Kusserow on Compliance: Understanding and addressing whistleblowers

The vast majority of the cases resolved by the Civil Division of the Department of Justice (DOJ) were cases brought by “whistleblowers” under the qui tam provision of the False Claims Act (FCA). Whistleblowers are responsible for an even higher percentage of cases resulting in OIG Corporate Integrity Agreements (CIAs). Although most compliance officers are well aware of this program, many remain unclear as to how the process works. Tom Herrmann, J.D., who served over 20 years in the Office of Counsel to the OIG and as an Appellate Judge for the Medicare Appeals Board, explained that Congress permitted a whisltleblower called the “Relator” to file a case with the DOJ under the FCA.  Since this provision of law went into effect in 1986, there have been over 10,000 qui tam cases filed with a current average of one such case being filed every day of the year. The intent was to create incentives for private parties to detect and pursue fraud under the FCA. In return for reporting this information, Relators receive a portion (usually about 15 to 25 percent) of any recovered damages.  Once the lawsuit is filed, it is placed “under seal”, meaning that it is kept secret from everyone but the government, in order to give the DOJ enough time to investigate the allegations in deciding whether to join (“intervene”) in the case. Intervention by the DOJ occurs only in about one in five qui tam lawsuits, leaving whistleblowers the option to pursue cases on their own, however the chances of success are much lower than in cases when the government joins. Most successful qui tam cases are resolved through settlement negotiations rather than a court trial, although trials may occur.

Kash Chopra, J.D., noted that the overwhelming number of cases that result in a CIA, arise from whistleblowers and these, in turn, are based upon violations of the federal Anti-Kickback Statute (AKS). It is the government’s position that all claims arising from a corrupt arrangement violating the AKS or in some cases, the Stark Law, are considered fraudulent. This is even when the services rendered were needed and provided appropriately.  She advises here clients that the best ways to manage the whistleblower risk is to ensure that they are channeled through internal communication channels and their complaints are promptly evaluated, investigated, and resolved.  It is worth considering the following:

  1. Using outside experts to independently audit arrangements with physicians and evaluate compliance communication channel effectiveness.
  2. Ensuring a 24/7 hotline operated externally by experts in recognizing health care compliance issues.
  3. Reviewing/updating hotline-related polices/procedures (confidentiality, anonymity, non-retaliation, duty to report, etc.).
  4. Making sure that the duty to report suspected wrongdoing is explained in the Code, policies and training.
  5. Having trained and competent people on hand to conduct prompt and competent investigations of matters raised through the hotline.
  6. Moving quickly to use CMS and OIG self disclosure protocols when there is credible evidence of violations; and not wait until the DOJ gets involved.

For more information on this subject, Kashish Parikh-Chopra can be reached at kchopra@strategicm.com or via telephone at (703) 535-1413.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: OIG cases involving sanctioned parties and tips to avoid violations

Compliance Officers must screen employees against the List of Excluded Individuals and Entities (LEIE). This is stressed in all of the OIG’s compliance guidance documents. CMS makes it a condition of participation and enrollment. The LEIE continues to change and grow with more than 3,000 exclusions added annually. Failure to screen employees, medical staff, contractors, and vendors results in a great risk. The OIG may consider claims that include work or products from a sanctioned party to be false and fraudulent. Violations can result in monetary penalties. Most cases that deal with this issue are brought to the OIG’s attention through the “Self-Disclosure Protocol.”  In all the recent cases posted, the OIG imposed penalties, but the penalties were mitigated by the fact the matters were self-disclosed—as a result, none of these cases resulted in a Corporate Integrity Agreement (CIA). The OIG posts a number of these cases on its website. The following are examples of recent actions against organizations that engaged individuals they knew or should have known were excluded from participation in the federal health care programs:

