Kusserow on Compliance: OIG testifies on investigative results over last three years

Gary Cantrell, HHS OIG Deputy Inspector General for Investigations, testified before a Senate Special Committee hearing to highlight the results of the OIG’s enforcement activities, focusing many of his comments on the current Opiod Crisis. He noted that the OIG Special Agents have full law enforcement powers and collaborate with other federal, state, and local law enforcement partners to combine resources to detect and prevent health care fraud, waste, and abuse. Over the last three years, OIG investigations have resulted in more than $10.8 billion in investigative receivables; 2,650 criminal actions; 2,211 civil actions; and 10,991 program exclusions.

The OIG is a lead participant in the Medicare Fraud Strike Force, which combines the resources of the OIG and DOJ, including Main Justice, U.S. Attorneys’ Offices, and the Federal Bureau of Investigation (FBI), as well as State and local law enforcement, to fight health care fraud in geographic hot spots. Since its inception in March 2007, the Strike Force has charged more than 3,000 defendants who collectively billed the Medicare program more than $10.8 billion. Last year, the Strike Force led the largest takedown ever in health care fraud enforcement. It resulted in 412 charged defendants across 41 federal districts, including 115 doctors, nurses, and other licensed medical professionals, for their alleged participation in health care fraud schemes involving approximately $1.3 billion in false billings.

The OIG also collaborates with state Medicaid Fraud Control Units (MFCUs) to detect and investigate fraud, waste, and abuse in state Medicaid programs.  Another investigative partner is the Healthcare Fraud Prevention Partnership and the National Healthcare Anti-Fraud Association—a public–private partnership that addresses health care fraud by sharing data and information for the purposes of detecting and combating fraud and abuse in health care programs.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: OIG Work Plan items for May 2018

The OIG regularly updates its Work Plan as it continues to assess relative risks in HHS programs and operations that may lead to new projects. The most recent changes involved adding six new projects. In making these additions, the OIG considered a number of factors, including mandates set forth in laws, regulations, or other directives; requests by Congress, HHS management, or the Office of Management and Budget; top management and performance challenges facing HHS; work performed by other oversight organizations (e.g., GAO); management’s actions to implement OIG recommendations from previous reviews; and potential for positive impact.

New Projects Added

  1. The Impact of Authorized Generics on Medicaid Drug Rebates. Under final rules implementing the Patient Protection and Affordable Care Act (ACA) (P.L. 111-148), CMS directed primary manufacturers to include in their calculation of average manufacturer price (AMP) the sale of authorized generic drugs to secondary manufacturers in some circumstances (42 C.F.R. Sec. 447.506(b)). OIG plans to examine selected drugs with authorized generics and determine how including the sales of authorized generic drugs to secondary manufacturers affects Medicaid drug rebates.

 

  1. Noninvasive Home Ventilators – Compliance with Medicare Requirements. For items such as noninvasive home ventilators (NHVs) and respiratory assist devices (RADs) to be covered by Medicare, they must be reasonable and necessary for the diagnosis or treatment of illness or injury or to improve the functioning of a malformed body member. Depending on the severity of the beneficiary’s condition, an NHV or RAD may be reasonable and necessary. NHVs can operate in several modes, i.e., traditional ventilator mode, RAD mode, and basic continuous positive airway pressure (CPAP) mode. The higher cost of the NHVs’ combination of noninvasive interface and multimodal capability creates a greater risk that a beneficiary will be provided an NHV when a less expensive device such as a RAD or CPAP device is warranted for the patient’s medical condition. The OIG will determine whether claims for NHVs were medically necessary for the treatment of beneficiaries’ diagnosed illnesses and whether the claims complied with Medicare payment and documentation requirements.

 

  1. States’ Procurement of Private Contracting Services for the Medicaid Management Information System (MMIS). MMIS is an integrated group of procedures and computer processing operations designed to meet principal objectives such as processing medical claims. Medicaid reimburses states’ MMIS administrative costs at enhanced rates of 90 and 75 percent. Many states use private contractors to design, develop, and operate their MMIS. When procuring MMIS contracting services, states are required to follow the same policies and procedures used for procurements paid with non-federal funds. Additionally, states must receive CMS’s prior approval to receive enhanced federal matching funds for MMIS administrative costs related to private contractors. OIG plans to determine if selected states followed applicable federal and state requirements related to procuring private MMIS contracting services and claiming federal Medicaid reimbursement.

