Kusserow on Compliance: Written policies are necessary to govern compliance communication channels

An organization with an effective compliance program is one whose employees can easily share and receive information about what is expected of them in the workplace and one who provides a means to report compliance issues and violations of standards of behavior. The OIG and DOJ stress the importance of having multiple channels of compliance communication, not limited to hotlines. Without question, the “hotline” is the major avenue of communication for receiving reports of employee concerns, observed unallowable behavior, violations of law/regulations, breach of safety standards, theft, and other wrongdoing. This channel has been further stimulated by the inclusion of web-based reporting in recent years. Other channels by which employees can voice concerns and perceptions can include feedback from training, independent confidential surveying, bulletin boards, suggestion boxes, emailing, exit interviewing, staff meetings, etc. Included with these other channels should be the easy and direct access to managers, as well as the compliance office.

Communication is a two-way street that needs to include feedback and dissemination of information to employees. It is important to share news, announcements, discussions, surveys and anything else with employees. This information needs to come from an accessible place. Many health care organizations use their Intranet as a major communication vehicle. Once the compliance communication channels have been created, it calls for “rules of the road” governing the processes in the form of policies and procedures.

The fact is that there are several related policy documents called for by regulatory authorities as essential to an effective compliance program. These include, but are not limited to, “Duty to Report Policy,” “Non-Retaliation Policy,” “Anonymous Reporting Policy,” “Confidential Reporting Policy,” “Hotline Operations Policy,” “Compliance Investigation Policy,” “Disclosure of Overpayments Policy,” “Disclosure of Violations of Law/Regulations,” and “Compliance Office Confidentiality Policy,” among others. There is also need for policies for proper handling and management of information to guard against leaks, which opens the door to a whole set of policies related to IT and information controls. These policies should be inter-related and mutually supporting. They tell employees of their obligations to report suspected wrongdoing, how to do it, how the information will be acted upon, and what to expect once the report is submitted.

For more information regarding this subject and availability of compliance policy templates, see the Policy Resource Center at www.complianceresource.com.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: FBI reports rise in schemes involving the COVID-19 pandemic

The FBI reported that fraudsters are taking advantage of COVID-19 pandemic to steal your money, personal information, or both. Fraudsters see a vulnerable population scared and looking for help to protect themselves and their families. They are increasingly resourceful and view the current crisis as an opportunity to advance their schemes. Today, many are looking for medical attention, equipment, and supplies. As a result, a new fraud threat involves fake cures or treatments for the virus, many of which can be extremely dangerous or even fatal.

People who are at home and out of work are vulnerable to work-from-home scams where up-front money is requested—such requests are not something a legitimate employer does. One of the most prevalent schemes is where criminals make contacts pretending to be from the government to require mandatory COVID 19 testing in order to gain personal information, money, or to hack into a computer. Other scams involve acquiring personal information under the pretense of determining eligibility to receive government benefits. In some cases, fraudsters are even going door-to-door to try to convince individuals that they need to provide money for COVID-19 testing, financial relief, or medical equipment. The FBI has teams of agents working on these cases and have arrested and filed charges against many engaging in these crimes. They FBI advises everyone to be on the lookout for the following “red flags” involved in email contacts:

  • Unexplained urgency
  • Last minute changes in wire instructions or recipient account information
  • Last minute changes in established communication platforms or email account addresses
  • Communications only in email and refusal to communicate via phone or video
  • Requests for advanced payment of services when not previously required
  • Requests from employees to change direct deposit information

The following tips have been offered to help protect against these schemes:

