Am I covered? and other questions to ask about insurance

By Patrick J. Hickey, CPCU, RPLU, MBA

Patrick J. Hickey (patrick.hickey@9thstreetinsurance.com) is a self-employed Insurance Consultant living in New York City.

Is insurance available to cover regulatory claims that arise from actual or alleged violations of the False Claims Act (FCA), Stark Law (Stark), and Anti-Kickback Statutes (AKS)? If so, who is covered under the insurance? Are the limits of the insurance sufficient to cover large-dollar cases?

Asking these and other relevant questions will not only help improve your understanding of the coverage you have, it will also help make sure you get the coverage that is best for you and your organization.

What is the risk we need to insure against?

All providers that bill for services under Medicaid, Medicare, or other government programs are exposed to the risk that they may run afoul of rules and regulations governing participation in these programs. These risks pertain not just to the organizations but also to individuals and employees within the organization. In fact, in recent years, there have been increasing efforts to hold individuals personally accountable to FCA, Stark, and AKS regulations.

Beginning with the release of a memo titled “Individual Accountability for Corporate Wrongdoing” (also known as the Yates Memo[1] ) in 2015, the U.S. Department of Justice (DOJ) has signaled increased focus in identifying and prosecuting (civilly and criminally) individuals involved with fraud and misconduct. The memo directed prosecutors to “focus on individual conduct from the inception of any investigation” and was subsequently supported by new rules put in place by Deputy Attorney General Rod Rosenstein in 2018. Although this policy may be aimed at senior executives, and recent prosecutions of healthcare CEOs might make headlines, compliance professionals and other employees remain exposed to this risk.

This trend toward individual accountability means that those involved in regulatory compliance should ask questions about insurance and understand the current coverage in place. In particular, compliance professionals should:

  • Become informed about available insurance coverage;

  • Be encouraged not to settle for the basic and limited coverage provided in most insurance policies; and

  • Understand how they can use effective compliance programs to get the best insurance protection for the organization and its employees.

Does my organization have coverage for these risks?

If your organization carries insurance for your board members and directors (D&O insurance), the answer to this question is probably yes. Most D&O policies issued to healthcare providers include some level of coverage for these types of claims. Additionally, some level of coverage might also be included in your organization’s medical malpractice policy or policies issued to individual providers. Your organization might even have purchased a separate policy designed to specifically cover this risk. Several types of insurance policies might actually provide coverage for this risk, including:

  • Directors and officers liability insurance

  • Healthcare regulatory liability insurance

  • Physicians regulatory insurance

  • CyberPro and regulatory medical billings insurance

  • Billing errors and omissions insurance

There are many different types of policy forms and very little uniformity in the language and coverage of many policies covering this risk. Of course, each organization is different, and what works for one healthcare provider might not be right for others. For these reasons, special care and attention is needed when evaluating the coverage in place for your organization. In the following sections, I have chosen to focus primarily on D&O liability insurance, because there are several benefits to using this policy as the basis of coverage.

Who is covered?

In most D&O and stand-alone policy forms, the definition of an “insured” is rather broad and generally includes employees. However, this is not always the case, and some policies limit coverage to executive officers, board, or committee members only. The following is standard wording contained in most D&O policies:

Insured persons means all persons who were, now are or shall become:

  • a director or officer of the company;

  • any employee; and

  • the functional equivalent of a director, officer, or employee in the event the company is incorporated or domiciled outside the United States.

What is covered? Defense costs, fines and penalties, and return of funds

In some cases, coverage will include costs arising from expenses in defending claims but not for any fines and penalties that may result. Other policies will include coverage for fines and penalties with certain limitations; however, coverage for return of funds is generally not available.

What is covered? Specific activities and regulations

With some policies, the carrier broadly defines the scope of coverage to include “government regulations,” which can include the Health Insurance Portability and Accountability Act (HIPAA), Emergency Medical Treatment and Labor Act (EMTALA), and other regulations governing healthcare providers. However, because there may be coverage for violations of these rules in other policies, it’s common for carriers to specify that D&O coverage applies only to FCA, Stark, and AKS. The following is typical language that limits coverage in this way:

Regulatory Wrongful Act means any actual or alleged:

  1. act, error, omission, misstatement, misconduct, fraud, reckless disregard or negligence committed by an Insured in the performance of, or failure to perform, any of the following activities in the Medicaid, Medicare,

    Federal Employee Health Benefit or TRICARE programs:

    1. procedure coding;

    2. bill, claim, cost report or data submissions; or

    3. the calculation of managed care payments;

  2. offer, acceptance or payment by any insured in exchange for any patient referral(s), in violation of any state, local, or federal law; or

  3. offer, acceptance, or payment by an insured in violation of any state, local, or federal anti-kickback law.

Again, because HIPAA, EMTALA, and other risks are generally covered elsewhere, this definition may be appropriate, depending on your specific coverage.

How much coverage? Limits of liability, retentions, and coinsurance

This might be the most overlooked and yet most critical area of coverage. Limits provided vary significantly according to the type of policy or coverage, but in most D&O policies they are $1 million or less. The limits are also affected by retentions or deductibles that must be paid before coverage kicks in. Further there is often a coinsurance provision that requires the insured to pay some part of every dollar of the loss. In some policies this is as high as 50%.

When evaluating the amount of coverage, organizations and individuals should consider the exposure being covered. Defense of regulatory matters can easily cost several million dollars and, of course, fines are frequently in the tens of millions of dollars. The intent of the coverage is to protect the assets of the organization and its employees. Obtaining the right structure of limits, retentions, and coinsurance, within the budget constraints of the organization, is perhaps the most important objective in this process.

What else? Other terms, conditions, and exclusions

There are, of course, many other factors to consider when evaluating coverage. Some examples of provisions that should be examined include:

  • Coverage for claims brought by commercial payers – Most carriers will include this coverage, but occasionally it must be requested.

  • Pay-on-behalf versus indemnification wording – There are pros and cons to each of these approaches but, generally speaking, smaller or mid-sized provider organizations prefer to have the carrier assume defense and pay on their behalf.

  • Exclusions for violation of readmission guidelines or formulas – Some forms include restrictions such as these, which should be negotiated out of the policy.

  • Coverage for risk mitigation expenses – Some policies will provide a limit of coverage to pay for expenses related to pre-claim investigation costs and other expenses related to risk mitigation.

These are just a few of the many provisions that should be part of a comprehensive, side-by-side review of the coverages available to the organization. The comparison should be aligned with priorities of the organization and, in most circumstances, there are tradeoffs that are made to arrive at the best terms achievable. Of course, “what’s achievable” is determined by the level of attention and expertise that is involved in the insurance purchasing process, as well as the effectiveness of the organization’s compliance program and risk profile.

This document is only available to members. Please log in or become a member.
Become a Member Login
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field

First name field cannot be blank!
Last name field cannot be blank!
We will send you an email that will give you access to this entire article.
Email field cannot be blank!
Enter a valid email!
Company field cannot be blank!
Enter a valid company!
Title field cannot be blank!

We're committed to your privacy. The Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA) uses the information you provide us to contact you about our relevant content, products, and services. For more information, check out our Privacy Policy.


About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook Twitter LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings