Kusserow on Compliance: Tips on mergers and acquisitions due diligence

– Failing to engage in regulatory due diligence may result in legal exposure

– Most M&As in health care fail to adequately check regulatory risk liabilities

Tom Herrmann, a former senior executive in the Office of Counsel to the Inspector General (OCIG) and Medicare Appeals Council Appellate Judge, provides interesting insights on this subject as result of his government experience and work with due diligence reviews.  Traditionally, law firms conducting due diligence reviews focus on contracts and other legal obligations. They examine a multitude of areas including an entity’s structure; contractual, intellectual and property obligations; securities and financing compliance; tax exposure risks; and previous and current litigation. Public accounting firms assess the financial accountability and viability of an entity. It is not uncommon for the accounting and law firms to have the scope of their due diligence reviews limited to their areas of expertise, which often do not include health care regulatory compliance. This may result in a failure to adequately review and address potential problems in the regulatory compliance arena. Regulatory due diligence is a specialized review process that requires the application of certain protocols, and protocols and can be performed quickly and efficiently to identify areas of regulatory risk and vulnerability. A review should include assessing the effectiveness of the entity’s compliance program; evaluating internal monitoring of high-risk areas; conducting sample of claims audits and extrapolations; and the ongoing internal audit process of a company. Regulatory compliance experts know where to look for weaknesses without having to do a “deep dive.” Thus, such a review can be performed in an efficient and cost-effective manner. He offers the following tips for those engaged in M&A:

  1. Any party considering an acquisition or entering into a merger should adequately assess potential future government enforcement or regulatory action. This provides an incentive for an acquiring party to require the disclosure prior to a merger or acquisition of any information or documentation relating to a pending or potential government enforcement or regulatory action.

 

  1. The matters disclosed during a regulatory due diligence review may encompass a broad range of issues, including employing or contracting with an excluded party, a flawed arrangement with a physician, or Medicare or Medicaid overpayments.

 

  1. Once a potential legal or regulatory violation is identified, a resolution of the matter, including self disclosure to appropriate government authorities, should be addressed by the parties.

Tom Herrmann may be reached at thermmann@strategicm.com or at (703) 535-1410 for more information on this topic.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: What boards do and do not need to know about compliance investigations

 The board needs to know about pending compliance issues, to meet its fiduciary obligations in providing proper oversight of a compliance program. The board needs to understand the processes by which issues are investigated and resolved. Not seeking and receiving this type of information borders on dereliction of responsibilities. The board does not need and should not receive details about raw and unsubstantiated allegations without the compliance officer and legal counsel first addressing them. If details of allegations of violation of laws and regulations are provided to the board, it risks that they will be accountable for how it is investigated and resolved. These are management issues, not oversight by the board. Any reporting on allegations that are being investigated should be general in nature to assure the board that it is being addressed appropriately.  The board should meet in executive sessions without the presence of members of management to query the compliance officer about any sensitive investigations, such as those involving senior members of management. Questions by the Board to the compliance officer and legal counsel certainly should include:

  1. How many allegations of violation of law were made and investigated to what result?
  2. What policies govern the investigative processes; and are they kept current?
  3. What processes are in place to ensure that complaints and allegations are fully investigated?
  4. What evidence is there those processes are being followed?
  5. Are there adequately trained individuals capable of conducting sensitive investigations?
  6. What processes are in place to appropriate react to and remedy?
  7. What processes ensure the board will have adequate notice about developments?
  8. What disclosure processes and policies are there for reporting suspected violations of law?
  9. Are there working investigative protocols between legal counsel and compliance?
  10. Are there any allegations received of wrongdoing made against members of senior management?
  11. What have been the results of significant investigations of wrongdoing?
  12. Has substantiated wrongdoing result in remedial action?
  13. What disclosures have been made to government agencies and were they timely?
  14. Has there been any reaction as result of disclosures to government agencies?
  15. Is there evidence of enforcement agency investigations involving the organization and if so what?
  16. Were any patterns identified from allegations warranting management actions?

For more information on this subject, see compliance.com or contact former HHS IG and FBI executive, Richard Kusserow, at rkusserow@strategicm.com.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Extending limited compliance resources

Co-Sourcing and On-Call Experts

Health care organization seek the most efficient and effective means to meet the great challenges of maintaining an effective compliance program in the ever-changing regulatory and enforcement environment. As compliance officers seek ways to supplement their limited in-house resources, Co-Sourcing has been evolving as preferred method when internal resourcing is lacking and out-sourcing the program to expert firms to provide a Designated Compliance Officer. Co-Sourcing involves using vendor expert services to supplement limited staff resources to carry out part of their workload. One of the most common Co-Sourcing methods is to engage firm with compliance experts on a “on-call” engagement agreement. This would permit using the experts only when and as needed, while maintaining control and direction of the program. This approach is also recognized by the OIG as a useful solution where an organization is limited in its compliance expertise and resources.

