Kusserow on Compliance: Tips on what to expect from hotline vendors

The U.S. Sentencing Commission and HHS Office of Inspector General (OIG) make it clear that for any compliance program to be effective, it must have active compliance communication channels that meet defined capabilities. Translated, this means organizations must have an employee hotline that permits reporting sensitive matters outside the normal supervisory channels. The failure to establish a credible internal compliance reporting channels often drives individuals to report externally to the OIG and DOJ as “Whistlblowers.”  Internally operated and managed hotlines are generally a bad idea because they are extremely inefficient, costly, and seldom meet any minimum standards. Internal hotlines raise the question of whether anonymity is truly offered and whether employees will ever sufficiently trust calling an employee. It is therefore not surprising that 80 percent of organizations participating in the 2018 Compliance Benchmark Survey Study reported using a hotline vendor. Hotline vendors have the training and experience to handle complainants. However, determining who can provide the best service at the right price is a challenge.

 

What to Expect from Hotline Vendors

    1. Two levels of service are needed: (a) live operator answered calls and (b) a web-based reporting system which prompts individual complainants. Over the last decade there has been a marked trend towards reporting via the web—today web-based reporting almost equals operator answered calls. Organizations should pass on any vendor that does not provide both services.

     

    1. Avoid start up hotline services and ask for a statement of their experience. The more a service knows about hotline operations, the less likely they are to encounter problems or mishandle information.

     

    1. Use only vendors knowledgeable with issues, concerns, and regulatory issues unique to the health care sector. Also, ensure they recognize and ask the right questions about high risk areas identified by the HHS OIG, including those related to the Stark Law and the Anti-Kickback Statute.

     

    1. Avoid any vendor contract that won’t permit cancellations without cause with a simple 30-day written notice. Hotline vendors should hold clients by good service not by contracts. In any contract with a vendor, look to see if cancellation of service is restricted. If so, consider finding a way out of the arrangement and in obtaining service elsewhere.

     

    1. Vendor contracts should include a provision requiring a full written report within the same day of receipt of a call. Urgent matters should be reported immediately via phone.

     

    1. The hotline must provide an option for The U.S. Sentencing Commission, DOJ, and OIG call for anonymity in their guidelines. In the health care sector, nearly two-thirds of all hotline reporters request anonymity. Anonymity is generally in the best interest of the organization as there is no burden of protecting identity if it is unknown. The hotline vendor should have as part of their service a means of communication between the compliance officer and an anonymous reporter. Insist on having that included in the service.

     

    1. Avoid any vendor that provides reports by facsimile or email, as they are not secure and where PHI may be involved could be a complicating HIPAA privacy factor. Web-based reporting is the most secure with notification of a report being provided via email.

     

    1. Compare costs of service, keeping in mind that a vendor should be able to provide their services at a set fee that can be used for comparison purposes. A good rule of thumb is that the cost of a hotline service should not be more than $1 per employee per year. Periodically, compare costs of the vendor being used against other vendors. It may prove to be an opportunity to save money.

     

    1. Look for any inclusive vendor services, such as providing operating protocols for following up on allegations and complaints received through the hotline, as well as other related policies. More reputable firms also provide newsletters or report updates to keep clients up to date on issues relating to their hotline function. Find out what they offer.

     

    1. Look for a vendor that will provide personalized service and is easily accessible and responsible for any and all issues that arise under the contract. Avoid the frustration of interactive voice response (IVR) phone systems, which move callers from one office to another before reaching a stranger who may or may not be able to answer questions.

     

    1. Like any other vendor, the company should have at least one- to three-million dollars liability coverage.

     

    Richard Kusserow will be available to answer any questions related to hotlines at booth 412 at the Las Vegas HCCA Conference.

     

     

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Addressing the risk of whistleblowers

The DOJ recently reported the fact that 93 percent of its successful civil false claims court actions arose by qui tam relators (whistleblowers) bringing the case to the DOJ’s attention. As such, it is important to understand better how to address the risk of having that happen to your organization. Key factors to be considered are the motivation of most whistleblowers and how to channel them to report internally, rather than going to outside authorities.