  • Southwest Trinity Management, LLC (STM), in Oklahoma paid $141,986.36 in settlement for employing an excluded licensed practical nurse that provided items or services that were billed to Federal health care programs.
  • Diamonds & Pearls Health Services, LLC (DPHS), Cleveland, Ohio paid $75,471.92 for employing an excluded individual who was a scheduling/staffing coordinator, provided items or services to DPHS patients that were billed to Federal health care programs.
  • Center for Ear, Nose Throat & Allergy, P.C. (CENTA) in Indiana, paid $51,564.14 for employing an excluded medical records file clerk, provided items or services to CENTA’s patients that were billed to Federal health care programs.
  • MHMR, Fort Worth, Texas, paid $97,869.78 for employing a program director who had been excluded to provide items or services to clients who were receiving services funded by a Medicaid waiver program.
  • Shawnee Health Services (Shawnee), Carterville, Illinois, paid $107,761.08 as result of employing an excluded individual as a case manager, provided items or services to clients that were receiving services under a Medicaid waiver program.
  • Arkansas Department of Health (ADH) paid $39,343.61 as result of employing an excluded hospice social worker that provided items or services to patients of a community based hospice operated by ADH.
  • Century Pharmacy (Century), Brooklyn, New York, paid $10,000 for an employed excluded individual, who assisted in filling prescriptions in addition to performing other clerical tasks, provided items or services to Century patients that were billed to Federal health care programs.
  • Sundance Behavioral Healthcare System (Sundance), Texas, paid $49,183.48 for an employed sanctioned licensed vocational nurse that provided items or services to patients that were billed to Federal health care programs.
  • ASAP Professional Home Health (ASAP), Houston, Texas, paid $21,797.76 for an employed excluded attendant, provided items or services to ASAP patients that were billed to Federal health care programs.

Practical Screening Tips

  1. Ensure periodic sanction screening of employees, medical staff, contractors, and vendors against the LEIE—best practice is monthly screening.
  2. Inasmuch as most states have developed their own exclusion database, with many states mandating monthly screenings, care should be taken to understand and meet state screening requirements.
  3. Inasmuch as most LEIE exclusions arise from another underlying court, state agency, or licensure board action, it is advisable to also conduct background checks and seek written assurances in applications that prospective employees, contractors, and vendors have not been subject to any prior court or licensure board actions.
  4. It is common for individuals that may be the subject of an investigation, but not yet sanctioned with final actions, to be under investigation for considerable time, therefore it is a best practice to require as a condition of employment, gaining staff privileges, or engagement for the applicant to attest that they have not been, nor are they now, the subject of an investigation by any duly authorized regulatory or enforcement agency. It is also advisable to add a condition that they must promptly report any notice of investigation that involves them.
  5. Educate and inform management and employees on their obligation to promptly report any notification of an adverse action by any duly authorized regulatory or enforcement agency.

Daniel Peake of the Compliance Resource Center (CRC) works with many organizations in ensuring proper sanction screening and from that experience offers a number of practical tips to avoid creating an actionable violation.  He can be reached at dpeake@strategicm.com or (703) 236-9850.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Ongoing auditing and monitoring of high risk areas—16 tips for compliance officers

By Steve Forman, CPA

In its various guidance documents, the OIG has repeated stressed the importance of ongoing monitoring and auditing of high-risk areas, yet there remains considerable confusion regarding the differences between the two; and who has responsibility for them. The following addresses this issue and provide tips for consideration by compliance officers in meeting the challenge of this key compliance program element.

Ongoing monitoring

Ongoing monitoring is a program manager’s responsibility, not the compliance officer’s. It entails establishing and maintaining controls and metrics to determine on a continuous basis whether operations comply with established policies, procedures, regulations or laws and whether significant risks are being adequately addressed and mitigated. This includes keeping current with changes in rules, regulations, and applicable laws; developing internal controls, policies, and procedures to comply with them; training staff on these rules; and taking active steps in monitoring or verifying compliance with these new guidelines. Ongoing monitoring should be designed to test for inconsistencies, duplication, errors, policy violations, missing approvals, incomplete data, dollar or volume limit errors, or other possible breakdowns in internal controls. Monitoring techniques may include sampling protocols that permit program managers to identify and review variations from an established baseline.

Ongoing auditing

Ongoing auditing is reviewing the ongoing monitoring process. In essence, it is a spot check. The review must be independent and objective, which means that it should be done by people external to the program area being audited. The compliance office, internal or external audits, other program managers, outside consultants, or any combination thereof can be used to conduct ongoing auditing. The objective of the audit should be to verify that program managers are properly carrying out their monitoring responsibilities and to recommend where internal control mechanisms can be improved. This includes confirming that controls are in place and functioning as they were intended or identifying weaknesses in the program that need to be addressed. In any case, the compliance officer should ensure that both the monitoring and auditing is taking place and doing what it should be doing. The compliance officer should also verify that corrective actions taken as a result of audits are timely, effective, and sustainable.  This should also be an ongoing focus of any management level compliance committee or board level compliance committee.

