In March 2003, the OIG issued a special fraud alert addressing telemarketing by DME suppliers. 68 Fed. Reg. 10,254 (Mar. 4, 2003). The primary purpose of the special fraud alert was to call attention to the statutory prohibition against DME suppliers making unsolicited telephone calls to Medicare beneficiaries regarding the furnishing of covered items. 42 U.S.C. § 1395m(a)(17).

Specifically, federal law prohibits DME suppliers from making unsolicited telephone calls to Medicare beneficiaries regarding the furnishing of covered items, except in three situations: (1) the beneficiary has given written permission to the supplier to make contact by telephone; (2) the contact is regarding a covered item the supplier has already furnished the beneficiary; or (3) the supplier has furnished at least one covered item to the beneficiary during the last 15 months. The law expressly prohi-bits payment to a DME supplier who knowingly submits a claim generated by a prohibited telephone solicitation.

In the special fraud alert, the OIG warns that it has received reports of some DME suppliers using independent marketing firms to make unsolicited telephone calls to Medicare beneficiaries to market Medicare-covered DME. The OIG states in no uncertain terms that "[s]uppliers cannot do indirectly that which they are prohibited from doing directly." 68 Fed. Reg. at 10,255.

Not only does the OIG state that the law prohibits unsolicited telephone contacts by DME suppliers as well as telemarketers on behalf of DME suppliers, but the OIG goes on to assert that DME suppliers should be "responsible for verifying that marketing activities performed by third parties with whom the supplier contracts ...do not involve prohibited activity." 68 Fed. Reg. at 10,255. Moreover, the OIG claims that DME suppliers should ensure "that information purchased from such third parties was neither obtained, nor derived, from prohibited activity." Id. The OIG also warns that both the DME supplier and the telemarketer are potentially liable for criminal, civil, and administrative penalties for causing false claims to be submitted.

The special fraud alert raises a couple of interesting issues. First, the standard under 42 U.S.C. § 1395m(a)(17) is whether the supplier knowingly submitted a claim generated through a prohibited telephone solicitation. Although knowingly is not explicitly defined in this statute, the OIG seems to be taking the position that it means the DME supplier either knew or should have known. With regard to the liability of DME suppliers, the OIG appears to be attempting to use the special fraud alert platform to establish a standard of care for DME suppliers. By stating in the DME telemarketing special fraud alert that DME suppliers are responsible for verifying marketing activities performed by telemarketers on behalf of the supplier as well as the results of general marketing activities that are used by the DME supplier, the OIG is setting the stage to argue in a future enforcement action that if a DME supplier failed to supervise telemarketers then they "should have known" the information from the telemarketers was gathered through inappropriate telephone solicitations. With regard to the liability of the telemarketers, the OIG is moving beyond the confines of 42 U.S.C. § 1395m(a)(17), which on its face only applies DME suppliers. It would seem that the OIG must be relying on broader language from the general False Claims Act that prohibits "causing to be submitted" false claims.

The second interesting issue raised by the special fraud alert is the interplay between 42 U.S.C. § 1395m(a)(17) and the limitations on marketing imposed by the HIPAA privacy rules. HIPAA expressly requires an authorization to use or disclose protected health information for any marketing communications, except in two circumstances: (1) when the communication occurs in a face-to-face encounter between the covered entity and the individual; or (2) the communication involves a promotional gift of nominal value. 45 C.F.R. § 164.508(a)(3). [For a more detailed discussion of HIPAA and marketing, see Janet DiAntonio and Jim Wieland's article, "Marketing Under HIPAA," which appeared in the Fall/Winter 2002 issue of the Health Law Alert.] Neither of these exceptions seems applicable to the prohibition against telephone solicitations. However, the definition of marketing contains three exceptions that appear to give some latitude to DME suppliers. In general, marketing is defined as any "communication about a product or service that encourages recipients of the communication to purchase or use the product or service." 45 C.F.R. § 164.501. Yet, it does not include communications made: (1) to describe a health-related product or service that is provided by the health care provider making the communication; (2) for the treatment of the individual; or (3) for the case management or care coordination for the individual, or to direct or recommend alternative treatments, therapies, health care providers, or settings of care to the individual. Id.

In developing policies and procedures on appropriate telemarketing activities, DME suppliers must carefully consider both the OIG's DME telemarketing special fraud alert and the HIPAA privacy rule. Although HIPAA would appear to permit unsolicited telephone calls to describe a health-related product or service provided by the DME supplier or to recommend alternative treatments, the prohibition against unsolicited telephone calls could nonetheless prohibit such calls unless the beneficiary has given a written authorization, the call is about an item already furnished to the beneficiary, or the DME supplier has furnished at least one covered item to the beneficiary during the preceding 15 months.