure maximum recovery for the United States while minimizing duplication of effort, early coordination of the criminal, civil and administrative remedies is critical.

    1. Task Forces and Working Groups: Federal, State, local, or regional health care fraud task forces/working groups can improve health care fraud enforcement by encouraging communication and coordination among law enforcement officials in the use of criminal, civil, and/or administrative remedies. Successful resolution of these cases and operation of the task forces depends on mutual cooperation.

    2. Coordination of Administrative Remedies: To ensure that administrative remedies are undertaken without adversely affecting other law enforcement activities, federal agencies will notify and coordinate with DOJ before pursuing administrative remedies.

    3. Facilitating Access to Data: Where appropriate, Memoranda of Understanding will be entered among participants in the Fraud and Abuse Control Program and others to ensure necessary and expedient access to data.

  4. Joint and Parallel Proceedings: Using all available remedies to fight health care fraud and abuse includes joint or parallel investigations and administrative, civil, and criminal proceedings. Although such proceedings are not unique to health care fraud cases, health care matters frequently lend themselves to investigation and resolution through a combination of criminal, civil, and administrative sanctions. Parallel or joint proceedings help maximize the government's recovery while minimizing duplication of effort. It is the goal of the Department of Justice and HHS that civil, criminal, and administrative remedies should be sought jointly and not to the exclusion or detriment of each other in seeking to redress health care fraud.

    1. United States Attorneys should consider the establishment of a separate unit to handle health care fraud cases criminally and civilly; when feasible, this approach will help insure that the Department of Justice's interest in effecting a complete civil and criminal recovery will be achieved.

    2. Consistent with the Department's regulations, the United States Attorney's offices remain the focal point for the coordination of criminal and civil remedies within a district. Every United States Attorney should institute a system of coordination of the criminal, civil andadministrative aspects of all appropriate matters that ensures that all criminal referrals, indictments, declinations, pleas and convictions are assessed for their impact on potential and appropriate civil fraud remedies. Criminal and civil attorneys should inform each other and affected agencies of the progress of their respective cases, especially at critical junctions to ensure that the criminal, civil and administrative aspects of these matters are appropriately addressed. This coordination system also should insure that an agency will not impose a civil monetary penalty without prior coordination with and authorization from DOJ.

    3. If possible, joint investigations are encouraged, utilizing the guidance of the criminal and civil prosecutors and investigative agencies. While each casemust be considered on its own merits, investigators and attorneys should consider obtaining documents by non-grand jury means such as authorized investigative demands and/or Inspector General subpoenas and search warrants, and where appropriate sharing them with the criminal, civil and agency personnel responsible for the matter.

    4. Where necessary, criminal proceedings may be pursued separately and prior to or subsequent to civil proceedings to avoid discovery problems. Consideration, however, should be given to statutes of limitations, dissipation of assets and the potential continuing harm to patients and payers in deciding the timing of civil and administrative actions. Filing and staying civil actions may be appropriate. In other cases, it may be appropriate for the civil action to proceed first.

    5. Criminal and civil investigations may reveal indications of quality of care issues, and patient harm or abuse. Information concerning these matters should expeditiously be disseminated to the appropriate authority so that no further harm can occur. If a court order would be required in order to disclose to appropriate authorities information which is protected by grand jury secrecy rules or other laws, such an order should be sought.

    6. The focus of civil and criminal prosecutions is not always identical. Civil prosecutions may have different targets, apply a different analysis to damages, have a focus that is broader as to time periods or transactions, or require immediate attention to prevent dissipation of assets. Therefore, as soon as a prosecutor ascertains that the matter may have a financial impact on the treasury or otherwise may give rise to civil liability, the attorney responsible for the civil action should be notified in order to provide input into the investigation and advise the criminal prosecution team regarding the avoidance of problems arising from grand jury secrecy. Additionally, referrals prior to grand jury proceedings permit meaningful input regarding civil liability if there should be global plea agreements and requests for restitution orders under the Mandatory Victim Restitution Act.

