Kusserow on Compliance: More details on new DOJ corporate compliance guidelines

Previous blogs outlined the Department of Justice (DOJ) Fraud Section’s “Evaluation of Corporate Compliance Programs” guidance for compliance officers. Since then, many have inquired about getting more specific details on questions the DOJ is now using to determine the adequacy of compliance programs, particularly as they relate to management and Board oversight.  Subsequent to the publishing of the Evaluation, the HHS Office of Inspector General (OIG) at the recent Health Care Compliance Association (HCCA) Compliance Institute also reported modifying its corporate integrity agreements (CIAs) to increase accountability of organization leadership, including the Board, that follows a similar path to that of the DOJ.  With these changes in mind, the following recaps in more detail the DOJ list of “important topics and sample questions” it now uses when evaluating the effectiveness of corporate compliance programs. This 119-question resource offers great insights for compliance officers working to build and enhance their compliance programs. These guidelines have grown out of the DOJ’s hiring of Compliance Counsel Expert Hui Chen in November 2015. One thing to remember about these guidelines is that they relate to all industry sectors.  As such, they track with the U.S. Sentencing Guidelines, but don’t focus on the health care sector in the way the OIG compliance guidance documents do.

Filip Factors

The Principles of Federal Prosecution of Business Organizations in the United States Attorney’s Manual describes specific factors that prosecutors should consider in conducting an investigation of a corporate entity, determining whether to bring charges, and negotiating plea or other agreements. Commonly known as the Filip Factors, they include “the existence and effectiveness of the corporation’s pre-existing compliance program” and the corporation’s remedial efforts “to implement an effective corporate compliance program or to improve an existing one.” The guidance was formulated to evaluate compliance programs after violations have been discovered and examining the existing misconduct as the benchmark against which the compliance program will be evaluated. It focuses on testing existing compliance programs and outlining steps that should be taken when problems are discovered to demonstrate a pre-existing commitment to compliance. It is also intended to inform the public about federal prosecutors’ review of compliance programs under the Filip Factors. There were eleven highlighted topics covered, as noted below, along with tie-in with OIG guidance, and followed with types of questions that one can expect the DOJ to ask when it confronts corporate misconduct.

 1. Analysis and remediation of underlying misconduct. The OIG guidance stresses seeking out weaknesses identified to ensure they are addressed and prevent misconduct in the future.

  • Has the organization done an analysis to see if there was a systematic failure in compliance?
  • Did the company miss prior opportunities to detect the misconduct?
  • Has the company evaluated why those opportunities were missed?
  • What remediation was undertaken once a problem was discovered?
  • What specific changes has the company made to reduce the risk of a reoccurrence?

2. Senior and middle management. This tracks to the OIG call for “top-down” compliance programs beginning at the Board and executive levels and cascading down through all levels of management.

  • Did senior managers, through their words and actions, encourage or discourage the misconduct in question?
  • Has senior leadership taken concrete steps to demonstrate commitment?
  • Does the Board have access to the right expertise to help it perform its oversight function?

3. Autonomy and resources. Prosecutors look for signs of “autonomy,” such as whether compliance personnel have “direct reporting lines to anyone on the board of directors” and whether “relevant control personnel in the field have reporting lines to headquarters.” The OIG has been calling for this type of independence for compliance offices for decades, which permits unfiltered information to flow between the compliance officer, CEO, and Board. The DOJ also looks for signs of “empowerment,” such as instances where “specific transactions or deals . . . were stopped, modified, or more closely examined as a result of compliance concerns.”  With the relatively recent hiring of full-time compliance counsel at the Fraud Section, this has been a particular point of focus.

  • Does the compliance function have the right resources and stature within the company to perform effectively?
  • Was the compliance department involved in the training and decisions relevant to any misconduct?
  • Does the compliance department have appropriate independence?

4. Policies and procedures. Policies and procedures are a foundational component of any corporate compliance program, and the Compliance Program Guidance devotes considerable attention to this topic, as does the OIG in its guidance documents. As a threshold matter, prosecutors consider the “design and accessibility” of policies and procedures—including whether they are tailored to a company’s risk profile, have been effectively implemented and communicated, and have been evaluated to ensure usefulness. Prosecutors also consider the “operational integration” of a company’s compliance policies and procedures—including the adequacy of payment systems and other controls that should have helped detect or prevent misconduct.

  • Did the company have policies and procedures in place that prohibited the misconduct?
  • Has the company assessed whether its policies and procedures were effectively implemented?
  • Are key gatekeepers adequately trained?
  • Was the program properly integrated and were adequate controls put in place to detect misconduct?

5. Risk assessment. This factor relates to the OIG guidance relating to ongoing monitoring and auditing of high risk areas.

