Webinar: Regulatory Pitfalls & Business Opportunities in Behavioral Health

Recent rapid growth in the behavioral health industry has been driven by national awareness of the opioid crisis, including the Support for Patients and Communities Act.

Join Alicia Macklin and Robert Miller from Hooper, Lundy & Bookman as they discuss the expansion potential in behavioral health as well as the unique licensing, regulatory, and compliance concerns in this space. Get practical tips for both day-to-day operations and due diligence for mergers/acquisitions.

Register here for the educational webinar taking place March 18, 2020 at 1:00 PM ET.

Kusserow on Compliance: OIG Civil Monetary Penalties Law enforcement actions for the second half of 2019

Many remain unaware of the Civil Monetary Penalties Law (CMPL). It comes into action when the DOJ believes false claim cases don’t rise to a level sufficient for prosecution in the courts. The OIG is authorized under the CMPL to impose administrative penalties, assessments, and exclusions against a person who, among other things, submits, or causes to be submitted, claims to a federal health care program that the person knows, or should know, are false or fraudulent. The exclusions statute also authorizes OIG to exclude a person who violates the CMPL. Those who appeal the OIG imposed penalties can appeal to an HHS Administrative Law Judge (ALJ). It is rare that an ALJ has overturned the OIG. During this semiannual reporting period, the OIG concluded cases involving more than $30 million in CMPs and assessments.

THE CMPL can be thought of as the administrative version of the False Claims Act. This means that any person who submits, or causes to be submitted, to a federal health care program a claim for items and services that the person knows, or should know, is false or fraudulent is subject to a penalty of up to $15,270 for each item or service falsely or fraudulently claimed, an assessment of up to three times the amount falsely or fraudulently claimed, and exclusion.

For the purposes of the CMPL, “should know” is defined to mean that the person acted in reckless disregard or deliberate ignorance of the truth or falsity of the claim. The law and its implementing regulations also authorize actions for a variety of other violations, including submission of claims for items or services furnished by an excluded person; requests for payment in violation of an assignment agreement; violations of rules regarding the possession, use, and transfer of biological agents and toxins; and payment or receipt of remuneration in violation of the anti-kickback statute.

Additional authorities for the OIG use of CMPL have been added in recent years. The Patient Protection and Affordable Care Act (ACA) added more grounds for imposing CMPs. These include, among other types of conduct, knowingly making, or causing to be made, any false statements or omissions in any application, bid, or contract to participate as a provider in a federal health care program (including Medicare and Medicaid managed care programs and Medicare Part D). The ACA authorizes a penalty of up to $55,262 for each false statement, as well as activities relating to fraudulent marketing by MCOs, their employees, or their agents. The 21st Century Cures Act added more grounds for imposing CMPs, assessments, and exclusion from federal health care programs for fraudulent conduct in an HHS grant, contract, or other agreement. The OIG may assess CMPs of up to $10,000 per claim and assessments of up to three times the amount claimed for knowingly presenting a false or fraudulent claim. In addition, the OIG may impose a penalty of up to $50,000 and assessments of up to three times the amount of funds at issue: (1) for each instance of knowingly making a false statement in a document required to be submitted in order to receive funds under an HHS contract, grant, or other agreement; (2) for knowingly making or using a false record or statement that is material to a false or fraudulent claim; and (3) for knowingly making or using a false record or statement material to an obligation to pay or transmit funds or property owed to HHS. The OIG may impose a penalty of up to $10,000 per day and assessments of up to three times the amount at issue for knowingly concealing, or knowingly and improperly avoiding or decreasing, an obligation owed to HHS with respect to an HHS grant, contract, or other agreement. Finally, The OIG may impose a penalty of up to $15,000 per day for failing to grant timely access to OIG upon reasonable request for audits or to carry out other statutory functions in matters involving an HHS grant, contract, or other agreement.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 202o Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: New Jersey’s largest hospital system—Hackensack Meridian Health—subject to ransomware attack

Hackensack Meridian Health announced that it was the subject of a ransomware attack and paid an undisclosed amount to regain control over its systems. Hackensack is the largest health system in New Jersey with $6 billion in annual revenue, more than 35,000 employees, and 17 hospitals—including, Jersey Shore University Medical Center in Neptune, Hackensack University Medical Center, and JFK Medical Center in Edison. The attack brought down the computer network for two days, forcing hospitals to reschedule non-emergency surgeries and sending doctors and nurses scrambling to deliver care without access to electronic records. The health system promptly notified the FBI and other authorities and spoke with cybersecurity and forensic experts. The announcement included that health system had insurance coverage to help cover the costs associated with cyber-attacks—payment, remediation, and recovery efforts. The attack forced hospitals to reschedule nonemergency surgeries and doctors and nurses to deliver care without access to electronic records. The network’s primary clinical systems have now returned to being operational, and information technology specialists are working to bring all its applications back online. The announcement did not include that any patient information was subject to unauthorized access or disclosure.

This is another vivid reminder for health care organizations to prepare for and plan on how to respond to such an attack. Hospitals and providers of health care services continue to be a prime target to ransomware attacks. Their systems tend to be more vulnerable and dependence of their patient data is critical to their function. Any failure to have access to it can be extremely detrimental for patients.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.

Upcoming Hot Topics in Privacy Webinar hosted by WK

Wolters Kluwer will be hosting an educational webinar Tuesday, October 29 at 1:00 PM EST. The webinar, titled Hot Topics in Privacy — Moving Beyond the Buzz Words and into Action, will be presented by legal experts and shareholders Katie Kenney, Elizabeth Harding, and Iliana Peters from Polsinelli PC. The presenters will cover topics related to HIPAA, GDPR, and the California Consumer Protection Act.

Register now for the webinar. If you miss it, please register for the replay.