  5. Settlements and Compliance Agreements

    1. Coordination: Any settlement should be coordinated with the appropriate encies within the federal government representing the federal programs affected. To the extent that Medicaid is involved, coordination with the States, generally through the National Association of Attorneys General and/or the National Association of Medicaid Fraud Control Units, is appropriate.

    2. Compliance Provisions: Generally, settlement of health care fraud issues should have an accompanying compliance agreement or compliance provisions aimed at preventing future wrongdoing by putting safeguards in place to correct past misconduct, and identify and correct any future misconduct. It is the responsibility of HHS to negotiate such an agreement where the Medicare or Medicaid program is implicated. Appropriate provisions should be included in agreements to ensure remedies for noncompliance with the agreement.

    3. Criminal Liability of Individuals: Settlement or plea agreements with corporations or other entities which serve to resolve the entity's criminal liability by guilty plea, pre-trial diversion, or other disposition should not release individuals from criminal liability. The criminal liability of individuals through whom the entity committed its acts should be investigated and should be resolved separately from the entity's liability.

    4. Monetary Recoveries and Fines: In civil settlements, it is the policy of the Department of Justice to seek full recovery of losses to the affected government health care programs. In all appropriate cases, it is the policy of the Department of Justice to seek recovery in excess of the government's losses where such sums could be recovered as multiple damages and/or civil penalties under the False Claims Act, 31 U.S.C. §§ 3729 - 3733, the Civil Monetary Penalties Law, 42 U.S.C. § 1320a-7a, the Program Fraud Civil Remedies Act, 31 U.S.C. §§ 3801-3812, or otherwise under other authorities. The DOJ will consider a settling party's inability to pay on a case-by-case basis. Proposed criminal fines should fall within the ranges proscribed by the United States Sentencing Guidelines. In plea agreements in criminal cases, it is the position of DOJ that consideration be given to requesting that the defendant provide full restitution to all victims of all charges in the indictment or information.

    5. Global Settlements: A global settlement agreement between a United States Attorney and a provider or supplier entered into for the purpose of resolving civil and/or criminal responsibility for past conduct, should not include within it any sections designed to regulate future billing procedures and policies, unless those provisions have been reviewed by the HHS Office of Counsel to the Inspector General, Civil Recoveries Branch or any other relevant program agency. Where a global settlement agreement involves several United States Attorneys' Offices, resolution may be facilitated by the Criminal and Civil Divisions of the Department of Justice.

  6. Each Federal, state, and local law enforcement agency responsible for the enforcement of laws relating to fraud and abuse with respect to health plans should establish policies which, where otherwise authorized by law, provide for the restoration of the proceeds of lawfully forfeited assets to health plans or other victims of health care fraud up to the value of the property forfeited in connection with theoffense that caused the loss suffered by the victim.

  7. Voluntary Disclosure Program. The Attorney General and the Secretary will continue to explore the utility of a disclosure program to enable health providers to voluntarily disclose to the government evidence of fraud against Medicare which they have discovered within their organizations.


IV. PROVIDE INDUSTRY GUIDANCE, INCLUDING ADVISORY OPINIONS, SAFE HARBORS, AND SPECIAL FRAUD ALERTS RELATING TO FRAUDULENT HEALTH CARE PRACTICES

  1. General

    The HHS "safe harbor" regulations are designed specifically to identify protected behavior and business arrangements under the anti-kickback statute. In addition, the HHS-OIG periodically issues Special Fraud Alerts that serve to give continuing guidance to health care providers on various aspects of the anti-kickback statute and other statutory provisions. Finally, HHS is now required, in consultation with the Department of Justice, to provide formal written advisory opinions to the provider community on the application of the anti-kickback statute, the safe harbor provisions, and certain other HHS health care fraud and abuse sanctions.

  2. Safe Harbors

    1. Annual Solicitation

      HHS will publish a solicitation in the Federal Register on or about January 1 of each year, with a 60-day response period, for proposals to modify existing safe harbors, or for new safe harbors. After considering such proposals, HHS may publish a notice of proposed rulemaking, with modifications to existing safe harbors and with new safe harbors, for public comment. If HHS elects not to respond to a safe harbor proposal in this manner, the HHS-OIG will report to Congress regarding the reasons for rejection of each such proposal.

