Kusserow on Compliance: OIG estimates $4.4B in savings in 2017

The HHS Office of Inspector General (OIG) issued its second Semiannual Report to Congress for 2017 summarizing achievements for the year that included estimated savings of $4.4 billion as result of its work.   It reported over $4 billion in “investigative” receivables for the full year from expected recoveries from criminal actions, civil and administrative settlements, civil judgments, and administrative actions by OIG. In addition, it reported almost $300 million in audit findings. For the year, the OIG brought criminal actions against 881 individuals or organizations, and 826 civil actions, including false claims and unjust-enrichment lawsuits filed in federal district court, civil monetary penalty settlements, and administrative recoveries related to provider self-disclosure matters. The OIG cited some of the major fraud enforcement actions for the year that included the largest national health care fraud takedown in history, involving more than 400 defendants in 41 federal districts and $1.3 billion in false billings to Medicare and Medicaid.

The largest body of work involves investigating matters related to the Medicare and Medicaid programs, such as patient harm; billing for services not rendered, medically unnecessary services, or services more extensive than those actually provided; illegal billing, sale, diversion, and off-label marketing of prescription drugs; and solicitation and receipt of kickbacks, including illegal payments to patients for involvement in fraud schemes and illegal referral arrangements between physicians and medical companies. The OIG also investigates cases involving organized criminal activity, medical identity theft, and fraudulent medical schemes that are established for the sole purpose of stealing Medicare dollars. Those who participate in these schemes may face heavy fines, jail time, and exclusion from participating in Federal health care programs. The OIG highlighted some of the most common criminal fraud scheme case types relating to (1) controlled and non-controlled prescription drugs, (2) home health agencies and personal care services, (3) ambulance transportation, (4) DME, and (5) diagnostic radiology and laboratory testing.

Highlighted major cases include actions taken against 120 opioid-related defendants, including 27 doctors. In addition, the OIG issued 295 exclusion notices related to the use and abuse of controlled substances. Other high profile OIG actions related to fraud allegations noted were against Mylan Inc. that agreed to pay $465 million; and eClinicalWorks, LLC (ECW) for $155 million.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: OIG report on 2017 Hotline activity

The HHS Office of Inspector Genera (OIG) is mandated to provide a semiannual report to Congress to summarize its activities. Included in this report was a section on the OIG Hotline (1-800-HHS-TIPS), available to individuals to report fraud, waste, or abuse in HHS programs.  The OIG considers the hotline a significant avenue of intelligence. What it also underscores is that many more “Whistleblowers” contact the OIG directly, than by filing qui tam actions with the DOJ. During the second half of 2017 alone, the OIG Hotline received 58,110 hotline contacts which were evaluated to determine whether an issue rises to the level of a complaint and whether it falls within OIG’s jurisdiction. Of that 13,781 were sufficient in details to warrant evaluation. The hotline phone was the source for 5,815 of these cases with another 3,966 obtained via the OIG website.  In addition 1,107 complaints were obtained via letter or fax. After evaluation, 10,888 were referred for action. The balance did not provide basis for further action or were found to not provide evidence of violations. The source of those tips that were referred for action varied.  Those received via the hotline phone were 5,127.  The internet was the source for 3,768 tips with the remaining 1,075 tips coming from letters and facsimiles.

The OIG forwarded approximately one-third of the complaints to its field offices for follow-up, slightly less than half to CMS, with the balance referred to other HHS operating divisions and other federal agencies. During this semiannual reporting period, the OIG Hotline reported expected recoveries of $9.9 million as a direct result of cases originating from hotline complaints.

Jillian Bower, has assisted scores of clients with their hotline operations through the Compliance Resource Center (CRC). She notes that having an effective hotline program is a must for any effective compliance program, however many organizations with hotlines that are not effective.  Those not promoting an effective hotline operation are making a grave error and risk driving complainants externally to the DOJ and OIG, litigating attorneys, media, etc. and that can only spell trouble. Receiving and resolving issues internally is the right approach and is good for the organization on many levels. Failing to do so can result in potential liabilities, headaches, and a lot of remedial work. By maintaining such a positive culture for employees to be able to report problems, concerns, and perceived wrongdoing will encourage internal reporting rather than having individuals thinking they must resort to “whistleblowing” to external parties.

10 Practical Tips

  1. Develop and implement written guidelines relating to the hotline operation that should information on the (a) hotline operations, (b) duty to report, (c) non-retaliation, (d) anonymity, (e) confidentiality, (f) investigations of complaints, among others.
  2. Have information about the use of the hotline made part of the Employee Handbook and Code of Conduct.
  3. Promote a culture that encourages employees to raise concerns and report perceived problems with managers being counseled that these are opportunities for improvement in the organization.
  4. Maintain a confidential recordkeeping system to enable a review of employment history for those employees who have raised concerns or reported problems.
  5. Have posters on the employee bulletin boards for the availability and use of the hotline.
  6. Ensure the hotline number and its availability is included in new employee orientation.
  7. Consider having a flyer go out to all employees on the availability of the hotline.
  8. If there is an Intranet for employee use, include information about the hotline.
  9. If there is an organization newsletter, use it to promote the hotline.
  10. Extra care needs to be taken to avoid doing anything that might be interpreted as retaliatory.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: DOJ reports more than two-thirds of $4B civil fraud recoveries in 2017 from health sector

In an end of the year report, the Department of Justice (DOJ) Civil Division announced that it recovered over $3.7 billion from civil False Claims Act (FCA) cases for the fiscal year. Significantly, nearly two thirds of the total settlements and judgments involved the health care industry, including drug companies, hospitals, pharmacies, laboratories, and physicians. What is really noteworthy is the fact that ninety-three percent of the total came from qui tam relators (whistleblower) cases, whose rewards amounted to almost $400 million. There were 491 new such health care cases filed during the year at a rate of about ten per week. The great majority of civil fraud cases implicated the Anti-Kickback Statute. Also most major settlements with DOJ are referred to the HHS Office of Inspector General (OIG) for Corporate Integrity Agreements.

