Kusserow on Compliance: Employee screening against the Specially Designated Nationals and Blocked Persons list

A frequently asked question by compliance officers for health care organizations is whether they should be screening employees and others with whom they do business against the Office of Foreign Assets Control (OFAC) Specially Designated Nationals and Blocked Persons list (SDN). OFAC is part of the U.S. Department of Treasury that determines whether or not an entity or individual is permitted to do business with the United States. The SDN is “….a list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific.”

Tom Herrmann, JD—who served over 20 years in the HHS Office of Inspector General (OIG) Office of Counsel to the IG and subsequently 6 years as an Appellate Judge for the Medicare Appeals Board—was asked to comment on this issue. He noted that the SDN list was primarily designed for use by financial institutions; they are not permitted to deal with anyone on the list. As a result, OFAC alerts can sometimes show up on credit reports. It is safe to assume that employers, also, would prefer not to hire someone on the SDN list. Those industries most involved in OFAC screening are international businesses, particularly in banking, finance, and insurance. He made special note of the fact that screening against the OFAC SDN List is not required for healthcare providers or managed care and may create more problems than benefits from doing it.

Ashley Felder is a Human Resources Consultant who warns that from an employer’s perspective, a significant problem is that the list consists of a very large number of common Arabic names that can be transliterated into English many different ways that create many false hits. This opens up the possibility of discriminatory practices unless a great deal of care is used in applying the information. In view of the fact that there is not specifically identifiable data that can confirm a match, means that a potential hit cannot be fully resolved without confronting the individual for a detailed briefing of their background. This can be very troublesome and may lead to charges of discrimination, profiling, defamation of character, etc. The result is that OFAC may or may not be a useful supplement to a standard criminal check or screening against state credentialing agencies, the OIG List of Excluded Individuals, and Medicaid sanction lists.

Jillian Bower, Vice President of the Compliance Resource Center that provides sanction-screening tools and services, noted that the overwhelming majority of healthcare related entities “do not” screen against the OFAC SDN. She explained that there are some issues and potential complications in using it for employment screening, as result of the fact that for the most part, the list is name-only with multiple aliases per person, and is a mix of individuals and organizations. Dates of birth are usually missing, or multiple possibilities are listed. Address history, if present, only includes city and country. So OFAC checks are name-only, and making a positive identification can be difficult, if not impossible. As such, the Compliance Resource Center (CRC) does not recommend screening OFAC, unless there are special concerns or reasons for doing so, such as operating outside the United States in areas designated by the Department of Treasury for special concern.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: OIG summarizes investigative accomplishments from last three years

The OIG testified before the House Committee on Ways and Means and reported that in the last 3 fiscal years, its investigations have resulted in more than $10.8 billion in investigative receivables (dollars ordered or agreed to be paid to Government programs as a result of criminal, civil, or administrative judgments or settlements); 2,650 criminal actions; 2,211 civil actions; and 10,991 program exclusions. Much of this work involving the Medicare and Medicaid programs is funded by the Health Care Fraud and Abuse Control Program (HCFAC).  The HCFAC provides funding resources to the Department of Justice (DOJ), HHS, and OIG, which are often used collaboratively to fight health care fraud, waste, and abuse. Since its inception in 1997, the HCFAC has returned more than $31 billion to the Medicare trust fund.

The OIG is a lead participant in the DOJ led Medicare Fraud Strike Force, which combines the resources of Federal, state, and local law enforcement entities to fight health care fraud across the country. The Strike Force operates in nine geographic hot spots, including Miami, Florida; Los Angeles, California; Detroit, Michigan; southern Texas; Brooklyn, New York; southern Louisiana; Tampa, Florida; Chicago, Illinois; and Dallas, Texas. Strike Force teams are led by the DOJ, includes the FBI and the OIG, along with state and local law enforcement. In 2017 alone Strike Force teams accounted for over 2,000 criminal actions with about 3,000 indictments, and accounted for monetary results of around $3 billion. Since its inception in March 2007, the Strike Force has charged more than 3,000 defendants who collectively billed the Medicare program more than $10.8 billion.