    2. Criteria

      In modifying existing safe harbors or establishing new ones, HHS may consider whether the practice may result in an increase or decrease in (1) access to health care services, (2) quality of health care services, (3) patient freedom of choice among health care providers, (4) competition among health care providers, (5) ability of health care facilities to provide services in medically underserved areas or to medically underserved populations, (6) cost to Fedral health care programs, (7) potential overutilization of health care services, and other factors.

  3. Special Fraud Alerts

    1. Annual Solicitation

      HHS will publish a solicitation in the Federal Register on or about January 1 of each year, with a 60-day response period, for proposals for Special Fraud Alerts. In addition, HHS-OIG will accept proposals for Special Fraud Alerts at any time. After considering such proposals, HHS-OIG may publish Special Fraud Alerts, if appropriate.

    2. HHS-OIG Initiative

      The HHS-OIG will, on its own initiative, continue to regularly assess information generated through audits, investigations and evaluations to determine whether a Special Fraud Alert is warranted to address particular conduct.

    3. Criteria

      In evaluating whether to issue a particular fraud alert, HHS-OIG may consider the volume and frequency of the conduct that is in question, as well as any of the factors discussed above with respect to safe harbors.

  4. Advisory Opinions

    1. Subjects of Advisory Opinions.

      In consultation with the Department of Justice, HHS-OIG will issue written advisory opinions with regard to: (1) what constitutes prohibited remuneration under the anti-kickback statute; (2) whether an arrangement, or proposed arrangement satisfies the criteria in section 1128B(b)(3) of the Social Security Act (the Act), or established regulations, for activities that do not result in prohibited remuneration; (3) what constitutes an inducement to reduce or limit services under section 1128A(b) of the Act to Medicare and Medicaid beneficiaries; or (4) whether an activity, or proposed activity, constitutes grounds for the imposition of civil or criminal sanctions under sections 1128, 1128A or 1128B of the Act. The HHS-OIG will not address the issues of whether fair market value shall be, or was paid for any goods, services or property, or whether an individual is a bona fide employee.

    2. Final Rule

      HHS is required to have procedural regulations set in place by February 17, 1997, as the statute requires HHS to accept requests for formal advisory opinions from outside parties on or after February 21, 1997. This rule will serve to address the various procedural issues and aspects of this advisory opinion process. Specifically, this rule will set forth: (1) the procedures to be followed by a party applying for advisory opinions and by the HHS-OIG in responding to these requests; (2) the time frames under which the HHS-OIG will receive and respond to requests; (3) the type and amount of fees to be charged to the requesting party; and (4) the manner in which the public will be informed of the issuance of any advisory opinion. The rule will not address the substance or content of advisory opinions to be issued by the HHS-OIG.

    3. Fees

      In accordance with the statute, HHS-OIG will charge a fee to the requestor - payable to the U.S. Treasury - equal to the costs incurred by the Department of Health and Human Services in responding to the request.

    4. Dissemination of advisory opinions

      Once HHS-OIG issues an advisory opinion to a requestor, HHS-OIG will also make copies available for public inspection and on the HHS-OIG web site.

  5. The Department of Justice and the Department of Health and Human Services will work with other law enforcement officials engaged in health care enforcement to develop additional guidance such as fraud alerts with respect to fraudulent practices which also affect public and private health plans, other than medicare and medicaid.


V. ESTABLISH A NATIONAL DATA BANK TO RECEIVE AND REPORT FINAL ADVERSE ACTIONS AGAINST HEALTH CARE PROVIDERS

  1. General

    The Adverse Action Data Bank will be operated under the auspices of HHS, either directly or through contracts or other arrangements. Consideration will be given to security and integrity of the system, efficiency and cost.

  2. Security and Integrity

    1. There will be mechanisms in place to ensure the accuracy of reported information, including procedures to correct erroneous information.

    2. There will be effective security to prevent unauthorized access to the data, including procedures for verifying the identities of those making requests for information from the Adverse Action Data Bank. There will be procedures to protect the confidentiality of individual patient information reported to and stored in the Adverse Action Data Bank.

