Cold calling, and solicitation of potential customers generally, is frowned upon except in certain circumstances and must be handled very carefully.
by Neil Caesar

In January, the HHS Office of Inspector General issued an Updated Special Fraud Alert concerning telemarketing by durable medical equipment suppliers. This alert (revised from its original publication in March 2003) reminded the industry that the practice of "cold calling" potential customers, while perhaps a common activity, is nonetheless of great concern to CMS, the OIG and the National Supplier Clearinghouse.

New, overbroad language in the fraud alert created a flash storm over the legality of certain standard physician referral practices for DMEPOS. This controversy soon died down as CMS clarified the new language. But amid the turmoil and its aftermath, HME suppliers must not forget the rule at the heart of the controversy: Cold calling, and solicitation of potential customers generally, is frowned upon except in certain circumstances and must be handled very carefully.

The cold calling rules extend not only to sales activities but also to lead generation contracts and even existing customer relations. Violation of the rules implicates the DMEPOS Supplier Standards, HIPAA privacy laws and federal anti-fraud statutes. It even shapes the ability of former employers to swipe customers after their departure.

The basic Medicare cold calling rule imposed upon DMEPOS suppliers is set out in Supplier Standard 11. It prohibits a supplier from impermissibly contacting potential customers by telephone. Exceptions to this prohibition are limited to (1)when the supplier has an existing relationship with the patient, or one within the past 15 months; (2) when the company has received "written permission" from the potential customer for the contact concerning the furnishing of a particular item; or (3) when the supplier is contacting the beneficiary to coordinate the delivery of the covered item.

In 2008, CMS released proposed changes to the Supplier Standards. While these new standards were never implemented, they are very important to any discussion of cold calling, because CMS made clear at the time that it currently interpreted Supplier Standard 11 to have a broader interpretation than a literal reading would suggest.

Specifically, CMS stated that it currently interpreted that standard to include not only telephone solicitations of new business but also in-person contacts and, perhaps, some Internet contact as well. Written permission remained a key requirement to get past this expanded prohibition. Because CMS characterized the expansion as a "clarification" of the standard and not a "modification" (as it had done with a number of other proposed changes), the agency in effect took the position that the expanded rule was already in effect (though, arguably, not well stated).

This is important, because whenever CMS indicates an intent to revise one of its rules, it usually means that CMS is concerned with abuse of that rule. Even though the 2008 Supplier Standard revisions were never implemented, CMS' emphasis of its expanded interpretation suggests an enforcement crackdown over the next few years. Also, in its commentary to the proposed revision, CMS emphasized that violations would allow it to revoke the supplier's billing privileges and, further, to "determine if such billing may be for fraudulent or unnecessary supplies."

Thus, it was clear in 2008 — and is still clear today — that CMS views cold calling abuses as evidence of potential fraud because of the potentially coercive message used.

So, for example, the cold call rules would allow a potential customer who approaches a sales rep at an educational seminar or job fair and fills out a card requesting further communication to be contacted in person, by phone, by mail or by email. But, if Jane Doe asks the company to contact her friend Mary, such contact would not be permitted other than by mail, unless or until Mary herself consented in writing to the cold call. The company rep would be allowed to give literature to Jane to pass on to Mary, or a request for a contact card or an email address for Mary to use to request further contact. Jane could also ask for further contact for herself to gather more information to pass on to her friend.

I realize that Supplier Standard 11 is explicitly limited to prohibiting telephone contacts. Certainly one could argue that CMS' 2008 "clarification" is overbroad, and that the current language in Supplier Standard 11 does not permit such an aggressive interpretation. But at a minimum, it is clear that CMS does not want to limit the standard to telephone impropriety, and views — or intends to view, or would like to view — aggressive Internet and in-person contacts as equally abusive.

Anti-Fraud Dangers

In addition to the Supplier Standard rules, unsolicited telephone calls to Medicare beneficiaries by DME suppliers are also prohibited specifically by Section 1834(a)(17)(A) of the Social Security Act. The provisions of this anti-fraud rule are very similar in language to that of Supplier Standard 11. The statute prohibits payment to a supplier that knowingly submits a claim generated pursuant to a prohibited telephone solicitation. Because of this, the OIG considers such claims for payment to be "false" and potentially subject to criminal, civil and administrative penalties.