  1. Be very wary of any attachments or links.
  2. Be suspicious of anyone offering you something that’s “too good to be true”
  3. Beware of contacts purporting to be a government agency requiring taking a COVID-19 test
  4. Beware of individuals offering to sell you a COVID-19 test kit or supplies
  5. Beware of medical professionals requesting payment for treating a friend or relative
  6. Be skeptical of last-minute changes in wiring instructions or recipient account information
  7. Verify addresses of emails from those you know; it may be just one letter difference
  8. Never contact a vendor solicitation via the number provided in the email
  9. Ensure URL in emails is exactly as seen in the past for the business it claims to be from
  10. Be alert to hyperlinks that may contain misspellings of the actual domain name
  11. Accept a medical treatment or virus test only from known doctor or pharmacist
  12. Use extreme caution in online communication
  13. Seek out legitimate sources of information and not accept what is sent without request

For more information, the HHS OIG issued a COVID-19 Fraud Alert Video to warn about several health care fraud scams.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Ninth Circuit reinstates unnecessary admissions whistleblower case

Federal Court established grounds for “medical necessity” fraud cases

A compliance high-risk area worthy of attention

On March 23, 2020, the Ninth Circuit reinstated a False Claims Act (ACA) “whistleblower” suit alleging a hospital and various physicians orchestrated medically unnecessary inpatient admissions resulting in the submission of more than $1.2 million in false claims to Medicare. This reversed the District Court ruling that FCA allegations failed because “subjective medical opinions…cannot be proved objectively false.”

The Circuit Court decision follows others that established the lack of “medical necessity” claims can proceed under the FCA. The qui tam relator in the case alleged that certain admissions to the hospital were not medically necessary and were in fact contraindicated by the patients’ medical records and the hospital’s admission criteria. As a result, the hospital allegedly submitted, or caused to be submitted, Medicare claims that falsely certified that patients’ hospitalizations were medically necessary. The relator was a nurse who reported 65 admissions that “failed to satisfy the hospital’s own admissions criteria” and noted that the admission rate from related nursing homes with was over 80 percent during the relevant time period. The nursing home operator had acquired fifty percent ownership in the hospital that resulted in a spike in admissions from those facilities. After repeatedly attempts to bring the issue to the attention of management, she was fired.

The Court held that a physician’s clinical opinion must be judged by the same standard as any other representation, including whether the physician: (1) knows the clinical opinion to be false; or (2) renders the opinion in reckless disregard of its truth or falsity. This means that a physician’s certification that inpatient hospitalization was “medically necessary” can be false or fraudulent as any opinion that is not honestly held. In short, a false certification of medical necessity can therefore give rise to FCA liability.

Compliance officers at any hospital should make this message known to the executive leadership and medical staff.

 

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: New FBI warning about scammers and the COVID-19 crisis

On March 20th, the FBI issued a new warning to the public about a rise in schemes related to the coronavirus (COVID-19) pandemic. The FBI warned to guard against opening documents and to research sources before clicking on links purporting to provide information on the virus; donating to a charity online or through social media; contributing to a crowdfunding campaign; purchasing products online; or giving up your personal information in order to receive money or other benefits. The FBI specifically warned to look out for fake CDC, NIH, HHS, and CMS emails. The agency noted to be particularly wary of websites and apps claiming to track COVID-19 cases worldwide and phishing emails asking to verify personal information in order to receive an economic stimulus check from the government. The fact is that government agencies are not sending unsolicited emails seeking private information in order to send money. The FBI also urges the public to be cautious of anyone selling products that claim to prevent, treat, diagnose, or cure COVID-19.  Other new scams involve seeking charitable contributions, financial relief airline carrier refunds, fake cures and vaccines, and fake testing kits. Failing to follow this advice can permit fraudsters to use links in emails to deliver malware to computers to steal personal information or to lock the computer and demand payment. With the current crisis, the FBI is concerned that many will lower their guard against scammers and, therefore, need to be reminded about these threats.

Tips for Compliance and Privacy Officers

  • Alert employees to beware of COVID-19 communications
  • Remind employees to not click on email links/attachment, or respond to inquiries
  • Regularly test users to make sure they are on guard
  • Configure email servers to block zip or other files that are likely to be malicious

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.