Kusserow on Compliance: The value of surveying compliance professionals

There is great value of knowing where you are in relation to others

When asked to participate in surveys, it is worthwhile to know its purpose and why it is worthwhile to participate in one. In short, surveys are a method of gathering information from individuals. They can serve a variety of purposes. The survey should be considered as another confidential communication channel that permits sharing information with others in the compliance arena. The objective of the Compliance Benchmark Survey designed for compliance professionals is to permit compliance professionals to participate as a network in understanding what challenges their colleagues in other healthcare organizations are facing and preparing for 2018. It is a data collection tool utilized to describe the current state of affairs facing compliance professionals in the real-world. As respondents share their thoughts and challenges anonymously with others, other compliance professionals benefit by knowing they are not alone in struggling to meet the challenges of compliance within their respective organizations.  The Survey taps into what compliance professionals are thinking and find useful information to assist in meeting challenges. Understanding what other compliance professionals are thinking and doing can assist in planning ahead to address the evolving challenges and expectations in an ever changing regulatory and enforcement environment. Results from the Survey can help proactively identify and respond to trends and issues confronting compliance professionals. This in turn may lead to a decision to shift priorities.


Benefits of Survey Participation


  1. It permits benchmarking your compliance efforts with other professionals at other healthcare organizations and gaining insights into developing a more effective compliance program.


  1. By participating in the Survey respondents will receive the analytical report of the results and a “free ticket” to a webinar hosted by a panel of compliance experts providing added feedback as to the significance of data collected and how it can be used in planning work for the upcoming year.


To join the network of compliance professionals in sharing their experience and concerns about meeting the challenges in 2018, click below:


Participate in the Survey


Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of
Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC
, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Health care mergers and acquisitions due diligence

Hardly a day passes when the press does not report on a new merger or acquisition in the healthcare sector.  Some of these are monumental in scope, but most relate to individual hospitals, facilities, or entities.  The number of hospital and health system mergers and acquisitions continued their upward trend in the first quarter of 2017, with an eight percent increase from 25 to 27 transactions compared to the first quarter of 2016.  This trend is likely to continue and is stimulated by health care reform that will likely result in more consolidation and integration among hospitals and physician practices.  There are two common types of due diligence; financial and legal.  However, the highly regulated nature of the health care industry requires a third type; regulatory due diligence to avoid discovering and having to make disclosures of regulatory violations and overpayments of millions of dollars.

Financial and Legal Due Diligence

Due diligence reviews generally focuses on financial accountability and legal liabilities. An independent accounting firm focuses on reviewing and evaluating the balance sheets, income statements, audit reports, and cash flow statements and projections in measuring financial viability. There are many very competent public accounting firms that specialize in this type of work. For legal due diligence, the focus is on examining the entity’s structure; business permits and/or approvals; employment and labor law compliance; environmental law approvals, permits and compliance; contractual rights and obligations; intellectual property rights and obligations; real property law compliance; securities and financing regulatory compliance; tax exposure risks; consumer protection law and exposure risks; and/or licenses; previous and/or current litigation; media reports; and external consultants and/or advisors. There are an abundant number of law firms that provide high quality services in this type of work.  What is often missing is focusing on the potential health care regulatory and legal compliance issues.

Health Care Regulatory Due Diligence

In the health care sector, things are more complicated, wherein health care facilities are subject to a tremendous number of state and federal laws and regulations that govern how business must be conducted. As such, there are significant risks that a purchaser can inherit serious regulatory liabilities without checking to see how the entity is complying with these rules. With the right experts with experience in doing this kind of work, the time and costs for the due diligence review be only a small fraction of the costs of either a financial or legal review. The reason is simple: financial and legal due diligence involves detailed examination of a large volume of information. Regulatory compliance experts know exactly where to look for any weaknesses without having to do a “deep dive.” As such, it is difficult to imagine why a party looking to make an acquisition would not want a regulatory due diligence. High on the list for any reviews should be arrangements with referral sources—the highest enforcement priority of both the DOJ and OIG for many years—and review of the claims processing system and controls to ensure that there are not regulatory issues waiting to be discovered by CMS contractors or enforcement agencies.  In virtually all cases, problems will be identified that in very few cases would interfere with the decision to acquire, but is very likely to not only avoid a future liability but puts on the table additional tools to improve the negotiation terms and conditions.


Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Use of temporary compliance and privacy officers

By now every health care provider is aware of the need for an effective compliance program under direction and management by a compliance officer, as well as a privacy officer to ensure HIPAA compliance. It is common these days for organizations to have compliance and privacy officer vacancies as result of a retirement, termination, someone changing jobs, or any other of a dozen reasons. Sometimes it may have been triggered by an audit or investigation by the HHS Office of Inspector General (OIG), Department of Justice (DOJ), HHS Office for Civil Rights (OCR), or a CMS contractor. In other cases, a board or new executive leadership may wish to use proven experts to promote and/or elevate the programs to a higher level. Regardless of the reason, the departure of a long time incumbent creates a vacuum that needs to be filled quickly for day to day management and responding to emerging issues to avoid serious problems and potential liability. The worst time to have a vacancy is when entering the holiday season and the end of the calendar year. For a variety of reasons, it is a time when many problems and issues arise needing prompt attention.