The OIG also collaborates with state Medicaid Fraud Control Units (MFCUs) to detect and investigate fraud, waste, and abuse in state Medicaid programs, as well as private sector stakeholders to enhance the relevance and impact of its work to combat health care fraud, as demonstrated by its leadership in the Healthcare Fraud Prevention Partnership (HFPP) and collaboration with the National Health Care Anti-Fraud Association (NHCAA). The OIG strives to cultivate a culture of compliance in the health care industry through various educational efforts, such as Pharmacy Diversion Awareness Conferences, public outreach, and consumer education.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Physicians must comply with sharing patient information

Under the electronic health records (EHR) metric, The Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) (P.L. 114-10) requires attestations from doctors that they are not knowingly and willfully limiting or restricting their EHR’s ability to share information with providers that may have different record systems.  CMS has issued new guidance reminding providers of their responsibilities to promptly share medical information with patients and other clinicians, or else face financial penalties. The targets are providers participating in the Merit-based Incentive Payment System (MIPS) to comply with MACRA. The notice stated physicians will need to attest that they are not engaged in information blocking and that they give patients their data in a timely fashion. Many physicians and medical practices use vendors for their information management systems. They will now have to ensure their vendors enable them to comply with the information sharing mandates.

Under MIPS, providers become eligible for either bonus payments or penalties based on their performance, including evidence of quality improvement, cost reduction or maintaining current levels of spending; efficient use of EHRs; and clinical improvement activities such as later office hours and greater use of care coordination. The Prevention of Information Blocking Attestation has three related statements for MIPS eligible clinicians:

  1. They did not knowingly and willfully take action to limit or restrict the compatibility or interoperability of Certified EHR Technology (CEHRT).
  2. They implemented technologies, standards, policies, practices, and agreements reasonably calculated to ensure the CEHRT was connected and compliance with applicable law and standards for timely access by patients to their data and other health care providers.
  3. They responded in good faith and in a timely manner to request to retrieve or exchange EHR from patients and other health care providers.

CMS also stated that physicians would not be held accountable for things outside of their control, but must get adequate assurances from their vendors that they are able to comply with the information sharing requirements. On the other hand, physicians must take care that they don’t violate the HIPAA Privacy law for patient Protected Health Information (PHI).

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: OIG estimates $4.4B in savings in 2017

The HHS Office of Inspector General (OIG) issued its second Semiannual Report to Congress for 2017 summarizing achievements for the year that included estimated savings of $4.4 billion as result of its work.   It reported over $4 billion in “investigative” receivables for the full year from expected recoveries from criminal actions, civil and administrative settlements, civil judgments, and administrative actions by OIG. In addition, it reported almost $300 million in audit findings. For the year, the OIG brought criminal actions against 881 individuals or organizations, and 826 civil actions, including false claims and unjust-enrichment lawsuits filed in federal district court, civil monetary penalty settlements, and administrative recoveries related to provider self-disclosure matters. The OIG cited some of the major fraud enforcement actions for the year that included the largest national health care fraud takedown in history, involving more than 400 defendants in 41 federal districts and $1.3 billion in false billings to Medicare and Medicaid.

The largest body of work involves investigating matters related to the Medicare and Medicaid programs, such as patient harm; billing for services not rendered, medically unnecessary services, or services more extensive than those actually provided; illegal billing, sale, diversion, and off-label marketing of prescription drugs; and solicitation and receipt of kickbacks, including illegal payments to patients for involvement in fraud schemes and illegal referral arrangements between physicians and medical companies. The OIG also investigates cases involving organized criminal activity, medical identity theft, and fraudulent medical schemes that are established for the sole purpose of stealing Medicare dollars. Those who participate in these schemes may face heavy fines, jail time, and exclusion from participating in Federal health care programs. The OIG highlighted some of the most common criminal fraud scheme case types relating to (1) controlled and non-controlled prescription drugs, (2) home health agencies and personal care services, (3) ambulance transportation, (4) DME, and (5) diagnostic radiology and laboratory testing.

Highlighted major cases include actions taken against 120 opioid-related defendants, including 27 doctors. In addition, the OIG issued 295 exclusion notices related to the use and abuse of controlled substances. Other high profile OIG actions related to fraud allegations noted were against Mylan Inc. that agreed to pay $465 million; and eClinicalWorks, LLC (ECW) for $155 million.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.