 

Co-Sourcing Benefits

  • Gains immediate access to specialized resources and experts not available internally
  • Less expensive to hire experts for limited services, than to hire full new full-time staff
  • Addresses the problem of an unexpected loss of staff and resulting resource issues
  • Brings the benefit of experience with other organizations
  • Provides subject matter expertise
  • Fills any lack of in-house expertise in selected areas
  • Facilitates meeting the ebb and flow of managing all the compliance obligations
  • Keeps organizations current with ever-changing regulatory and enforcement challenges
  • Accesses needed services, on-demand
  • Can be tasked to complete special projects
  • Fills a knowledge gap in training, fraud risk assessment, or other compliance-related needs
  • Meets obligations across multiple facilities in different jurisdictions
  • Develops best practice solutions to problems identified
  • Provides benchmarks of current processes against compliance standards
  • Implements or improves compliance effectiveness metrics
  • Quickly address new regulatory and emerging risks
  • Promptly and efficiently meets new leadership demands
  • Implements best practice standards and processes
  • Provides any sudden need for investigative or forensic expertise
  • Evaluates ongoing monitoring of compliance high risk areas
  • Assists in development of compliance work plans
  • Enables compliance officers to stay focused on program management and strategic planning
  • Increases flexibility in using experts who understand related laws/regulatory requirements
  • Performs operational and compliance auditing

For more information on how Co-Sourcing arrangements can work, contact Kashish Parikh-Chopra, JD at kchopra@strategicm.com or  (703) 535-1413.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Questions board-level compliance committees should be asking

HHS OIG compliance guidance calls for a Board-level committee to oversee the Compliance Program (CP). The HHS Inspector General noted that the best boards are those that are active, questioning, and exercise (constructive) skepticism in their oversight, asking probing questions about the compliance program. Boards need to know what type of questions they should be asking, and compliance officers should assist them with this problem. However, compliance officers in turn should be prepared to provide full and complete answers to them. The OIG and American Health Lawyers Association developed specific suggested questions that Board’s should be asking in their jointly produced “Corporate Responsibility and Corporate Compliance: A Resource for Health Care Boards of Directors” and “Corporate Responsibility and Health Care Quality (2007): A Resource for Health Care Boards of Directors”. The following are drawn from these advisory documents:

  1. Does the compliance officer have sufficient authority to implement the CP?
  2. What is the level of resources necessary to properly implement and operate the CP?
  3. Has the compliance officer been given the sufficient resources to carry out the mission?
  4. Have compliance-related responsibilities been delegated across all levels of management?
  5. What evidence is there that all employees are held equally accountable for compliance?
  6. How has the code been incorporated into corporate policies across the organization?
  7. What evidence is there that the code is understood and accepted across organization?
  8. Has management taken affirmative steps to publicize importance of code to employees?
  9. Have compliance-related policies been developed that address compliance risk areas?
  10. Are there policies/procedures for CP operation and how they should be reviewed/updated?
  11. What kind of document management ensures compliance-related documents are up to date?
  12. What is the scope of compliance-related education and training?
  13. What evidence is there of the effectiveness of CP training?
  14. What measures enforce training mandates and provide remedial training?
  15. What evidence is available that employees understand compliance expectations?
  16. How are compliance risks identified?
  17. What is the evidence that identified compliance risks are being addressed?
  18. Is the board being kept up to date on regulatory and industry compliance risks?
  19. How is the compliance program structured to address such risks?
  20. How are “at risk” operations assessed from a compliance perspective?
  21. Is conformance with the CP periodically evaluated?
  22. Does the CP undergo periodical independent evaluation of its effectiveness?
  23. What is the process for the evaluation and responding to suspected compliance violations?
  24. What kind of training is provided to those who conduct investigation of reported violations?
  25. How do the CO, HRM, and legal counsel coordinate in resolving compliance issues?
  26. What are the policies to ensure preservation of relevant CP documents and information?
  27. What policies address protection of “whistleblowers” and those accused of misconduct?
  28. What are the results of ongoing compliance monitoring by all program managers?
  29. How is ongoing compliance auditing being performed and by whom?
  30. How often is sanction-screening conducted and with what results?
  31. Are results from sanction-screening included in a signed report by the responsible parties?
  32. Has the CP been evaluated for effectiveness by a qualified independent reviewer?
  33. What evidence regarding effectiveness of hotline operation and follow-up investigations?
  34. What are the metrics being used to evidence CP effectiveness?
  35. What are the results of an independent review and assessment of the CP?

 

More information regarding available tools and resources available to assist in answering these questions, contact Daniel Peake at (dpeake@complianceresource.com) (703-236-9854).

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.