In 2003. the OIG published a Special Fraud Alert that reminded suppliers about this prohibition. Further, at the time the OIG responded to "credible information" it had received that "some DME suppliers continue to use independent marketing firms to make unsolicited telephone calls to Medicare beneficiaries to market DME, notwithstanding the clear statutory prohibition. Suppliers cannot do indirectly that which they are prohibited from doing directly," the OIG emphasized.

In January 2010, the OIG recirculated the 2003 alert, adding some new language: "The OIG has also been made aware of instances when DME suppliers, notwithstanding the clear statutory prohibition, contacted Medicare beneficiaries by telephone based solely on treating physicians' preliminary written or verbal orders prescribing DME for the beneficiaries. A physician's preliminary written or verbal order is not a substitute for the requisite written consent of a Medicare beneficiary."

This new language seemed to fly in the face of standard referral procedures. Did the OIG really mean that a supplier could not telephone a patient referred by a physician via a preliminary phone or fax order? Was the patient now going to be required to sign a new form at the physician's office to consent to the supplier's call?

There was a substantial and sustained outcry from the industry almost immediately. In response, CMS issued some "Telemarketing Frequently Asked Questions" to clarify the meaning of the new language. In this document, CMS allowed that, if a physician contacts a supplier on behalf of a beneficiary, and if the beneficiary knows of this contact, then the supplier may contact the beneficiary to confirm or gather information needed to provide the covered item. Such contact would not, in fact, be considered "unsolicited." CMS clarified that the beneficiary does not even need to know which supplier has been recommended, simply that "a supplier" will be contacting the beneficiary regarding the prescribed covered item.

On the other hand, if the beneficiary does not know that the physician will be contacting a supplier on his or her behalf, then that contact is considered "unsolicited" and probably prohibited by the anti-solicitation statute and/or by Supplier Standard 11. Also, CMS made clear that the initial contact may only discuss the prescribed covered item. The supplier is prohibited from attempting to solicit the purchase of additional covered items, since the supplier only has permission to contact the beneficiary regarding the specific prescribed product. Only after the covered item has been delivered to the beneficiary may there be further communication about other products or services.

I believe that the OIG's modification of its 2003 Special Fraud Alert was not handled well. Certainly there are some officials within CMS who believe the DME industry is rife with suppliers who carelessly violate the rules, and it is possible that their perspective persuaded the OIG that there were problems with the physician referral process for DME. Certainly the FAQs that CMS distributed shortly thereafter displayed significant backtracking, an attempt to suggest that the OIG didn't really mean what it clearly seemed to say.

Regardless, the events of the first quarter this year demonstrate that the government is concerned about cold calling abuses and believes that abuses can start at the inception of the referral process. For this reason, suppliers should evaluate whether it makes sense to "collect and maintain documentation from the physician reflecting that the physician has contacted the supplier with the beneficiary's knowledge." Even though CMS suggested that such an effort was not required, it may be a wise business decision for evidentiary purposes.

Looking at the Rules

Beyond the narrow proscriptions of the anti-solicitation statute, the Federal Anti-Kickback Statute (AKS) disallows the payment of commissions (or any kind of productivity-based compensation) to any independent contractor who generates government-reimbursed business for a supplier. This statute prohibits a person or entity from knowingly, willfully or recklessly offering to pay anything of value in order to induce another person or entity to refer a patient for, or to arrange for the furnishing of, any item payable under a federal health care reimbursement program.

The statute exempts payments made to employees. Thus, a supplier may reward its bona fide employees for bringing in new customers by means of commissions, bonuses or any other sort of payment mechanisms. However, the statute has no such exemption for independent contractors.

The OIG has made it clear on many occasions that any payment mechanism between the supplier and an independent contractor for purposes of selling government-reimbursed items or services potentially implicates the AKS, "irrespective of the methodology used to compensate the agent." The OIG has clearly and repeatedly stated its "long-standing concern with independent sales agency arrangements."

The only way the OIG is comfortable with a supplier paying a salesperson "on the basis of the amount of business they generate" is to make such people employees, "where [the supplier] can and should exert appropriate supervision of the individual's acts." This makes it obvious the government's concern with cold calling procedures in particular is part of an overall concern with compensation tied to business generation.

Leads Contracts

The cold calling rules also present special problems for contracting companies that generate lists of leads for the DME supplier to pursue. "Leads" are potential customers for the HME company, people who have indicated an interest in products or services but have not yet made any decision. While such leads can be acquired by sales employees, they can also come from independent contractors or in lists purchased from organizations that gather the information for resale.