Tom Herrmann, JD, while at the OIG, was responsible for coordinating whistleblower cases with the DOJ.  He noted that the common practice for the DOJ, upon receiving a complaint from a qui tam relator, is to have the OIG conduct the preliminary investigation on their behalf. Inasmuch as these False Claims Act (FCA) cases were civil in nature, it was not the usual course to involve the FBI.  As such, he had the opportunity to review the initial complaints and often times meet or discuss with the relator about what caused them to report the problem. He found that there were many reasons given by individuals for becoming qui tam relators. e HhOnly a few qui tam relators indicated their motivation was for the potential reward coming from the case. The most common statement was that because they were unable to obtain a credible, internal reporting channel, they decided to report externally. Credence was given to this as a major motivating factor by the fact that in many cases they did find evidence of many Whistleblowers having reported the problem internally first, and moved to report externally when inadequate attention was give to their complaints. There were also whistleblowers who stated they were motivated by ethical considerations and felt they could not justify allowing a bad situation to continue without taking some sort of action.

Steve Forman, CPA, has over 30 years experience with the OIG, as a compliance officer, health care consultant. He found many situations where an employee’s reporting a potential violation of law, regulation, or organization Code or policy was the subject of adverse action or reprisal.  In some cases, the whistleblower moved to a legal course of action to protect themselves.  Unfortunately, it is not uncommon to find members of management engaging in retaliatory actions against employees trying to expose wrongdoing. In some cases, these same people turned to attorneys who led them to become qui tam relators. A key factor in managing the risk of having a whistleblower is to understand what motivates them to go externally with and report a problem; and try to channel them to resolve the issue internally.  It is also important to remember that making the decision to report a problem to the compliance officer is viewed as taking considerable risk with regards to their job, reputation with their fellow employees, and their future financial security.  Reassurance of protection against retaliation is critical. However, for some, that may be not enough.  This means the option to report anonymously is also important.

Carrie Kusserow has overseen many IRO and Compliance Expert engagements with clients who signed Corporate Integrity Agreements with the OIG. She noted that in several cases, while carrying out the duties of the engagement, her consultants identified the original whistleblower and found in several cases they had tried to raise the issues internally, before deciding to go outside the organization and become a qui tam relator. In other cases, the whistleblower reported not trusting the hotline or compliance office to protect them against retaliation. The lesson to be learned about avoiding external whistleblowing is to ensure that internal compliance channels operate credibly and properly. This also means taking prompt action to follow on any complaints or allegations of wrongdoing. It also means that strong policies and procedures to protect individuals reporting potential wrongdoing must be implemented and followed. This includes permitting employees to be able to report anonymously or if they do identify themselves that they will be detected in their confidentiality law.

Tips for Compliance Officers

  1. Ensure reporting suspected wrongdoing is stressed in the code, policies and training
  2. Review and update hotline-related polices/procedures (confidentiality, anonymity, non-retaliation, duty to report, etc.)
  3. Ensure a 24/7 hotline operated externally, as internal ones are less trusted and unavailable at all times
  4. Look to expand and increase compliance communication channels beyond just the hotline
  5. Promote the reporting of wrongdoing (newsletter, intranet, training programs, etc.)
  6. Find ways to provide feedback so that employees know reporting is taken seriously
  7. Consider engaging experts to evaluate compliance communication channels effectiveness
  8. Allegations of potential violations of law or regulations must be promptly investigated
  9. Ensure that individuals are trained and competent to conduct prompt investigations
  10. Disclose promptly all cases where investigation indicates potential violations
  11. Review and update investigation and resolution of allegations polices/procedures
  12. Take appropriate disciplinary action against identified wrongdoers
  13. Consider having on call experts in conducting investigations to assist if needed
  14. Understand CMS and OIG self disclosure protocols that may avoid FCA investigation
  15. Ensue investigations finding of potential violations of law are promptly disclosed to the DOJ

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: OIG report on 2017 Hotline activity

The HHS Office of Inspector Genera (OIG) is mandated to provide a semiannual report to Congress to summarize its activities. Included in this report was a section on the OIG Hotline (1-800-HHS-TIPS), available to individuals to report fraud, waste, or abuse in HHS programs.  The OIG considers the hotline a significant avenue of intelligence. What it also underscores is that many more “Whistleblowers” contact the OIG directly, than by filing qui tam actions with the DOJ. During the second half of 2017 alone, the OIG Hotline received 58,110 hotline contacts which were evaluated to determine whether an issue rises to the level of a complaint and whether it falls within OIG’s jurisdiction. Of that 13,781 were sufficient in details to warrant evaluation. The hotline phone was the source for 5,815 of these cases with another 3,966 obtained via the OIG website.  In addition 1,107 complaints were obtained via letter or fax. After evaluation, 10,888 were referred for action. The balance did not provide basis for further action or were found to not provide evidence of violations. The source of those tips that were referred for action varied.  Those received via the hotline phone were 5,127.  The internet was the source for 3,768 tips with the remaining 1,075 tips coming from letters and facsimiles.

