Kusserow on Compliance: Health care mergers and acquisitions due diligence

Hardly a day passes when the press does not report on a new merger or acquisition in the healthcare sector.  Some of these are monumental in scope, but most relate to individual hospitals, facilities, or entities.  The number of hospital and health system mergers and acquisitions continued their upward trend in the first quarter of 2017, with an eight percent increase from 25 to 27 transactions compared to the first quarter of 2016.  This trend is likely to continue and is stimulated by health care reform that will likely result in more consolidation and integration among hospitals and physician practices.  There are two common types of due diligence; financial and legal.  However, the highly regulated nature of the health care industry requires a third type; regulatory due diligence to avoid discovering and having to make disclosures of regulatory violations and overpayments of millions of dollars.

Financial and Legal Due Diligence

Due diligence reviews generally focuses on financial accountability and legal liabilities. An independent accounting firm focuses on reviewing and evaluating the balance sheets, income statements, audit reports, and cash flow statements and projections in measuring financial viability. There are many very competent public accounting firms that specialize in this type of work. For legal due diligence, the focus is on examining the entity’s structure; business permits and/or approvals; employment and labor law compliance; environmental law approvals, permits and compliance; contractual rights and obligations; intellectual property rights and obligations; real property law compliance; securities and financing regulatory compliance; tax exposure risks; consumer protection law and exposure risks; and/or licenses; previous and/or current litigation; media reports; and external consultants and/or advisors. There are an abundant number of law firms that provide high quality services in this type of work.  What is often missing is focusing on the potential health care regulatory and legal compliance issues.

Health Care Regulatory Due Diligence

In the health care sector, things are more complicated, wherein health care facilities are subject to a tremendous number of state and federal laws and regulations that govern how business must be conducted. As such, there are significant risks that a purchaser can inherit serious regulatory liabilities without checking to see how the entity is complying with these rules. With the right experts with experience in doing this kind of work, the time and costs for the due diligence review be only a small fraction of the costs of either a financial or legal review. The reason is simple: financial and legal due diligence involves detailed examination of a large volume of information. Regulatory compliance experts know exactly where to look for any weaknesses without having to do a “deep dive.” As such, it is difficult to imagine why a party looking to make an acquisition would not want a regulatory due diligence. High on the list for any reviews should be arrangements with referral sources—the highest enforcement priority of both the DOJ and OIG for many years—and review of the claims processing system and controls to ensure that there are not regulatory issues waiting to be discovered by CMS contractors or enforcement agencies.  In virtually all cases, problems will be identified that in very few cases would interfere with the decision to acquire, but is very likely to not only avoid a future liability but puts on the table additional tools to improve the negotiation terms and conditions.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Use of temporary compliance and privacy officers

By now every health care provider is aware of the need for an effective compliance program under direction and management by a compliance officer, as well as a privacy officer to ensure HIPAA compliance. It is common these days for organizations to have compliance and privacy officer vacancies as result of a retirement, termination, someone changing jobs, or any other of a dozen reasons. Sometimes it may have been triggered by an audit or investigation by the HHS Office of Inspector General (OIG), Department of Justice (DOJ), HHS Office for Civil Rights (OCR), or a CMS contractor. In other cases, a board or new executive leadership may wish to use proven experts to promote and/or elevate the programs to a higher level. Regardless of the reason, the departure of a long time incumbent creates a vacuum that needs to be filled quickly for day to day management and responding to emerging issues to avoid serious problems and potential liability. The worst time to have a vacancy is when entering the holiday season and the end of the calendar year. For a variety of reasons, it is a time when many problems and issues arise needing prompt attention.

Steve Forman, CPA, is an expert on the subject with over 25 years as a healthcare compliance officer and consultant, including serving on multiple occasions as an interim compliance officer.  He notes that the sudden departure of a compliance or privacy officer makes the problem of finding someone properly qualified in a timely manner a serious issue. Confronted with a rapidly evolving regulatory and enforcement environment, health care organizations cannot afford to take the chance on having a gap in these positions. When such a gap occurs, engaging an expert on a short term engagement can hold the reigns of the program together, while a permanent replacement is found. Using a properly qualified outside expert presents a lot of advantages.  They can bring the experience of having served in other organizations and dealing with many of the same issues already addressed by prior jobs. It is also important that they have not been invested in any prior decisions, nor have they been aligned with any parties in the organization.  Most importantly, they bring “fresh eyes” to the program. They can provide objective assessment on the state of the compliance program, offer suggestions, and give guidance for improvements.