  3. Efficiency of Operation

    1. To promote an efficient system, there will be coordination with the existing National Practitioner Data Bank to avoid duplication of expense and effort.

    2. The Adverse Action Data Bank should be monitored to ensure that covered information is properly and timely reported.

    3. In order to minimize expense and maximize timeliness of responses, electronic reporting and retrieval will be encouraged.

    4. There should be consideration of direct, on-line access by certain authorized users, if that access can be accomplished without compromising security concerns.

  4. Issues Relating to Cost

    Appropriate user fees, designed to cover the costs of operation, will be established.


VI. COORDINATION AND EXCHANGE OF INFORMATION

In order to facilitate the enforcement of civil, criminal, and administrative statutes relating to fraud and abuse with respect to health plans, the following guidelines are provided to facilitate the exchange of information under the Program:

  1. Guidelines for Exchange of Information

    1. Health Plan Exchange of Information with Law Enforcement and Other Health Plans

      Each health plan should establish policies to assure that relevant information is promptly provided to appropriate Federal, state and local law enforcement authorities and to other appropriate health plans such as

      1. information indicating a potential violation of civil, criminal, or administrative laws relating to fraud and abuse with respect to health plans.

      2. information requested by Federal, state, or local law enforcement agencies which the agency states is relevant to an investigation, audit, evaluation, or inspection under the Program.

      3. information which would assist in the identification of potential violations or assist in the identification of areas requiring investigation, audit, evaluation, or inspection. Such information may include: 1) surveys; 2) quality assurance reviews; 3) provider and patient profiles; 4) utilization reviews, and 5) other similar analyses.

    2. Law Enforcement Exchange of Information With Health Plans

      Each Federal, state, and local law enforcement agency acting pursuant to the Program, should establish policies for the exchange of the following categories of information with health plans, to the extent such exchange is permitted by law and where disclosure would not jeopardize ongoing law enforcement activities:

      1. information, the disclosure of which would further an investigation, audit, or evaluation;

      2. information such as studies, evaluations, or profiles, which could assist health plans in establishing and maintaining appropriate controls;

      3. information or evidence discovered in the course of an investigation or an administrative, civil or criminal proceeding conducted in conjunction with the Program, including periodic updates on the status of the investigation or administrative, civil or criminal proceedings;

      4. information to be conveyed to victims of crime as set forth in applicable federal or state statutes, Attorney General Guidelines for Victim and Witness Assistance, and other relevant guidance including various notice and consultation provisions; and

      5. information discovered in the course of an investigation or an administrative, civil or criminal proceeding which indicates an ongoing quality of care problem; this information should be shared with the health plan and any appropriate oversight agencies.

    3. Law Enforcement Exchange of Information with Other Law Enforcement Agencies

      Each Federal, state, and local law enforcement agency acting pursuant to the program, should establish policies to assure that the following information is promptly provided to other appropriate law enforcement agencies:

      1. information indicating a potential violation of civil, criminal, or administrative laws relating to fraud and abuse with respect to health plans or information which is relevant and would further an existing investigation of such potential violation.

      2. information, such as studies, reviews, profiles, which would assist an agency in identifying fraud and abuse.

    4. Law Enforcement Treatment of Information Provided by a Health Plan

      Each Federal, state, and local law enforcement agency responsible for the enforcement of laws relating to the Program, should establish policies which, where appropriate and otherwise permitted by law, provide that the agency may exercise its discretion to classify information obtained from health plans as confidential source information.

    5. Information Exchange Coordinators

      Each Federal, state, and local law enforcement agency, and each health plan, should designate an information coordinator or coordinators to act as the point of contact to facilitate exchanges of information under these guidelines. Each coordinator will be responsible for overseeing the exchanges of information described in these guidelines.

      Each coordinator will be responsible for:
       
      1. identifying potential exchanges of information between that law enforcement agency, health plans and other agencies which would further the purposes of the program and not jeopardize on-going law enforcement activities.

      2. taking necessary steps to ensure that the Privacy Act, the Substance Abuse Patient Medical Records Confidentiality Act, and any other relevant confidentiality restrictions are not violated.

