Kusserow on Compliance: Addressing the risk of whistleblowers

The DOJ recently reported the fact that 93 percent of its successful civil false claims court actions arose by qui tam relators (whistleblowers) bringing the case to the DOJ’s attention. As such, it is important to understand better how to address the risk of having that happen to your organization. Key factors to be considered are the motivation of most whistleblowers and how to channel them to report internally, rather than going to outside authorities.

Tom Herrmann, JD, while at the OIG, was responsible for coordinating whistleblower cases with the DOJ.  He noted that the common practice for the DOJ, upon receiving a complaint from a qui tam relator, is to have the OIG conduct the preliminary investigation on their behalf. Inasmuch as these False Claims Act (FCA) cases were civil in nature, it was not the usual course to involve the FBI.  As such, he had the opportunity to review the initial complaints and often times meet or discuss with the relator about what caused them to report the problem. He found that there were many reasons given by individuals for becoming qui tam relators. e HhOnly a few qui tam relators indicated their motivation was for the potential reward coming from the case. The most common statement was that because they were unable to obtain a credible, internal reporting channel, they decided to report externally. Credence was given to this as a major motivating factor by the fact that in many cases they did find evidence of many Whistleblowers having reported the problem internally first, and moved to report externally when inadequate attention was give to their complaints. There were also whistleblowers who stated they were motivated by ethical considerations and felt they could not justify allowing a bad situation to continue without taking some sort of action.

Steve Forman, CPA, has over 30 years experience with the OIG, as a compliance officer, health care consultant. He found many situations where an employee’s reporting a potential violation of law, regulation, or organization Code or policy was the subject of adverse action or reprisal.  In some cases, the whistleblower moved to a legal course of action to protect themselves.  Unfortunately, it is not uncommon to find members of management engaging in retaliatory actions against employees trying to expose wrongdoing. In some cases, these same people turned to attorneys who led them to become qui tam relators. A key factor in managing the risk of having a whistleblower is to understand what motivates them to go externally with and report a problem; and try to channel them to resolve the issue internally.  It is also important to remember that making the decision to report a problem to the compliance officer is viewed as taking considerable risk with regards to their job, reputation with their fellow employees, and their future financial security.  Reassurance of protection against retaliation is critical. However, for some, that may be not enough.  This means the option to report anonymously is also important.

Carrie Kusserow has overseen many IRO and Compliance Expert engagements with clients who signed Corporate Integrity Agreements with the OIG. She noted that in several cases, while carrying out the duties of the engagement, her consultants identified the original whistleblower and found in several cases they had tried to raise the issues internally, before deciding to go outside the organization and become a qui tam relator. In other cases, the whistleblower reported not trusting the hotline or compliance office to protect them against retaliation. The lesson to be learned about avoiding external whistleblowing is to ensure that internal compliance channels operate credibly and properly. This also means taking prompt action to follow on any complaints or allegations of wrongdoing. It also means that strong policies and procedures to protect individuals reporting potential wrongdoing must be implemented and followed. This includes permitting employees to be able to report anonymously or if they do identify themselves that they will be detected in their confidentiality law.

Tips for Compliance Officers

  1. Ensure reporting suspected wrongdoing is stressed in the code, policies and training
  2. Review and update hotline-related polices/procedures (confidentiality, anonymity, non-retaliation, duty to report, etc.)
  3. Ensure a 24/7 hotline operated externally, as internal ones are less trusted and unavailable at all times
  4. Look to expand and increase compliance communication channels beyond just the hotline
  5. Promote the reporting of wrongdoing (newsletter, intranet, training programs, etc.)
  6. Find ways to provide feedback so that employees know reporting is taken seriously
  7. Consider engaging experts to evaluate compliance communication channels effectiveness
  8. Allegations of potential violations of law or regulations must be promptly investigated
  9. Ensure that individuals are trained and competent to conduct prompt investigations
  10. Disclose promptly all cases where investigation indicates potential violations
  11. Review and update investigation and resolution of allegations polices/procedures
  12. Take appropriate disciplinary action against identified wrongdoers
  13. Consider having on call experts in conducting investigations to assist if needed
  14. Understand CMS and OIG self disclosure protocols that may avoid FCA investigation
  15. Ensue investigations finding of potential violations of law are promptly disclosed to the DOJ

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Measuring the compliance culture