The cold call rules are important when developing or pursuing leads. In order for an HME company to be permitted by the Supplier Standards and by anti-fraud rules to contact a potential lead, it must be clear that the lead has consented to the contact. Sometimes a potential customer may demonstrate consent by submitting a card expressing interest in a particular product line or service. Written consent may also include subsequent permission to be contacted by the HME company once the lead company is able to verify the potential customer's interest in the HME company's products.

Special conditions arise with Internet leads, because the legal effect of a lead customer clicking on a hyperlink or a "yes" box on an Internet website is far less clear. Was the click evidence of consent, or simply a mistake? Potential Internet leads should go through a process that verifies that they intend to ask for further communication by affirmatively "opting in" to the communication, double-clicking their consent, and so forth.

The AKS also prohibits compensating independent contractors who generate customers in a manner that reflects the volume or value of their referrals. The OIG issued an Advisory Opinion in November 2008 concerning Internet leads that seems to draw an important distinction between prohibited referrals and acceptable lead-generating mechanisms.

According to the opinion, payments for leads may be acceptable as long as there is no pressure put on the lead and as long as the lead is "unqualified," that is, there has been no verification of medical condition, insurance coverage or other information necessary before the supplier will be able to provide reimbursable services to that person. "Leads" are acceptable. "Referrals" are not. The difference between the two can be subtle, but the subtleties are important.

HIPAA and Cold Calling

HIPAA's privacy laws also apply to cold calling. HIPAA prohibits the disclosure or use of protected health information (PHI) except as specifically permitted or required by the rules. Such PHI includes information created or received by an HME company when the information identifies the person specifically and relates to: the provision of health care for the person; or to past, present or future payments for services; or to past, present or future medical conditions. If a cold call contact results in PHI being communicated to a DME company, then HIPAA will apply.

So, even though a potential customer is allowed to give out PHI to a lead company or independent contract via a telephone conversation or Internet checklist, etc., the lead company is only permitted to pass on that information to an HME supplier if the customer has consented to that release. HIPAA considers such communication "marketing," and permits it only if written authorization from the lead is obtained prior to the transmission of the information. Once again, explicit written consent is key.

Swiping Customers

Over the years, many suppliers have complained about customer theft when companies lose key personnel to competitors. When an employee jumps ship, that person often will try to take customers with whom he or she has had a relationship over to the competition. Too often in the past, if an HME company tried to fight this misappropriation, the new employer would threaten to tie the fight up in expensive litigation, so the previous employer would usually back away.

However, those customers belong to the HME company, and not to the former employee. The relationship is with the company, not the person. Therefore, if the departing employee communicates with previous customers, he or she must do so in a manner that does not violate the cold calling rules.

An improper cold call would subject the new employer to potential revocation of billing privileges because of the violation of Supplier Standard 11. It would subject both the new employee and the former employee to investigation for fraudulent billing because of the anti-solicitation statute and the AKS. It would subject the new employer to HIPAA penalties because of unlawful use of PHI.

Thus, recent clarifications and developments with the cold call rules give employers who lose key personnel an important weapon to use when protecting their proprietary customer information.

Don't Be Indifferent

Cold calling compliance should be well documented on an ongoing basis. Upcoming ZPIC and RAC audits may well include an evaluation of such compliance in their supplier reviews. While it is important for HME companies to continue to reach out to potential customers, the legal issues raised by careless indifference to the cold call rules can be real and substantial. Only care and caution will yield big dividends without big risks.

Neil Caesar is president of the Health Law Center (Neil B. Caesar Law Associates, PA), a national health law practice in Greenville, S.C. He also is a principal with Caesar Cohen Ltd., which offers compliance training, outsourcing and consulting and the author of the Home Care Compliance Answer Book. You can reach him at 864/676-9075 or ncaesar@healthlawcenter.com.

Supplier Standard 11

According to Supplier Standard 11(listed in 42 C.F.R. pt. 424, sec. 424.57c), DMEPOS suppliers:

Must agree not to contact a beneficiary by telephone when supplying a Medicare-covered item unless one of the following applies:

  1. The individual has given written permission to the supplier to contact them by telephone concerning the furnishing of a Medicare covered item that is to be rented or purchased.

  2. The supplier has furnished a Medicare-covered item to the individual and the supplier is contacting the individual to coordinate the delivery of the item.

  3. If the contact concerns the furnishing of a Medicare-covered item other than a covered item already furnished to the individual, the supplier has furnished at least one covered item to the individual during the 15-month period preceding the date on which the supplier makes such contact.