Kusserow on Compliance: OIG report on 2017 Hotline activity

The HHS Office of Inspector Genera (OIG) is mandated to provide a semiannual report to Congress to summarize its activities. Included in this report was a section on the OIG Hotline (1-800-HHS-TIPS), available to individuals to report fraud, waste, or abuse in HHS programs.  The OIG considers the hotline a significant avenue of intelligence. What it also underscores is that many more “Whistleblowers” contact the OIG directly, than by filing qui tam actions with the DOJ. During the second half of 2017 alone, the OIG Hotline received 58,110 hotline contacts which were evaluated to determine whether an issue rises to the level of a complaint and whether it falls within OIG’s jurisdiction. Of that 13,781 were sufficient in details to warrant evaluation. The hotline phone was the source for 5,815 of these cases with another 3,966 obtained via the OIG website.  In addition 1,107 complaints were obtained via letter or fax. After evaluation, 10,888 were referred for action. The balance did not provide basis for further action or were found to not provide evidence of violations. The source of those tips that were referred for action varied.  Those received via the hotline phone were 5,127.  The internet was the source for 3,768 tips with the remaining 1,075 tips coming from letters and facsimiles.

The OIG forwarded approximately one-third of the complaints to its field offices for follow-up, slightly less than half to CMS, with the balance referred to other HHS operating divisions and other federal agencies. During this semiannual reporting period, the OIG Hotline reported expected recoveries of $9.9 million as a direct result of cases originating from hotline complaints.

Jillian Bower, has assisted scores of clients with their hotline operations through the Compliance Resource Center (CRC). She notes that having an effective hotline program is a must for any effective compliance program, however many organizations with hotlines that are not effective.  Those not promoting an effective hotline operation are making a grave error and risk driving complainants externally to the DOJ and OIG, litigating attorneys, media, etc. and that can only spell trouble. Receiving and resolving issues internally is the right approach and is good for the organization on many levels. Failing to do so can result in potential liabilities, headaches, and a lot of remedial work. By maintaining such a positive culture for employees to be able to report problems, concerns, and perceived wrongdoing will encourage internal reporting rather than having individuals thinking they must resort to “whistleblowing” to external parties.

10 Practical Tips

  1. Develop and implement written guidelines relating to the hotline operation that should information on the (a) hotline operations, (b) duty to report, (c) non-retaliation, (d) anonymity, (e) confidentiality, (f) investigations of complaints, among others.
  2. Have information about the use of the hotline made part of the Employee Handbook and Code of Conduct.
  3. Promote a culture that encourages employees to raise concerns and report perceived problems with managers being counseled that these are opportunities for improvement in the organization.
  4. Maintain a confidential recordkeeping system to enable a review of employment history for those employees who have raised concerns or reported problems.
  5. Have posters on the employee bulletin boards for the availability and use of the hotline.
  6. Ensure the hotline number and its availability is included in new employee orientation.
  7. Consider having a flyer go out to all employees on the availability of the hotline.
  8. If there is an Intranet for employee use, include information about the hotline.
  9. If there is an organization newsletter, use it to promote the hotline.
  10. Extra care needs to be taken to avoid doing anything that might be interpreted as retaliatory.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: DOJ reports more than two-thirds of $4B civil fraud recoveries in 2017 from health sector

In an end of the year report, the Department of Justice (DOJ) Civil Division announced that it recovered over $3.7 billion from civil False Claims Act (FCA) cases for the fiscal year. Significantly, nearly two thirds of the total settlements and judgments involved the health care industry, including drug companies, hospitals, pharmacies, laboratories, and physicians. What is really noteworthy is the fact that ninety-three percent of the total came from qui tam relators (whistleblower) cases, whose rewards amounted to almost $400 million. There were 491 new such health care cases filed during the year at a rate of about ten per week. The great majority of civil fraud cases implicated the Anti-Kickback Statute. Also most major settlements with DOJ are referred to the HHS Office of Inspector General (OIG) for Corporate Integrity Agreements.

It is noted that settlements for 2017 were $1 billion less than 2016. This is the eighth consecutive year that the department’s civil health care fraud settlements and judgments have been the leading area of settlements and judgments, exceeding $2 billion. The recoveries reported reflect only federal losses and they were instrumental in recovering additional millions of dollars for state Medicaid programs. The largest recoveries involving the health care industry this past year came from Shire Pharmaceuticals LLC which paid $350 million; drug manufacturer Mylan Inc. which paid approximately $465 million; Life Care Centers of America Inc. and its owner which agreed to pay $145 million; and eClinicalWorks (ECW) and certain of its employees which paid $155 million.

In second place in terms of industry recoveries was $543 million from housing and mortgage fraud cases, which was only about twenty percent of the level for the health care sector. In third place was the Defense arena which had cases that resulted in $220 million in settlements and recoveries, which is only about one tenth the level of the health care sector.

The “Yates Memo” emphasized DOJ’s intent to focus on “individual accountability for corporate wrongdoing” through civil and criminal enforcement actions. This emphasis on singling out individual recoveries was in evidence this last year with DOJ recovering $60 million directly from individuals, without joint and several liability with any corporate entity. The DOJ identified several individual owners and executives of private corporations agreed to be held jointly and severally liable for settlement payments.

The DOJ obtained more than $3.7 billion in settlements and judgments from civil cases involving fraud and false claims against the government in the fiscal year ending September 2017.

Recoveries since 1986, when Congress substantially strengthened the FCA, now total more than $56 billion.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Getting ready to evidence program effectiveness in 2018

In its compliance guidance, the HHS Office of Inspector General (OIG) calls for periodic evaluation of compliance program effectiveness. This can be done by a full field evaluation by experts, however, there are other methods that can help accomplish this end. One way to evidence effectiveness is measuring the compliance culture of the organization with a compliance culture survey. However, to obtain meaningful results requires using a professionally developed and independently administered instrument. Internally developed surveys have little value and are often considered suspect by those asked to participate in the process.

Dr. Cornelia Dorschmid, PhD, advises that a culture survey should be professionally developed, tested, and validated in order to obtain reliable and useful results with the best results being anchored in a larger database for comparison of results. She was instrumental in developing the Compliance Benchmark Survey©, along with a PhD behavioral scientist and a former HHS Inspector General that has been in use since 1993. It uses a Likert Scale model, wherein respondents are asked to rate the question on a scale of one to five. Mean scores are computed for each item. Some questions items are reverse-scored to control for response set (the tendency to respond in a given pattern), “halo effect”.  The survey also includes items known as validators that ensure that respondents are being candid in their responses and not trying to manipulate the survey.

Jillian Bower Concepcion, VP for the Compliance Resource Center explained that the Compliance Benchmark Survey© has been widely used by hundreds of health care organizations with more than a half million employees surveyed. Results of this survey will assist identifying compliance program strengths, as well as opportunities for improvement. Reports present employee perceptions with respect to five different dimensions and four compliance themes. The results by question, panel, and overall results can be compared and benchmarked against the universe of those who used the survey.  The overall score level (i.e., sum of individual item scores) of the company is evaluated against the Health Care Compliance Index (HCCI©). An organization using the same survey over time can also benchmark their progress and measure improvement in the organization’s culture. For more information on compliance surveys, see https://www.complianceresource.com/publication-topics/compliance-surveys/

Steve Forman, CPA, a nationally recognized healthcare compliance consultant whose experience includes serving as an executive in the OIG and the CCO for one of the nation’s largest healthcare system has used the Compliance Benchmark Survey© since it was first introduced.  He has found survey results assist in identifying areas where attention is needed that is very useful in the maintenance and enhancing an effective compliance-program. The results can tell you the “what”, but not the “why” and as such he uses the information in talking to employees and conducting “focus group” meetings that can provide additional insights as to the full meaning of the information derived from the survey.

Al Bassett, JD, is another nationally recognized expert on healthcare compliance, who has been building and evaluating compliance program for over 15 years. Prior to his work in compliance, he was a Deputy Inspector General and FBI executive. He noted that he has found the survey is very valuable in assessing compliance program effectiveness. Results provide compliance officers with a road map to improving the program effectiveness and the costs of using the survey in evaluating the compliance program is only about only 10 percent of a full field assessment by experts.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Effective hotline programs

All healthcare organizations need confidential compliance communication channels. First and foremost among them is a hotline. By definition, all effective compliance programs should have a hotline. It is an important avenue of communication between employees and management, in that it permits employees to report sensitive matters outside the normal supervisory channels.  The reality is that developing and monitoring a hotline is a critical part of any effective compliance program. It provides an avenue of communication that permits employees to report sensitive matters outside the normal supervisory channels. The compliance officer bears the responsibility of constantly reviewing and improving the effectiveness of the hotline operation.  The US Sentencing Commission, the HHS Office of Inspector General (OIG), and Department of Justice (DOJ) all call for having a hotline, as well as other authorities, including the Sarbanes-Oxley Act for publicly traded companies and the federal courts in connection with unlawful harassment. Failure to establish positive internal compliance reporting channels often results in reporting externally to the OIG and DOJ from “whistleblowers.” The challenge is establishing effective internal compliance communication. Today, it is the exception to find organizations trying to manage a hotline function internally. The fact is that any advantage of internally operated hotlines is more than off-set by the disadvantages.