The OIG, DOJ, and other oversight agencies believe the compliance program should be a change agent in promoting a culture of compliance that creates an environment less likely to have regulatory or enforcement problems. This means establishing a culture where everyone in the work environment embraces and adheres to a set of shared attitudes, values, goals, and practices that characterizes an institution or organization when it comes to compliance with laws, regulations, rules, standards, codes of conduct, and policies. The OIG in its compliance-program guidance for hospitals states that “fundamentally, compliance efforts are designed to establish a culture . . . that promotes prevention, detection and resolution of instances of conduct that do not conform to federal and state law, and federal, state and private payor health care program requirements, as well as the hospital’s ethical and business policies.” Today, however, both the DOJ and OIG continue to encounter organizations that have a compliance program on paper, but lacking in quality, commitment, and ethics—a culture of compliance. It is therefore logical that compliance officers find means to evidence that the culture of the organization matches the compliance goals and be able to evidence this, if and when, they are challenged to do so.

One way to gain understanding of the compliance culture is through a survey which tests understanding and acceptance of the compliance program. This is among the best means for evaluating, evidencing, and benchmarking the overall compliance program effectiveness. Using surveys is also one of the two methods suggested by the OIG in its Compliance Program Guidance for Hospitals and Supplemental Guidance for Hospitals.  The OIG noted that “as part of the review process, the compliance officer or reviewers should consider techniques such as . . . using questionnaires developed to solicit impressions of a broad cross-section of the hospital’s employees and staff.” The OIG further reinforced this by stating it “recommends that organizations should evaluate all elements of a compliance program through “employee surveys.” In the 2018 SAI Global/Strategic Management Compliance Benchmark Survey of compliance programs, respondents indicated that one-third of organizations with compliance programs survey their work force on compliance issues. However, only a minority of them use professionally developed and tested surveys, relying upon internally generated and administered ones that do not carry the same level of credibility.

Steve Forman, CPA has been using compliance culture surveys for the last twenty years as a compliance officer and as a compliance consultant. He believes that one of the best and most inexpensive methods for evaluating, evidencing, and benchmarking compliance program effectiveness is through a compliance culture survey that measures employee perceptions of ethical culture and/or the compliance program. He likes using this type of survey, alternately with a compliance knowledge survey that tests employee knowledge of the program. Results from a professionally administered survey provide a very powerful and credible report to the compliance oversight committees, as well as to any outside authority questioning the program.  Such surveys can also identify relative strengths in the compliance programs, as well as those areas requiring special attention that are invaluable for compliance officers.

Jillian Bower Concepcion has many years experience in administering compliance surveys, as well as serving as interim compliance officer. She explained that culture surveys focus on the beliefs and values which guide the thinking and behavior of employees within an organization. They are usually presented in a Likert Scale format that offer a series of gradation where respondents are asked whether they “Strongly Disagree,” “Disagree,” are “Neutral,” “Agree,” or “Strongly Agree,” with the statement presented in each item. She notes it is highly advisable to use a valid and independently web-based administered survey that has been tested over many organizations and ensures participant confidentiality. Using a professional survey service specializing in health care compliance is surprisingly inexpensive and less costly than developing and delivering a survey in house, that doesn’t carry the same level of credibility. The Compliance Resource Center (CRC) has been using the Compliance Benchmark Survey© since 1993 and has been employed with hundreds of health care organizations and a surveyed population of over a half-million. Clients find that comparing their results with the universe to be the most beneficial information. Survey reports are typically about 50 pages in length and provide advice on each topical area and question as to how improvements may be made.

Carrie Kusserow, Managing Senior Consultant for Strategic Management, has been using compliance surveys to assist with benchmarking the progress of compliance program. Such benchmarking was called for by the OIG when it stated in its compliance guidance that “the existence of benchmarks that demonstrate implementation and achievements are essential to any effective compliance program.” She has found surveys can be used to meet that standard, two ways. First, if the survey being used is anchored in a database of users, the organization can benchmark them against that universe, viewed as very important by most organizations. Second, an initial survey can establish a baseline from which future surveys can be used to benchmark progress of the compliance program and measuring change in the compliance environment over a period of time.

Carrie Kusserow and Jillian Bower Concepcion will be available to discuss this subject in more detail at the HCCA conference in Las Vegas, booth 412

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: OIG opinion on the effect of exclusion

OIG Advisory Opinion 18-01 was issued in response to a request regarding the effect of an exclusion from Medicare, Medicaid, and all other Federal health care programs. As a result of criminal conviction for health care fraud pursuant to a civil False Claims Act (FCA) settlement, the Requestor agreed to be permanently excluded. The Requestor received a good faith employment offer from a newly formed, for-profit corporation that will be offering long-term care pharmacies (the LTC Pharmacies) access to discounted rates for emergency medications that the company negotiates with local retail pharmacies. The prices the company would charge for the medications the LTC Pharmacies obtain from the local retail pharmacies would be the discounted rate the company negotiated with the local retail pharmacies, plus a mark-up. The Requestor inquired whether the engagement proposal to market its services (the Proposed Arrangement) would violate the terms of the exclusion and constitute grounds for the imposition of sanctions.