Tips: 16 Questions for compliance officers

  1. Has a compliance audit plan been developed to verify that ongoing monitoring and auditing are addressing compliance high-risk areas?
  2. Have program managers identified and listed all compliance high-risks areas related to their operational areas? Many such risks are found in the OIG guidance, work-plans, fraud alerts, advisory opinions, audits, and enforcement priorities. In addition it is useful to monitor Medicare contractor activities (e.g. RACs, ZPICs, etc.), industry news, PERM reports, and PEPPER data, etc.
  3. Are program managers engaged in assessing high-risk areas within their operations?
  4. Are high-risk areas ranked in terms of level of risk, probability of risk exposure, and impact or damage from a risk area?
  5. Do you also consider high impact, low probability risks?
  6. Have program managers developed and implemented monitoring plans to address all identified risk areas?
  7. Are all compliance risks areas being tested and reviewed on an ongoing basis?
  8. Is there priority given to address areas of highest risk?
  9. Have program managers calculated the potential damage for a risk failure, including the potential scale of direct and indirect financial consequences (i.e., liability, penalties, etc.), as well as whether they have established the likelihood of a risk event, taking into consideration whether the area is a current enforcement priority (e.g., improper physician arrangements)?
  10. Does ongoing auditing verify monitoring by program managers is taking place to addresses adequacy of the internal controls (e.g. policies/procedures) to reduce likelihood of that an unwanted event will occur in high risk areas?
  11. Has ongoing auditing validated that ongoing monitoring is effective in achieving the desired objectives?
  12. Have corrective action plans have been instituted for all risk area deficiencies identified by ongoing monitoring or auditing?
  13. Is there a process by which corrective action measures taken are working as intended?
  14. Are results of monitoring and auditing included as regular agenda items for management and board level compliance committees?
  15. Have compliance experts been engaged to independently evaluate the effectiveness of a compliance program, inasmuch as the OIG identifies it as a program that should be part of ongoing auditing. Place special emphasis in the scope of work on reviewing whether high-risk areas are being properly addressed.
  16. Do you periodically evaluate that effectiveness of the risk assessment program?

 

Steve Forman, CPA is the Senior Vice President of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening. His comments in this blog reflect experience of over 35 years, having served as Director of Management Operations for the OIG, 10 years as VP for Audit and Compliance for a major health system, and as a compliance consultant for many healthcare organizations. Mr. Forman has published widely on this subject.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of SM.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: DOJ reports more than two-thirds of $4B civil fraud recoveries in 2017 from health sector

In an end of the year report, the Department of Justice (DOJ) Civil Division announced that it recovered over $3.7 billion from civil False Claims Act (FCA) cases for the fiscal year. Significantly, nearly two thirds of the total settlements and judgments involved the health care industry, including drug companies, hospitals, pharmacies, laboratories, and physicians. What is really noteworthy is the fact that ninety-three percent of the total came from qui tam relators (whistleblower) cases, whose rewards amounted to almost $400 million. There were 491 new such health care cases filed during the year at a rate of about ten per week. The great majority of civil fraud cases implicated the Anti-Kickback Statute. Also most major settlements with DOJ are referred to the HHS Office of Inspector General (OIG) for Corporate Integrity Agreements.

It is noted that settlements for 2017 were $1 billion less than 2016. This is the eighth consecutive year that the department’s civil health care fraud settlements and judgments have been the leading area of settlements and judgments, exceeding $2 billion. The recoveries reported reflect only federal losses and they were instrumental in recovering additional millions of dollars for state Medicaid programs. The largest recoveries involving the health care industry this past year came from Shire Pharmaceuticals LLC which paid $350 million; drug manufacturer Mylan Inc. which paid approximately $465 million; Life Care Centers of America Inc. and its owner which agreed to pay $145 million; and eClinicalWorks (ECW) and certain of its employees which paid $155 million.

In second place in terms of industry recoveries was $543 million from housing and mortgage fraud cases, which was only about twenty percent of the level for the health care sector. In third place was the Defense arena which had cases that resulted in $220 million in settlements and recoveries, which is only about one tenth the level of the health care sector.

The “Yates Memo” emphasized DOJ’s intent to focus on “individual accountability for corporate wrongdoing” through civil and criminal enforcement actions. This emphasis on singling out individual recoveries was in evidence this last year with DOJ recovering $60 million directly from individuals, without joint and several liability with any corporate entity. The DOJ identified several individual owners and executives of private corporations agreed to be held jointly and severally liable for settlement payments.

The DOJ obtained more than $3.7 billion in settlements and judgments from civil cases involving fraud and false claims against the government in the fiscal year ending September 2017.

Recoveries since 1986, when Congress substantially strengthened the FCA, now total more than $56 billion.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.