 

  1. Monitoring Medicare Payments for Clinical Diagnostic Laboratory Tests – Mandatory Review. Section 216 of the Protecting Access to Medicare Act of 2014 (PAMA) requires CMS to replace its current system of determining payment rates for Medicare Part B clinical diagnostic laboratory tests with a new market-based system that will use rates paid to laboratories by private payers. Pursuant to PAMA, OIG is required to conduct an annual analysis of the top 25 laboratory tests by Medicare payments and analyze the implementation and effect of the new payment system. The OIG plans to analyze Medicare payments for clinical diagnostic laboratory tests performed in 2016 and monitor CMS implementation of the new Medicare payment system for these tests.

 

  1. Ensuring Dual-Eligible Beneficiaries’ Access to Drugs Under Part D: Mandatory Review. Dual-eligible beneficiaries are enrolled in Medicaid but qualify for prescription drug coverage under Medicare Part D. As long as Part D plans meet certain limitations outlined in 42 C.F.R. Sec. 423.120, plan sponsors have the discretion to include different Part D drugs and drug utilization tools in their formularies. The OIG is required to review annually the extent to which drug formularies developed by Part D sponsors include drugs commonly used by dual-eligible beneficiaries as required.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Emerging government enforcement priorities for 2018

At the HCCA conference in April, there were several presentations regarding the government’s enforcement priorities. There were a number of emerging issues that were the subject of considerable attention: the opioid crisis, electronic health record (EHR) fraud, and telehealth/telemedicine. By far, the area given the most attention was the opioid crisis.  More than a dozen presenters included comments in their presentations on this subject, including presenters from the DOJ, OIG, CMS, and the OCR. This is not surprising in that last October the President declared this to be a national public health care crisis and marshaled regulatory and enforcement agencies to actively focus on steps to alleviate it. Other agencies not present at the HCCA are included in this effort, such as the FDA, FCC, CDC, Indian Health Service, Veterans Administration, Department of Defense TRICARE program, and others. At the federal and state level, there is increased legislative, regulatory, and enforcement actions activity related to substance abuse and behavioral health services. In January, the Attorney General announced the DEA was increasing its focus on pharmacies and prescribers who dispense unusual or disproportionate amount of such drugs. He also has created the Prescription Interdiction and Litigation (PIL) task force to aggressively deploy and coordinate all available criminal and civil law enforcement tools to address the crisis. Both DOJ and OIG presenters noted the July 2017 “take down” of 412 defendants in 41 different judicial districts. The defendants included over 100 doctors, nurses, and other medical license professionals. Together these individuals were responsible for over $1.3 billion in false billings.

The second most reported topic concerned cyber and IT security of Protected Health Information (PHI). This was a main topic in the presentation by OCR, but was alluded to in seven other presentations on cybersecurity and threats and complying with HIPAA Privacy and Security standards. The OCR reported that since 2009, there have been 2178 reports of breaches over 500 files with more than 300,000 cases of breaches affecting fewer than 500 files. The OCR has responded to over 170,000 complaints that resulted in over 25,000 cases being resolved with corrective action measures.  The OCR expects about 17,000 new complaints this year.  The top 10 recurring issues involve: (1) disclosure of sensitive paper information, (2) business associate agreements, (3) risk analysis, (4) failure to manage risks, such as with encryption, (5) lack of transmission security, (6) failure of ongoing auditing, (7) no patching of software, (8) insider threats, (9) improper disposal of records, and (10) insufficient backup of information and contingency planning.

Several sessions focused on physician arrangements and how they could implicate the Anti-Kickback Statute and Stark Laws.  Statistics from DOJ indicated the continuing trend of increased number of qui tam cases that has grown from 426 in 2015 to around 500 in 2017 with annual settlements averaging about $2.5 billion per year.

New cases involving Meaningful Use Fraud were reported with the promise that more new cases were under development.  Another area getting a lot of enforcement attention by the DOJ and OIG relate to telehealth and telemedicine. Cases surfacing now are focusing on claims arising from billings for these areas that did not qualify as such.  Only certain telehealth services are covered by Medicare and providers should take care to follow CMS guidance on what qualifies.

It is interesting to compare these priorities with results for the 2018 Compliance Benchmark Survey of compliance officers. There was no mention of the opioid crisis, as it was just an emerging national issue at the time the survey was taken. HIPAA security/cyber-security was the highest priority. It is troubling that corrupt arrangements with referral sources remains the number one regulatory and enforcement priority for the OIG and DOJ but is ranked fifth in priority to respondents. The other major and continuing enforcement priority related to claims submissions and that ranked third in priority by compliance officers.  A complementary webinar relating to this survey will be presented on May 9th.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Board compliance experts and certifications under corporate integrity agreements

The HHS Office of Inspector General (OIG) now requires in its corporate integrity agreements (CIAs) the engagement of independent compliance experts to assist it in meeting its obligations of oversight of compliance programs. This trend has been part of a movement to hold members of governing boards more accountable for compliance program oversight.  Those engaged as compliance experts must create a compliance review work plan, perform the program review, and provide a compliance program review report.  The report has to describe the review performed, findings, and any recommendations for program improvement.  The board must review the report and act upon any findings and recommendations. A copy of the report must be sent to the OIG as part of each CIA annual report.   In addition, any materials provided by a compliance expert, as well as any minutes of meetings must be available to the OIG upon request

Carrie Kusserow has a long history as a compliance officer and as a compliance consultant working on compliance with CIAs.  She noted that the “real game changer” in CIAs has been the movement toward increased certifications by executives, compliance officers, and board members.  Board members now have the burden to adopt and sign a resolution for each CIA Reporting Period.  This is serious business, in that making false certifications could criminally violate federal law (18 U.S.C. §1001).  In order to hold boards fully accountable, the OIG mandates that they engage a compliance expert to assist them in carrying out their compliance program oversight and to assist them in being able to make their certification.  Selecting the right compliance expert is critical; once selected, they are likely to be doing this work for five years.  Kusserow also warns that time is not an ally when CIAs are signed.  The attorneys handling the litigation and settlement process often are working ahead of the organization and those who will have to implement the terms and conditions of the CIA. This means that many organizations find themselves in a race against time to do all that is required, including engaging independent review organizations (IROs) and compliance experts.   She advises organizations moving toward settlement to begin looking and evaluating potential parties to be engaged as outsider experts.

Tom Herrmann, J.D. has many years’ experience managing the CIA process with the OIG, as well as having been engaged by numerous organizations in meeting CIA obligations.  He believes that it is important to remember that moving from settlement to meeting obligations under a CIA is also moving from having parties advocating on behalf of the organization to parties  assisting in meeting the requirements that have been agreed to. He speaks from firsthand experience when he says that the OIG does not like parties trying to re-litigate a case, and any effort to do so will likely prove counter-productive.  This means that the compliance experts engaged must focus implementation on the terms of the agreement.  To do this, they must be free of any conflicts of interest if they are to meet the independence and objective standards required by the OIG.  The OIG wants to see organizations select true experts who will carry out their responsibilities with independence and integrity.  As such, Herrmann agrees that the more experience that parties have as experts under the CIA, the better known they are to the OIG and more credible will be their work.

Selecting compliance experts

Organizations selecting compliance experts should keep the following tips in mind:

  • An independent expert must be properly qualified to perform the work described in the CIA.
  • The work to be performed consists of operational reviews, not financial audits.
  • The focus is on compliance program expertise.
  • A CIA may require several different types of expert (e.g. IROs, compliance experts).
  • Those selected should be qualified and experienced in the industry sector covered by CIA.
  • Lack of expertise in the area for which the experts are engaged equals potential problems with OIG.
  • Sub-standard reports risk loss of compliance credibility.
  • Work performed by experts must be professionally independent and objective.
  • Compliance experts follow Government Accountability Office Government Audit Standards (GAGAS) standards for operational reviews.
  • Experts should certify to OIG professional standards.
  • Entities should ensure and seek certification that the experts have no conflicts of interest with the entities.

Steve Forman, CPA has been engaged as a compliance expert on behalf of several organizations. Based upon his experience, he offered tips on how to go about selecting an outside compliance expert. He believes it is very important engage parties with considerable experience doing this kind of work.   Using people inexperienced in compliance or using them as compliance experts is risky. Those lacking experience tend to be more costly, as they charge for their time in learning what needs to be done at the expense of those that have engaged them. The more experience they have doing this kind of work under a CIA, the better. As such, it is advisable to find experts who have been engaged by entities under CIAs on multiple occasions. It also permits reference checking on how well the experts did with organizations that used them. Forman also added that having served many years as a compliance officer, in addition to serving as a health care consultant, was critical in being able to deal with real and practical considerations in acting as a board compliance expert. He believes having that combination of experience provided those organizations using his services with the most efficient results.

Reference-checking questions

Appropriate reference-checking questions include:

  • Did the firm meet its obligations satisfactorily?
  • Were there any problems?
  • Did the OIG find a firm’s work satisfactory?
  • Did a firm perform services economically and efficiently?
  • Was a firm sensitive to the entity’s operations and needs?
  • Was a firm’s work professional, competent, and timely?

Last tip

One last piece of advice for compliance officers is that they educate their boards on this new trend, whether or not the organization may be involved in settlements with the government. What the OIG mandates is what it believes all organizations should do–that is, provide greater board oversight of the compliance program. As such, all boards should add members who are “compliance literate” and/or secure outside experts to advise them on the progress in development of an effective compliance program.