From a practical standpoint, it simply is not cost effective to operate a hotline 24/7 internally.  Even those that decide to operate and manage the function in house are confronted with a number of challenges—it is extremely inefficient, costly and seldom meets any minimum standards. Hotline numbers will need to be “backstopped” against tracing and all caller identification systems have to be blocked. People answering the calls in house should not be highly visible to the work force. Confidence comes from neither party being known to the other. Hotline vendors have the training and experience to handle complainants. Callers are generally nervous and afraid and knowing they are providing information to an outside party generally is reassuring. They always raise the question of whether anonymity is truly offered and whether employees will ever sufficiently trust calling an employee. It has become the standard practice for organizations to outsource their hotline to a vendor.  However, evaluating those providing the best service at the right price is a challenge. The following are questions that can be used to determine a properly qualified vendor. Those failing key tests should be avoided as they may prove to be a future liability.

 

Questions for hotline vendors

  1. Cost of Service. Does the vendor charge an established fixed rate or sliding rate based upon number of calls? Seek a fixed, not a variable rate, based upon number or time of calls. A good rule of thumb is that the cost of a hotline service should not exceed $1-3 per employee per year.

 

  1. Industry Focus. Can the vendor evidence having understanding and expertise of issues related to the health care industry? Failing to understand healthcare standards and regulatory matters limits the ability to properly debrief callers. Ask for a breakdown of the types of clients they serve by industries.

 

  1. Hours of Service. Does the vendor provide 24/7 service? If not, don’t use them.

 

  1. Call Centers. Does the vendor provide call services? If so, avoid them completely. Call centers provide outbound calls used to promote services and products. Others answer after hour services for businesses (doctors, plumbers, electricians, etc.) and relate messages to their clients. The people doing this are performing a clerical function and answering hotline calls requires more professional expertise. Furthermore, there is the risk of having calls interrupted by a call for some needing emergency service.

 

  1. Hotline Service Types. Does the vendor provide multiple levels of service for (a) receiving live operator calls and (b) a web-based reporting system that prompts individual complainants? One level alone is not enough.

 

  1. Avoiding Vendor Contract Traps. Does the contract permit cancellation at any time with a simple 30 day notice? If not, don’t use them. Staying with a vendor should be because of good service, not because of being locked into them by contract terms. If you have a current contract, check the termination clauses to see if cancelling a contract is cumbersome. If it is, ask to renegotiate the termination clause. If they decline, then take steps to follow termination procedures in the contract.

 

  1. Hotline Number. Does the vendor want to use their phone number? This is a common vendor trap to lock in users to their service. You advertise their number everywhere and to change would necessitate changing all the places you have advertise the number. Always use and own your own hotline number that can be pointed to a vendor.

 

  1. Language Translation. Does the vendor provide a language translation service to address non-English speakers?

 

  1. Check Vendor Background. What is the level of hotline experience among the ownership, management, and operation of the service?

 

  1. Length of Hotline Experience. How many years of experience can the vendor evidence in the management of hotline operations?

 

  1. Policies, Procedures, and Protocols. Does the vendor provide advice on developing operating protocols for following up an allegations and complaints received through the hotline?

 

  1. Business Associate Agreement (BAA). Does the vendor offer to sign a BAA to meet HIPAA protected health information (PHI) requirements for any patient related information received through the hotline? If they don’t know what that means, forget them.

 

  1. Timelines. Will the vendor agree to provide a full written report within one business day of receipt of the call and for urgent matters, immediate notification?

 

  1. Report Delivery Security. Does the vendor deliver call reports by the most secure means? It is critical to establish a secure call report submission process to a specific responsible party and to an alternate should the primary contact be unavailable? Any delivery of reports via fax or email lack necessary security. It is critical that reports are secured to protect those filing the report, as well as those who are subject of the report or mentioned in them. HIPAA PHI, proprietary and confidential data, and personnel information must be protected. Web-based reporting is the most secure with notification of a report being provided via email.

 

  1. Routine vs. Urgent Reporting. Does the vendor assist in establishing a process that alerts the primary contact to any urgent report received? A delay in reporting a serious issue could result in potential liabilities.

 

  1. Insurance. Does the vendor provide at least one to three million dollars liability coverage? If your vendor does not have this insurance, consider changing over to one that provides this assurance.

 

  1. Caller Contact Information. Does the vendor have procedures for providing callers with a means to call back without disclosing their identity?

 

  1. Personalized Service. Does the vendor provide the identity or identities of individuals available to respond to any issues or question that may arise, whether it relates to call reports, invoice issues, or providing general advice? Not having easy access to someone or having to go through a phone system moving you from one office to another before you find a stranger who may or may not be able to answer your questions can be frustrating. If possible, seek an identified accounts manager who will be responsible for any and all issues that arise under the contract.

 

  1. Training and Assistance. Does the vendor provide guidance on the best way to promote understanding of the hotline?

 

  1. Other Useful Benefits. Are there any other services or benefit provided under the contract? This would include such things as supporting policy and procedures for hotline management, poster templates, newsletters, etc. For smaller organizations, these benefits may exceed even the service fees paid to the vendor. Find out what they offer.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.