There is a total of 562 Accountable Care Organizations (ACOs) across the Shared Savings Program, Next Generation ACO Model, and Comprehensive End-Stage Renal Disease (ESRD) Care Model (CEC) Model. Fifty-eight of those are Next Generation ACOs.[1] This article focuses on Next Generation. However, the guidance contained within may prove helpful for compliance programs overseeing other shared service programs that are also at risk of violating fraud and abuse regulations and have available waivers.

In accordance with the terms of the Next Generation ACO Model Participation Agreement, all Next Generation Accountable Care Organization’s employees and officers, Participants, Preferred Providers, and other individuals or entities performing functions or services related to Accountable Care Organization (ACO) activities must comply with the applicable terms of the ACO Agreement (entered into between the ACO and CMS) and all applicable statutes, regulations, and guidance. There are some federal regulations that ACOs are at risk of violating.

This article first overviews the federal laws that were considered in identifying the high-risk area. It briefly touches on the availability of exceptions via waivers and refers you to my article that addresses Next Generation Waivers in more detail. Finally, it reviews the structure of ACOs, and fraud and abuse risk that are inherent to the very structure.

High-Risk Federal Laws

Below is a quick overview (or refresher course) on the fraud regulations, so that prohibited conduct is top of mind as we examine the ACO structure and inherent risks.

The Civil Monetary Penalties Law – Imposes civil monetary penalties for:

  • Violations of the False Claims Act (FCA) make a person liable to pay damages to the Government if he or she knowingly:
    • Conspires to violate the FCA;
    • Carries out other acts to obtain property from the Government by misrepresentation;
    • Knowingly conceals or knowingly and improperly avoids or decreases an obligation to pay the Government;
    • Makes or uses a false record or statement supporting a false claim; or
    • Presents a false claim for payment or approval.
  • Offers or transfers remuneration to an individual that is eligible for benefits under the federal health care program and likely to be influenced to order or receive from a particular provider, practitioner, or supplier any item or service for which payment may be made, in whole or in part, under a federal or state health care program.

Criminal Penalties for Acts Involving Federal Health Care Programs (42 U.S. Code § 1320a–7b) – imposes criminal penalties such as criminal fines up to $250,000, imprisonment for up to 20 years, or both. If the violations resulted in death, the individual might be imprisoned for any term of years. These penalties are imposed for violations of the Anti-Kickback Statute and the False Claims Act:

  • Knowingly and willfully making or causing to be made any false statement or representation of a material fact in any application for any benefit or payment under a Federal health care program or for use in determining rights to such benefit or payment.
  • Knowingly and willfully soliciting, receiving, offering or paying any remuneration directly or indirectly, overtly or covertly, in cash or in kind in return for referring an individual to a person for the furnishing or arranging for the furnishing of any item or service for which payment may be made in whole or in part under a Federal health care program, or in return for purchasing, leasing, ordering, or arranging for or recommending purchasing, leasing, or ordering any good, facility, service, or item for which payment may be made in whole or in part under a Federal health care program.

The Anti-Kickback Statute – The Anti-Kickback Statute prohibits knowingly and willfully soliciting, receiving, offering, or paying remuneration (including any kickback, bribe, or rebate) for referrals for services that are paid, in whole or in part, under a Federal health care program (including the Medicare Program).

The False Claims Act – Prohibits knowingly and willfully making or causing to be made any false statement or representation of a material fact in any application for any benefit or payment under a Federal health care program or for use in determining rights to such benefit or payment.

The Physician Self-Referral law (Stark) – The Stark Statute prohibits a physician from making referrals for specific designated health services to an entity when the physician (or a member of his or her family) has:

  • An ownership/investment interest; or
  • A compensation arrangement (exceptions apply).

Next Generation ACO Waivers for Federal Laws

There are some waivers applicable to Next Generation ACOs[2] that waiver some of the prohibition of the laws mentioned above, provided certain conditions are met by the ACOs.  ACOs can benefit from the following fraud related waivers, provided they meet the requirements outlined in the waiver:

  • Next Generation ACO Participation Waiver
  • Shared Savings Distribution Waiver
  • Compliance with the Physician Self-Referral Law (Stark) Waiver
  • Patient Engagement Incentives Waiver
  • AIPBP Payment Arrangement Waiver

The penalties for violating federal anti-fraud laws can be severe, including high dollar penalties to the individual and organizations violating the law. Some violations can result in jail time imposed under 42 U.S. Code § 1320a–7b mentioned above. Because of the high risks associated with inadvertently violating these laws ACOs must carefully review the initiative and waiver requirements to avoid violating federal laws. ACOs should have initiatives and practices that run the risk of violation of federal laws reviewed by their legal or compliance department. Be mindful that the ACO Next Generation waivers only apply to the specific federal laws. They do not act as waivers of state fraud laws. For more information on the Next Generation waivers, see Next Generation Accountable Care Organizations Fraud and Abuse Laws Waivers article.