      3. where health plans are required to make information available to an agency (e.g., information relating to the payment of claims under the Medicare program, information subject to administrative subpoena) coordinating the disclosure of such information to assure that all relevant information is expeditiously disclosed.

      4. discretionary disclosures by health plans to federal law enforcement agencies, identifying information which the law enforcement agency needs from the health plans for investigative, audit, evaluation, or inspection purposes and establishing procedures and cooperative arrangements to obtain access to such information.

      5. coordinating with the health plans to identify categories of information in the private sector which could facilitate the identification of potential violations or assist in the identification of areas requiring investigation, audit, evaluation, or inspection.

      6. developing guidance on the reporting of information discovered in the course of an investigation or an administrative, civil or criminal proceeding which indicates an ongoing quality of care problem to health plans and any appropriate oversight agencies.

  2. Representatives of the Secretary of HHS (acting through the Inspector General) and the Attorney General will coordinate efforts to facilitate exchanges of information under these guidelines. This coordination will include the creation of a working group to address further sharing of data issues.


VII. HEALTH CARE FRAUD AND ABUSE CONTROL PROGRAM CONFIDENTIALITY PROCEDURES: PROVISION AND USE OF INFORMATION AND DATA

  1. General: These guidelines shall apply to information, containing the identity of individuals receiving health care services or items, which is disclosed by health plans, providers and others to Federal, state and local law enforcement programs in connection with investigations, audits, evaluations and inspections relating to the delivery of and payment for health care services or items, conducted pursuant to the Fraud and Abuse Control Program.

  2. Scope: The scope of these guidelines is limited to the maintenance of confidentiality of information and privacy of individuals receiving health care services and items. These guidelines are not intended to expand or narrow the use of such information for purposes of law enforcement, which is otherwise authorized or prohibited under law. These guidelines are not intended to expand or narrow any confidentiality, disclosure or privacy requirements under law, including, but not limited to the Substance Abuse Patient Medical Records Privacy Act, 42 U.S.C. § 290dd-2, and regulations, 42 C.F.R. Part 2; and the federal Privacy Act, 5 U.S.C. §552a.

  3. Procedures:

    1. Such information shall be provided in a manner, determined by the law enforcement agency which requested the information or to which the information is directed, that appropriately maintains the confidentiality of the information and privacy of individuals receiving health care services and items, to the extent practicable and consistent with the goals and purposes of the fraud and abuse control programs and legitimate law enforcement needs.

    2. Such information should be maintained securely and access to such information should be limited to those persons with a legitimate need for access.

    3. To the extent it is necessary to share such information with an expert, witness or consultant, to the extent practicable and consistent with the legitimate needs of law enforcement, the identity of individuals who have received health care services or items should be redacted. To the extent it is necessary to disclose the identity of such individuals, such experts, consultants or witnesses should be advised of the need to maintain the confidentiality of the information and the privacy of individuals who have received health care services or items. In those instances where law enforcement enters into a contract with expert witnesses or consultants to whom information subject to these guidelines will be disclosed, these guidelines should be incorporated within the contract language for the witness' or consultant's services.

    4. The disclosure and use of such information in any judicial, administrative, court or other public proceeding should be undertaken in such a manner as to preserve the confidentiality and privacy of individuals who received health care services or items, unless disclosure is required by the nature of the proceeding. Whenever disclosure of these individuals' identities is required by the nature of the proceeding, or it is impracticable to redact the identities of such individuals, the attorney for the government should consider obtaining consent for the disclosure from the affected individuals, or making a request to the presiding judicial or administrative officer to enter an order limiting the disclosure of the identities of such individuals contained in such information, to the extent possible, including the redacting of the identities of individuals from publicly disclosed or filed pleadings or records.

    5. Whenever the need for disclosed information subject to these guidelines has ended, such information should either be destroyed, or returned to the entity which originally disclosed it.


FN 1. This amount includes criminal fines and penalties, forfeitures, civil judgments and settlements, and administrative monetary penalties. It does not include the restitution due to the victim, funds awarded to a relator, or as otherwise authorized by law.

[updated April 1998] [cited in JM 9-44.150; JM 9-44.160]