  • What methodology has been used to identify, analyze and address the risks the organization faced?
  • Does the company collect information and metrics to adequately assess risks?

6. Training and communications. As with the OIG guidance, there is considerable expectation that all covered persons will undergo compliance training on high risk areas, governing laws and regulations, and what to do when misconduct is believed to have occurred.

  • What training was in place and is it properly tailored for high-risk or control employees?
  • Is the training offered in the right form and language for the target employees?
  • How does the company communicate to employees about any misconduct that does occur?

7. Confidential reporting and investigation. Like the OIG, the new guidelines focus on the means by which employees and others may report potential wrongdoing, as well as how this information is acted upon by the organization.

  • Does the company have in place an effective way of collecting and analyzing allegations of misconduct?
  • Does the company ensure investigations have been properly scoped, conducted, and documented?
  • Did the investigation look to root causes of the misconduct?
  • Did the investigation go high up enough in the company?

8. Incentives and disciplinary measures. The OIG stresses consistent implementation of disciplinary action for wrongdoers, without regard to station within the organization.

  • Is there proper accountability, as demonstrated by discipline for managers under whose watch misconduct occurred?
  • Is the application of discipline consistent?
  • Is there an incentive program for good compliance and ethical behavior?
  • Can the company point to specific examples of actions taken (such as promotions or awards denied) as a result of compliance and ethics considerations?

9. Continuous improvement, periodic testing, and review. The OIG calls for compliance officers to ensure that there is an audit work plan that focuses on identified high-risk areas. Many of these high-risk areas are specifically identified in its compliance guidance documents, advisory opinions, annual work plans, etc.

  • What types of audits would have identified the misconduct at issue and were they conducted?
  • Did management and the board follow up on audit findings and failures? Does the company test its controls?
  • Does the company routinely update its compliance program and make sure it adequately addresses current risks?

10. Third party management. In the case of the OIG, considerable attention and concern is placed on arrangements with individuals in a position to influence the flow of business. It calls for an Arrangements Database that includes processes, policies, and monitoring of such agreements.

  • Does the company’s third party management process adequately analyze risk?
  • Are there appropriate controls with regard to third parties?
  • Does the company adequately respond to third-party red flags?
  • Has company suspended, terminated, or audited a third party as a result of compliance issues?

11. Mergers and acquisitions (M&A). This analysis focuses on due diligence and integration.

  • In the event misconduct is discovered after a merger, was proper due diligence conducted during the M&A process?
  • How has the compliance function been integrated into the M&A process?

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

 

Highlight on Maine: Able-bodied MaineCare recipients could be subject to more stringent requirements

“Able-bodied adults” would be subject to work/education requirements and a lifetime limit of five years under changes Mary Mayhew, director of the Maine Department of Health and Human Services, proposed to Maine’s Medicaid program, MaineCare. In a letter to HHS Secretary Tom Price, Mayhew said she would be seeking the changes in a forthcoming formal 1115 demonstration waiver request.

Mayhew’s letter comes at the heels of a referendum campaign to expand Medicaid in Maine at, according to Mayhew, a cost of $400 million over the next five years. A second motivation is the apparently sympathetic Trump Administration, which has proposed replacing Medicaid with block grants.

Mayhew said that the state has expanded its Medicaid program over decades, resulting in the use of hundreds of millions of state dollars “to turn Medicaid into an entitlement program for working-age, able-bodied adults.” MaineCare serves 270,000 individuals, just over 20 percent of Maine’s population, which, Mayhew said, represents a 22 percent reduction in enrollment since 2011.

Mayhew’s Medicaid proposals include the following:

  • work or education requirements for able-bodied adults in the Medicaid program, similar to the work requirements for Temporary Assistance for Needy Families (TANF) or Able-Bodied Adults Without Dependents (ABAWDs) in the Supplemental Nutrition Assistance Program (SNAP);
  • a five-year lifetime limitation on able-bodied adults’ eligibility for Medicaid;
  • limiting non-emergency transportation (NET) to situations where the underlying service to or from which individuals are being transported is a required Medicaid service and requiring them to access existing transportation resources before accessing NET;
  • requiring monthly premiums for adults who are able to earn income;
  • requiring monthly coinsurance of a set amount (approximately $20) for all members, cost-sharing of $20 for using the emergency department, and fees for missed appointments;
  • applying a reasonable asset test to Medicaid; and
  • waiver of the retroactive coverage of services incurred during the 90 days before Medicaid eligibility.