Steve Forman, CPA, is an expert on the subject with over 25 years as a healthcare compliance officer and consultant, including serving on multiple occasions as an interim compliance officer.  He notes that the sudden departure of a compliance or privacy officer makes the problem of finding someone properly qualified in a timely manner a serious issue. Confronted with a rapidly evolving regulatory and enforcement environment, health care organizations cannot afford to take the chance on having a gap in these positions. When such a gap occurs, engaging an expert on a short term engagement can hold the reigns of the program together, while a permanent replacement is found. Using a properly qualified outside expert presents a lot of advantages.  They can bring the experience of having served in other organizations and dealing with many of the same issues already addressed by prior jobs. It is also important that they have not been invested in any prior decisions, nor have they been aligned with any parties in the organization.  Most importantly, they bring “fresh eyes” to the program. They can provide objective assessment on the state of the compliance program, offer suggestions, and give guidance for improvements.

Suzanne Castaldo, JD, who specializes in providing interim compliance and privacy officers for healthcare clients, noted that clients to whom she has provided interim officers, usually take three to five months to find that hire a permanent replacement with necessary experience and qualifications. When they seek temporary officers, she provides experienced professionals with previous experience as a compliance or HIPAA privacy officer. Over the last 25 years, her firm has worked with over 3,000 health care organizations in building, evaluating, managing, and building compliance program that provide a unique level of knowledge and expertise. Using the right professional with a lot experience and technical skills can make significant improvements for any compliance program in a relatively short order.

Camella Boateng is another highly experience compliance professional who has served as an interim compliance and privacy officer for several organizations. She has found that organizations have a tendency to understate the needs in the vacant position.  In every case where she has been called upon to fill a vacancy, she has encountered serious problems that were hidden or not recognized by the organization. In fact, these unattended problems often were the reason for the departure of the incumbent. As such, those seeking temporary compliance or privacy officers require more than someone just to monitor and manage day to day work. They should look to added benefits and services an outside expert can bring, including providing an independent assessment of the status of the compliance program and high-risk areas warranting attention. Before leaving the engagement they can develop a “road map” for the incoming compliance officer to follow. All this can result in developing comprehensive briefings for management and board on the state of the program

Lisa Shuman is a consultant that has served as an interim privacy officer for organizations. She observed that the work flow is different from that of a compliance officer. She has found from her experience that most engagements can be part time with much of the work done remotely.  The first month usually involves focusing on reviewing adequacy of existing policies, procedures, controls, and training content. After that, the work focuses primarily on privacy violation investigations that arise, however, it is important that the interim privacy officer be available at any time to deal with issues



Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

What compliance professionals should know about auditing physician compensation arrangements

In an environment of increasing integration and financial relationships with physicians; a rigid and technical regulatory framework; aggressive government enforcement; and disproportionate penalties and enterprise risk under the Stark Law (42 U.S.C §1395nn), it is incumbent for health care organizations to have an audit plan and process for physician compensation arrangements to ensure such arrangements comply with Stark law requirements. In a webinar presented by the Health Care Compliance Association (HCCA), Curtis H. Bernstein, Principal, Pinnacle Healthcare Consulting and Joseph N. Wolfe (Hall, Render, Killian, Heath & Lyman, P.C.) provided insight into considerations for managing risks, an overview of the Stark Law and its exceptions, and tips for planning an audit and the audit process.

Managing the risk

Wolfe stressed the importance of ensuring that compensation arrangements with referring physicians are defensible. When it comes to compensation arrangements, organizations should ask, “How will the organization defend itself?” Wolfe recommended that the organization focus on the Stark Law’s technical requirements, which were updated in 2016, and the three tenets of defensibility: (1) fair market value, (2) commercial reasonableness, and (3) not taking into account the value or volume of referrals. Wolfe emphasized the need for health care providers that enter into physician arrangements to ensure that individuals involved in the process have an in depth understanding the Stark regulations and the exceptions

The plan and the process

Bernstein explained that the scope of the audit depends on the size and complexity of the company, prior experience with the process under audit, recent changes in the company or company’s operations, and previously recognized deficiencies, as well as circumstances that may arise during the audit. The audit process involves several steps.

  • A list of currently executed physician contracts must be compiled.
  • Compliance personnel must interview individuals commonly involved in physician relationships. The individuals conducting the audit should understand interview processes, including strategy, documentation, approval, and selection of interviewees.
  • The interviews must be reconciled to currently executed physician contracts. Common issues arising in reconciliation include the use of space, office equipment, and other items by physicians for professional or personal use, and payment for services not provided.
  • Time sheets or other attestation forms must be reviewed for completeness and accuracy.
  • Fair market value and commercial reasonableness must be documented for each agreement. Consider:
    • Who is providing the service?
    • Why are the services required?
    • When are the services performed?
    • How are the services provided?
  • All other terms of agreement and necessary steps must be performed in executing agreements and verified.

Bernstein noted that other items to consider during the process include the compensation structure, the length of a fair market value opinion versus the length of the contract, whether the compensation was set in advance, if the agreements were executed, and whether the agreements expired.

The compliance component

While the basic elements of an effective compliance program apply to physician arrangements, Wolfe explained that as compliance applies specifically to physician arrangements, it should be compensation focused and documentation and governance should support defensibility. He recommended that organizations adopt a compensation philosophy, have a written compensation plan, establish parameters for monitoring compensation, and form a compensation committee. In addition, organizations should (1) ensure that policies align with the new Stark technical requirements; (2) establish a consistent process for obtaining third party valuation opinions; and (3) periodically audit physician compensation arrangements. Finally, organizations should continue to monitor the enforcement climate.