Suzanne Castaldo, JD, who specializes in providing interim compliance and privacy officers for healthcare clients, noted that clients to whom she has provided interim officers, usually take three to five months to find that hire a permanent replacement with necessary experience and qualifications. When they seek temporary officers, she provides experienced professionals with previous experience as a compliance or HIPAA privacy officer. Over the last 25 years, her firm has worked with over 3,000 health care organizations in building, evaluating, managing, and building compliance program that provide a unique level of knowledge and expertise. Using the right professional with a lot experience and technical skills can make significant improvements for any compliance program in a relatively short order.

Camella Boateng is another highly experience compliance professional who has served as an interim compliance and privacy officer for several organizations. She has found that organizations have a tendency to understate the needs in the vacant position.  In every case where she has been called upon to fill a vacancy, she has encountered serious problems that were hidden or not recognized by the organization. In fact, these unattended problems often were the reason for the departure of the incumbent. As such, those seeking temporary compliance or privacy officers require more than someone just to monitor and manage day to day work. They should look to added benefits and services an outside expert can bring, including providing an independent assessment of the status of the compliance program and high-risk areas warranting attention. Before leaving the engagement they can develop a “road map” for the incoming compliance officer to follow. All this can result in developing comprehensive briefings for management and board on the state of the program

Lisa Shuman is a consultant that has served as an interim privacy officer for organizations. She observed that the work flow is different from that of a compliance officer. She has found from her experience that most engagements can be part time with much of the work done remotely.  The first month usually involves focusing on reviewing adequacy of existing policies, procedures, controls, and training content. After that, the work focuses primarily on privacy violation investigations that arise, however, it is important that the interim privacy officer be available at any time to deal with issues

 

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Questions Boards should be asking their compliance officer

Effective compliance programs require top-down commitment beginning at the Board level to oversee and support its implementation and operations.  The Board should have a committee to do this. The OIG compliance guidance calls for a Board level committee to oversee the Compliance Program (CP). The HHS Inspector General, General Dan Levinson has noted that the best boards as those that are active, questioning, and exercise (constructive) skepticism in their oversight. He further stated that Boards have a duty to ask probing questions about the operation of the Compliance Program, including how the compliance reporting system works and what reports they can expect on the reporting of compliance issues. They have a duty to ask probing questions about the goals and objective of the compliance program. The problem for most Boards is to know what type of questions they should be asking. Compliance Officers should assist them with this problem; however they in turn should be prepared to provide full and complete answers to them. The OIG and American Health Lawyers Association developed specific suggested questions that Board’s should be asking about the compliance program that the compliance officer should be prepared to provide proper responses to them. They jointly produced “Corporate Responsibility and Corporate Compliance: A Resource for Health Care Boards of Directors” and “Corporate Responsibility and Health Care Quality (2007): A Resource for Health Care Boards of Directors.” The following are drawn from these advisory documents:

  1. Does the compliance officer have sufficient authority to implement the program?
  2. What are the resources necessary to properly implement operate the program?
  3. Has compliance officer been given the sufficient resources to carry out the mission?
  4. Have compliance-related responsibilities been delegated across all levels of management?
  5. What evidence is there that all employees held equally accountable for compliance?
  6. How has the code been incorporated into corporate policies across the organization?
  7. What evidence is there that the code is understood and accepted across organization?
  8. Has management widely publicized importance of the code to all of its employees?
  9. Are there compliance-related policies that address operational compliance risk areas?
  10. Are there policies/procedures for the compliance program operation?
  11. How often are compliance-related policies reviewed and updated?
  12. What is the scope of compliance-related education and training?
  13. What evidence is there of the effectiveness of compliance training is effective?
  14. What measures are taken to enforce training mandates?
  15. What evidence that employees understand what is expected of them regarding compliance?
  16. How is compliance risks identified?
  17. What is the evidence that identified compliance risks are being addressed?
  18. How is the compliance program structured to address such risks?
  19. Does the compliance program undergo periodical independent effectiveness evaluation?
  20. What is the process for the evaluation and responding to suspected compliance violations?
  21. What kind of training is provided to those who conduct investigation of reported violations?
  22. How does Compliance, HRM & Legal Counsel coordinate resolving compliance issues?
  23. What are the policies to ensure preservation of relevant compliance program documents and information?
  24. What policies address protection of “whistleblowers” and those accused of misconduct?
  25. What are the results of ongoing compliance monitoring by all program managers?
  26. How is ongoing compliance auditing being performed and by whom?
  27. How often is sanction-screening conducted with what results?
  28. What are the results from sanction-screening and are they certified by responsible parties?
  29. Has the compliance program been evaluated for effectiveness by a qualified independent reviewer?
  30. What evidence is there concerning hotline operation and follow-up investigations?
  31. What are the metrics being used to evidence compliance program effectiveness?
  32. What are the results of an independent review and assessment of the compliance program?