 

Kusserow on Compliance: Civil monetary penalty rules revised regarding inducements

In December 2016, the HHS Office of Inspector General (OIG) issued a Final rule applying to the Civil Monetary Penalty Law (CMPL) administered by the OIG. The legislation creating the law came about in 1981, upon my request as HHS Inspector General. In testimony before Congress, I requested legislation to provide an administrative alternative to the False Claims Act.  This was to permit taking action against wrongdoers administratively, rather than through the court system. The resulting legislation authorized the imposition of administrative penalties and assessments on any person who “offers to or transfers remuneration to any individual eligible for benefits” under a federal health care program “that such person knows or should know is likely to influence such individual to order or receive from a particular provider, practitioner, or supplier any item or service for which payment may be made, in whole or in part” by a federal health care program–in short, it imposes financial penalties and exclusion from federal health care programs and participation in any state health care programs. The HHS Secretary assigned these authorities to the OIG. Remuneration is a major element in the CMPL and is implicated in other legislation, including the Anti-Kickback Statute and Stark Laws. It has undergone changes in definition over time.  The following outlines the five new exceptions to its definition under CMPL.

Five new exceptions to the definition of remuneration

  1. Reduction in copayment for certain outpatient services. The rule adds a cost-sharing exception permitting reduction in the copayment amount for covered outpatient department services, but does not apply to physician practice billing.
  2. Remuneration that poses a low risk of harm and promotes access to care. A provider can avoid the CMPL when it provides items or services that improve a beneficiary’s ability to obtain items and services payable by Medicare or Medicaid, and pose a low risk of harm to beneficiaries and the programs. This does mean it permits remuneration that would be likely to influence a patient to access unnecessary care. The inclusion of “items and services” revises the earlier proposed language, “medically necessary health care items and services.”  Cash and cash equivalents would not meet the criteria for the exception.
  3. Retailer rewards and discounts. Retailers may offer or transfer items or services for free or less than fair market value without being subject to civil monetary penalties. However, they must consist of coupons, rebates, or other rewards from a retailer; be offered or transferred on equal terms available to the general public, regardless of health insurance status; and must not be tied to the provision of other items or services reimbursed in whole or in part by a federal health care program.
  4. Remuneration to financially needy individuals. The regulations also provide for a financial need-based exception to the definition of remuneration, wherein a person may offer or transfer items or services for free or less than fair market value if: the items or services are not offered as part of an advertisement or solicitation and are not tied to the provision of other items or services reimbursed in whole or in part by a Federal health care program; there is a reasonable connection between the items or services and the medical care of the individual; and the person providing the items or services must determine in good faith that the individual is in financial need.
  5. Copayment waivers for the first fill of generic drugs. A Medicare Part D Plan sponsor may waive any copayment for the first fill of a covered Part D drug that is a generic drug, as long as the waiver is included in the benefit design package submitted to CMS.

These regulatory changes are effective January 6, 2017. A separate section of the same rule package focused on revision of the Anti-Kickback provisions.  For information about those changes, see my December 29, 2016, post.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2016 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: OIG 2017 work plan highlights

As compliance officers prepare their work plans for 2017, it is worth remembering those matters of current interest to the HHS Office of Inspector General (OIG) that are reflected in its 2017 Work Plan. The OIG’s plan outlines new and ongoing reviews of HHS programs and operations and timeframes for completion.  The OIG reviews various providers, including hospitals, nursing homes, and home health services.  Items in the Work Plan of particular significance include the following:

  • incorrect medical assistance days claimed by hospitals (addressing risk of overpayment under the Medicare disproportionate share hospital payments);
  • case review of inpatient rehabilitation hospital patients, not suited for intensive therapy;
  • inpatient psychiatric facility outlier payments;
  • Medicare costs associated with defective medical devices;
  • unreported incidents of abuse and neglect in skilled nursing facilities;
  • skilled nursing facility reimbursement;
  • review of hospice compliance with Medicare requirements;
  • Medicare payments for transitional and chronic care management;
  • Medicare Payments for Service Dates After Individuals’ Date of Death;
  • Centers for Medicare & Medicaid Services (CMS)’ implementation of the Quality Payment Program;
  • Medicare Part D rebates for drugs dispensed by 340B pharmacies;
  • Medicaid overpayment reporting and collections; and
  • CMS oversight and issuer compliance in ensuring data integrity for the Affordable Care Act (ACA) Risk Adjustment Program.

Tom Herrmann, J.D., a retired OIG executive who was intimately involved in past OIG Work Plan development, advises compliance officers to closely review the entire OIG Work Plan, as it telegraphs issues that have come to the OIG’s attention as potential problem areas warranting close examination. The results of such reviews often lead to proposed legal and regulatory changes.  They also may trigger additional audits, evaluations, and investigations. Examining the Work Plan items that may relate to their organizations in detail is an opportunity for compliance officers to get ahead of the power curve, rather than behind it.  The fact is that one of the purposes of publishing the OIG Work Plan is to encourage health care entities to engage in such self-examination and program improvement.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2016 Strategic Management Services, LLC. Published with permission.