The OIG concluded that, although the Proposed Arrangement could violate the terms of the exclusion and could constitute grounds for the imposition of sanctions, the OIG would not impose such sanctions in connection with the Proposed Arrangement, based upon the following representations:

  • Neither the Requestor nor the company would directly submit claims for items or services that are paid for by any federal health care program, including any medications the LTC Pharmacies obtain from the local retail pharmacies; and would not directly or indirectly have any role in the LTC Pharmacies’ or their customers’ submission of claims to any federal health care program.
  • Neither the Requestor nor the company would submit claims to Medicare, Medicaid, or any other federal health care program for any items or services provided in connection with the Proposed Arrangement.
  • The Requestor would market the company’s services to the LTC Pharmacies and offer them the opportunity to contract with the company to receive lower prices than they normally would pay when ordering emergency medications from a local retail pharmacy.
  • Neither the Requestor nor the company would exercise any direct or indirect control over determining the volume, type, and frequency of any medications they would need or order.
  • The company would pay the Requestor a fixed salary plus a commission based on the number of LTC Pharmacy accounts the Requestor secured for the company with no compensation determined based on the volume, value, frequency, price, or selection of any medications, including federally reimbursable medications, the LTC Pharmacies or their customers would order.
  • Neither the Requestor, nor any member of the immediate family would have direct or indirect control of the company.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Changes in the Stark Law

Over the years, the Stark law has evolved considerably from regulatory requirements to use by the DOJ in enforcement of the False Claims Act. Unlike the Anti-Kickback Statute, which is enforced by the OIG, the Stark law is considered regulatory and under CMS jurisdiction. The Stark law was designed to prohibit doctors from referring Medicare patients to hospitals, labs, and colleagues with whom they have financial relationships, unless they fall under certain exceptions. Stark prevents hospitals from paying providers more when they meet certain quality measures, such as reducing hospital-acquired infections, while paying less to those who miss the goals. Providers have registered numerous concerns that the Stark Law is inhibiting their ability to participate in Patient Protection and Affordable Care Act (ACA) (P.L. 111-148) reforms. The CMS Administrator, Verma, has acknowledged the difficulty of reconciling the Stark Law’s restrictions with the current shift to value based payment structures, noting that that the Stark Law “was developed a long time ago” with current payment systems and operations being different, requiring some changes in the rules. This is not the first time CMS has tried to move the easing of rules concerning the Stark law. In 2015, CMS published a Proposed rule relaxing aspects of the Stark law, including easing of some of the strict liability features of the law and the CMS burden in dealing with the interpretation of key terms, requirements, and other issues.  After reviewing an enormous amount of self-disclosures, CMS realized that a large part of its docket involved arrangements that may technically violate the statute but do not actually pose significant risks of abuse, thus necessitating some changes and clarifications.

Inter-Agency Group formed to focus on easing Stark Barriers

During a January, 2018 American Hospital Association webinar, the CMS Administrator announced plans to convene an inter-agency group consisting of CMS, the OIG, HHS General Counsel, and the DOJ to focus on how to minimize the regulatory barriers of the Stark law that began in 1989 and underwent expansion in the 1990s. Verma noted that the review is in line with CMS’s “Patients Over Paperwork” initiative, which is in accord with the President’s Executive Order that directs federal agencies to “cut the red tape” to reduce burdensome regulations.

Congress Acts

Regardless of the results of the inter-agency review, the fact remains that only so much can be done by regulatory policy changes. All real changes must be made in the law will necessarily have to come from Congress. The Bipartisan Budget Act of 2018 imposed changes on laws related to health care fraud and abuse. On one side they quadrupled fines and doubled potential prison time from five to ten years for violation of the Anti-Kickback Statute.  The Civil Monetary Penalties (CMP) law penalties were doubled. On the other side, Congress moved to reduce some of the burdens by codifying CMS regulatory guidance. Some specific relief involved expired leases and personal services contracts that, if otherwise compliant, will remain protected as long as the terms and conditions continue unchanged.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.