It is noted that settlements for 2017 were $1 billion less than 2016. This is the eighth consecutive year that the department’s civil health care fraud settlements and judgments have been the leading area of settlements and judgments, exceeding $2 billion. The recoveries reported reflect only federal losses and they were instrumental in recovering additional millions of dollars for state Medicaid programs. The largest recoveries involving the health care industry this past year came from Shire Pharmaceuticals LLC which paid $350 million; drug manufacturer Mylan Inc. which paid approximately $465 million; Life Care Centers of America Inc. and its owner which agreed to pay $145 million; and eClinicalWorks (ECW) and certain of its employees which paid $155 million.

In second place in terms of industry recoveries was $543 million from housing and mortgage fraud cases, which was only about twenty percent of the level for the health care sector. In third place was the Defense arena which had cases that resulted in $220 million in settlements and recoveries, which is only about one tenth the level of the health care sector.

The “Yates Memo” emphasized DOJ’s intent to focus on “individual accountability for corporate wrongdoing” through civil and criminal enforcement actions. This emphasis on singling out individual recoveries was in evidence this last year with DOJ recovering $60 million directly from individuals, without joint and several liability with any corporate entity. The DOJ identified several individual owners and executives of private corporations agreed to be held jointly and severally liable for settlement payments.

The DOJ obtained more than $3.7 billion in settlements and judgments from civil cases involving fraud and false claims against the government in the fiscal year ending September 2017.

Recoveries since 1986, when Congress substantially strengthened the FCA, now total more than $56 billion.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Recap of the OCR’s 2017 HIPAA enforcement

The HHS Office for Civil Rights (OCR) HIPAA Privacy Rule enforcement has been steadily increasing since it began the effort in 2003. Over the years, OCR has received over 175,000 HIPAA complaints and initiated nearly 1,000 compliance reviews. OCR investigations have resolved nearly 30,000 cases by requiring changes in privacy practices, taking corrective actions, or providing technical assistance to HIPAA covered entities and their business associates. OCR has been enforcing the HIPAA Rules where an investigation indicates noncompliance by the covered entity or their business associate. OCR investigations have ranged widely and included national pharmacy chains, major medical centers, group health plans, hospital chains, and small provider offices. To date, OCR has settled or imposed a civil money penalty in about 60 cases resulting in a total dollar amount of about $75,000,000. The average of enforcement penalties has been about $1.5 million per case. In another 12,000 cases, no violations were found. In another 25,000 cases, OCR intervened early and provided technical assistance to HIPAA covered entities, their business associates, and individuals exercising their rights under the Privacy Rule, without the need for an investigation. In the balance of over 100,000 cases, OCR determined that the complaint did not present an eligible case for enforcement, because of lack of jurisdiction; complaints were untimely or withdrawn by the filer; or the activity described didn’t violate HIPAA;

 

Cases that OCR closes fall into five categories:

 

  1. Resolved without investigation. OCR closes these cases after determining that OCR lacks jurisdiction, or that the complaint, referral, breach report, news report, or other instigating event will not be investigated. These include situations where the organization is not a covered entity or business associate and/or no protected health information (PHI) is involved; the behavior does not implicate the HIPAA Rules; the complainant refuses to provide consent for his/her information to be disclosed as part of the investigation; or OCR otherwise decides not to investigate the allegations.

 

  1. Technical assistance only. OCR provides technical assistance to the covered entity, business associate, and complainant through early intervention by investigators located in headquarters or a regional office.

 

  1. Investigation determines no violation. OCR investigates and does not find any violations of the HIPAA rules.

 

  1. Investigation results corrective action obtained. OCR investigates and provides technical assistance to or requires the covered entity or business associate to make changes regarding HIPAA-related privacy and security policies, procedures, training, or safeguards. Corrective action closures include those cases in which OCR enters into a settlement agreement with a covered entity or business associate.

 

  1. Other. OCR may investigate a case if (1) DOJ is investigating the matter; (b) it was as result of a natural disaster; (c) it was investigated, prosecuted, and resolved by state authorities; or (d) the covered entity or business associate has taken adequate steps to comply with the HIPAA Rules, not warranting deploying additional resources.

 

Order of frequency of issues investigated

 

  • Impermissible uses and disclosures of protected health information;
  • Lack of safeguards of protected health information;
  • Lack of patient access to their protected health information;
  • Use or disclosure of more than the minimum necessary protected health information; and
  • Lack of administrative safeguards of electronic protected health information.

 

Most common types of entities resulting in corrective actions

 

  • General hospitals;
  • Private practices and physicians;
  • Outpatient facilities;
  • Pharmacies; and
  • Health plans (group health plans and health insurance issuers).

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.