Complex Relationships and Inherent Risks

ACOs, in general, are risky businesses when it comes to anti-fraud and antitrust laws.  The below graphics depicts the complicated relationships and federal laws risk areas.

If the above graphic overwhelms you, then I made my point. It is meant to be complicated to show the overlapping roles, the inherent conflicts, and various laws that could be implicated in a single relationship. The goal is to trigger analysis of all relationships, the compensation structure, the beneficiary incentives, and the terms of your agreements. Below I discuss some risk areas with the following disclaimers. This is not meant to be an exhaustive list, nor is it a legal opinion. It is a conversation starter for your organization, compliance department, and risk management team.

Inaccurate Quality Data Reporting (False Claims Act and Civil Monetary Penalties)

ACOs must completely and accurately report quality data used by CMS to calculate and assess quality performance. An ACO must meet the quality performance standard for that performance year to be eligible to share in any savings generated. Given that payments to the ACO by CMS are based on the data report, inaccurate reporting may be considered making a false claim in violation of the False Claims Act.

Improper Beneficiary Inducements (Anti-Kickback and Civil Monetary Penalties)

ACOs and ACO providers are prohibited from providing gifts, cash, or other remuneration to beneficiaries as inducements for receiving services, or remaining in an ACO or with a particular ACO provider if such actions violate the anti-kickback statute (knowingly and willfully soliciting, receiving, offering, or paying remuneration for referrals for services that are paid, in whole or in part, under a Federal health care program).

Note: The OIG has interpreted the prohibition to allow Medicare or Medicaid providers to offer beneficiaries inexpensive gifts (other than cash or cash equivalents) or services without violating the Civil Monetary Penalties Act statute. For enforcement purposes, inexpensive gifts or services are those that have a retail value of no more than $15 individually, and no more than $75 in the aggregate annually per patient.

Improper Gainsharing (Civil Monetary Penalties, Stark, and Anti-Kickback)

ACOs are by nature gainsharing arrangements. Stark prohibits physicians who have a financial relationship with an entity from referring patients for certain types of services to that entity. A gainsharing relationship such as an ACO would be considered a financial relationship that falls within the Stark law.

The Anti-kickback statute prohibits entities from offering any form of remuneration to physicians in exchange for referrals. The civil monetary penalty statute prohibits hospitals from directly or indirectly inducing physicians to limit the services provided to Medicare and Medicaid beneficiaries. To avoid violating these federal laws, the arrangement must either fall into an exception (or safe harbor) or qualify for a Next Generation ACO waiver. See Next Generation Accountable Care Organizations Fraud and Abuse Laws Waivers article.

Upcoding and Other Billing Risks (False Claims Act and Civil Monetary Penalties)

The False Claims Act makes it a crime to bill for services that were not performed or that were not medically necessary. Upcoding is a significant risk area for ACOs. Once the benchmark is calculated, an ACO may have an incentive to change its coding practices in ways that would make the patient population appear to be sicker than it previously appeared. Upcoding allows an ACO to obtain a higher risk adjustment, which makes it appear as if the ACO is creating savings (thereby increasing its shared savings) even though it has not made a positive impact. To avoid upcoding issues that create a liability issue for the ACO, ACOs should ensure that their providers are better at identifying patients’ needs, and shifting the way they deliver care, rather than merely upcoding claims to increase a payment.

Other improper billing and coding activities that could violate federal fraud laws include billing for services not provided, which were not medically necessary; services not performed by an improperly supervised or unqualified employee; or services performed by an excluded individual. Also, failing to have proper documentation to support coding and billing should be added to this list of risks.

To learn more about other risk areas, see Next Generation ACO Beneficiary Protections and Risks Explained.


[1] https://www.cms.gov/Newsroom/MediaReleaseDatabase/Press-releases/2017-Press-releases-items/2017-01-18.html

[2] The amended waivers for specified arrangements involving ACOs participating in the Next Generation ACO Model can be access at https://www.cms.gov/Medicare/Fraud-and-Abuse/PhysicianSelfReferral/Downloads/Amended-ACO-Model-Waivers.pdf.  Waivers for the Share Savings Model can be accessed at https://www.gpo.gov/fdsys/pkg/FR-2015-10-29/pdf/2015-27599.pdf. Waivers for specified arrangements involving large dialysis organizations (LDOs) [PDF, 456KB]  participating in the CEC Model can be access at (https://www.cms.gov/Medicare/Fraud-and-Abuse/PhysicianSelfReferral/Downloads/CEC-LDO-Model-Waivers.pdf ). Waivers for specified arrangements involving  small dialysis organizations (non-LDOs) [PDF, 461KB] participating in the CEC Model can be accessed at (https://www.cms.gov/Medicare/Fraud-and-Abuse/PhysicianSelfReferral/Downloads/CEC-Non-LDO-Model-Waivers.pdf)