The OIG forwarded approximately one-third of the complaints to its field offices for follow-up, slightly less than half to CMS, with the balance referred to other HHS operating divisions and other federal agencies. During this semiannual reporting period, the OIG Hotline reported expected recoveries of $9.9 million as a direct result of cases originating from hotline complaints.

Jillian Bower, has assisted scores of clients with their hotline operations through the Compliance Resource Center (CRC). She notes that having an effective hotline program is a must for any effective compliance program, however many organizations with hotlines that are not effective.  Those not promoting an effective hotline operation are making a grave error and risk driving complainants externally to the DOJ and OIG, litigating attorneys, media, etc. and that can only spell trouble. Receiving and resolving issues internally is the right approach and is good for the organization on many levels. Failing to do so can result in potential liabilities, headaches, and a lot of remedial work. By maintaining such a positive culture for employees to be able to report problems, concerns, and perceived wrongdoing will encourage internal reporting rather than having individuals thinking they must resort to “whistleblowing” to external parties.

10 Practical Tips

  1. Develop and implement written guidelines relating to the hotline operation that should information on the (a) hotline operations, (b) duty to report, (c) non-retaliation, (d) anonymity, (e) confidentiality, (f) investigations of complaints, among others.
  2. Have information about the use of the hotline made part of the Employee Handbook and Code of Conduct.
  3. Promote a culture that encourages employees to raise concerns and report perceived problems with managers being counseled that these are opportunities for improvement in the organization.
  4. Maintain a confidential recordkeeping system to enable a review of employment history for those employees who have raised concerns or reported problems.
  5. Have posters on the employee bulletin boards for the availability and use of the hotline.
  6. Ensure the hotline number and its availability is included in new employee orientation.
  7. Consider having a flyer go out to all employees on the availability of the hotline.
  8. If there is an Intranet for employee use, include information about the hotline.
  9. If there is an organization newsletter, use it to promote the hotline.
  10. Extra care needs to be taken to avoid doing anything that might be interpreted as retaliatory.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: DOJ reports more than two-thirds of $4B civil fraud recoveries in 2017 from health sector

In an end of the year report, the Department of Justice (DOJ) Civil Division announced that it recovered over $3.7 billion from civil False Claims Act (FCA) cases for the fiscal year. Significantly, nearly two thirds of the total settlements and judgments involved the health care industry, including drug companies, hospitals, pharmacies, laboratories, and physicians. What is really noteworthy is the fact that ninety-three percent of the total came from qui tam relators (whistleblower) cases, whose rewards amounted to almost $400 million. There were 491 new such health care cases filed during the year at a rate of about ten per week. The great majority of civil fraud cases implicated the Anti-Kickback Statute. Also most major settlements with DOJ are referred to the HHS Office of Inspector General (OIG) for Corporate Integrity Agreements.

It is noted that settlements for 2017 were $1 billion less than 2016. This is the eighth consecutive year that the department’s civil health care fraud settlements and judgments have been the leading area of settlements and judgments, exceeding $2 billion. The recoveries reported reflect only federal losses and they were instrumental in recovering additional millions of dollars for state Medicaid programs. The largest recoveries involving the health care industry this past year came from Shire Pharmaceuticals LLC which paid $350 million; drug manufacturer Mylan Inc. which paid approximately $465 million; Life Care Centers of America Inc. and its owner which agreed to pay $145 million; and eClinicalWorks (ECW) and certain of its employees which paid $155 million.

In second place in terms of industry recoveries was $543 million from housing and mortgage fraud cases, which was only about twenty percent of the level for the health care sector. In third place was the Defense arena which had cases that resulted in $220 million in settlements and recoveries, which is only about one tenth the level of the health care sector.

The “Yates Memo” emphasized DOJ’s intent to focus on “individual accountability for corporate wrongdoing” through civil and criminal enforcement actions. This emphasis on singling out individual recoveries was in evidence this last year with DOJ recovering $60 million directly from individuals, without joint and several liability with any corporate entity. The DOJ identified several individual owners and executives of private corporations agreed to be held jointly and severally liable for settlement payments.

The DOJ obtained more than $3.7 billion in settlements and judgments from civil cases involving fraud and false claims against the government in the fiscal year ending September 2017.

Recoveries since 1986, when Congress substantially strengthened the FCA, now total more than $56 billion.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.