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: October 2017 Work Plan update

This year, the OIG is updating their annual Work Plan during the year, rather than annually. The Work Plan sets forth various audits and evaluations that are underway or planned during the fiscal year and beyond. The updates will include the addition of newly initiated Work Plan items and removal of completed items. In conducting its work, the OIG assesses relative risks in HHS programs and operations to identify those areas most in need of attention. In evaluating potential projects to undertake, the OIG considers a number of factors, including mandates set forth in laws, regulations, or other directives; requests by Congress, HHS management, or the Office of Management and Budget; top management and performance challenges facing HHS; work performed by other oversight organizations (e.g., GAO); management’s actions to implement OIG recommendations from previous reviews; and potential for positive impact. In addition to working on projects that often result in audits, reviews, and reports, the OIG also engages in a number of legal and investigative activities that are separately reported.

5 New Projects Added

  1. Secretary Price’s Use of Chartered Aircraft for Federal Travel. Federal Travel Regulations provide limited instances in which chartered aircraft can be used for official Government business. OIG initiated a review of HHS Secretary Price’s use of chartered aircraft for Federal travel. He subsequently resigned and agreed to payback funds improperly expended.

 

  1. Specialty Drug Coverage and Reimbursement in Medicaid. Medicaid spending on specialty drugs has rapidly increased. There is no standard definition for specialty drugs. They may be expensive; be difficult to handle, monitor or administer; or treat rare, complex or chronic conditions. OIG plans are to determine states’ definitions of, and payment methodologies for, Medicaid specialty drugs and determine how much states paid for specialty drugs; and review strategies that states use to manage specialty drug costs, such as formularies, cost sharing, step therapy, and prior authorization.

 

  1. FDA Oversight of Risk Evaluation and Mitigation Strategies to Address Prescription Opioid Abuse. Opioid abuse and overdose deaths are at epidemic levels in the United States. The FDA has been provided legal authority to require pharmaceutical companies to develop Risk Evaluation and Mitigation Strategies (REMS), when the FDA determines that the risk of using a drug outweighs its benefit. Through the REMS program, the FDA intends to “increase the number of prescribers who receive training on pain management and safe prescribing of opioid drugs in order to decrease inappropriate opioid prescribing.” The OIG will conduct an evaluation on how the FDA determined the need for opioid REMS and determine the extent to which they have held pharmaceutical companies with required opioid REMS accountable for REMS assessments. The OIG also plans to determine the extent to which the FDA has held opioid REMS sponsors accountable for REMS goals to mitigate risks of misuse, abuse, addiction, overdose, and serious complications because of medication errors.

 

  1. Drug Traceability Test. Potentially dangerous drugs, including diverted, counterfeit, and imported unapproved drugs, can enter the supply chain and pose a threat to public health and safety. The Drug Supply Chain Security Act (DSCSA) provides the FDA and others with new tools to prevent the introduction of harmful drugs into the supply chain and to identify and remove them. DSCSA requires trading partners to exchange drug product tracing information when they take ownership of drugs, resulting in a tracing record that the FDA and others can use to investigate suspect and illegitimate drugs. Ensuring that DSCSA’s drug product tracing requirements function as intended will help the FDA respond effectively to potentially harmful drugs in the supply chain. The OIG plans to determine the extent to which selected drugs can be traced from the dispenser back to the manufacturer. This study—part of OIG’s body of work in this area—builds on the OIG’s previous examinations of trading partners’ early experiences exchanging drug product tracing information by testing the accuracy of those tracing records.

 

  1. Review of Medicare Payments for Bariatric Surgeries. Bariatric surgery is performed to treat comorbid conditions associated with morbid obesity. Medicare Parts A and B cover certain bariatric procedures if the beneficiary has (1) a body mass index of 35 or higher, (2) at least one comorbidity related to obesity, and (3) been previously unsuccessful with medical treatment for obesity. Treatments for obesity alone are not covered. The Comprehensive Error Rate Testing program’s special study of certain Healthcare Common Procedure Coding System codes for bariatric surgical procedures found that approximately 98 percent of improper payments lacked sufficient documentation to support the procedures. OIG auditors will review supporting documentation to determine whether bariatric services performed met the conditions for coverage and were supported in accordance with federal requirements.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.