Kusserow on Compliance: Preparing for compliance investigations

Most compliance officers are not professionally trained investigators and are unsure how to decide whether an issue warrants a formal investigation. Also, the great majority of issues presented to compliance officers can be resolved relatively easily without need of an investigation.  However, when situations arise warranting an investigation, it is important to know what needs to be done and how. At every step in an investigation, there are rules that must be followed regarding how things must be done—working with other internal or external parties, determining how to manage the records of investigations, and so on. It is important for anyone who may be called upon to investigate, to take time to learn some of the fundamentals of the process. The first step for any investigation is taking time to analyze all known facts upon receipt of a complaint, allegation, or information suggesting a potential wrongdoing. After this, the next step is to decide upon a course of action, such as:

  1. Closing the matter without the need of further action
  2. Having enough information to take adverse or corrective action on the issue
  3. Need to investigate to clarify issues
  4. Referring the matter to legal counsel
  5. Disclosing a violation to a duly authorized governmental authority

The following should be considered when the decision is to investigate:

  • Knowing who the deciding authority is and what they will need to make a decision
  • Development of the investigative plan
  • Establishing the scope of the investigation
  • Who is the person best qualified to conduct the investigation?
  • Whether the investigation should be under direction of legal counsel

Time is a major enemy and is a force with which to contend in any internal investigation. There is a lot involved in even a simple investigation.  It includes two key elements: documentary evidence and conducting interviews. Knowing what documents are needed is important but knowing how to properly conduct interviews requires some training and skill to produce optimum results and reduce the risks of losing valuable information and time. Writing reports of interviews and the final Investigations Report is also very important. There is both a right and wrong way to do these things.

Conducting successful compliance investigations requires professional competence and friendly persuasion, not upon the authority and power of a government agency backed by the courts. One of the most common and costly mistakes is for individual to conduct investigations without having proper training and experience. It is advisable to engage an expert to teach basic investigation fundamentals on how to: (a) conduct interviews, (b) gather evidence, and  (c) file and store documents and evidence. A few hours of training will not create a professional investigator but may provide enough guidance to ensure that proper steps are followed to avoid costly mistakes. It is also advisable to have protocols in place and in advance of being confronted with an investigation to provide guidance on how to proceed.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Questions board-level compliance committees should be asking

HHS OIG compliance guidance calls for a Board-level committee to oversee the Compliance Program (CP). The HHS Inspector General noted that the best boards are those that are active, questioning, and exercise (constructive) skepticism in their oversight, asking probing questions about the compliance program. Boards need to know what type of questions they should be asking, and compliance officers should assist them with this problem. However, compliance officers in turn should be prepared to provide full and complete answers to them. The OIG and American Health Lawyers Association developed specific suggested questions that Board’s should be asking in their jointly produced “Corporate Responsibility and Corporate Compliance: A Resource for Health Care Boards of Directors” and “Corporate Responsibility and Health Care Quality (2007): A Resource for Health Care Boards of Directors”. The following are drawn from these advisory documents:

  1. Does the compliance officer have sufficient authority to implement the CP?
  2. What is the level of resources necessary to properly implement and operate the CP?
  3. Has the compliance officer been given the sufficient resources to carry out the mission?
  4. Have compliance-related responsibilities been delegated across all levels of management?
  5. What evidence is there that all employees are held equally accountable for compliance?
  6. How has the code been incorporated into corporate policies across the organization?
  7. What evidence is there that the code is understood and accepted across organization?
  8. Has management taken affirmative steps to publicize importance of code to employees?
  9. Have compliance-related policies been developed that address compliance risk areas?
  10. Are there policies/procedures for CP operation and how they should be reviewed/updated?
  11. What kind of document management ensures compliance-related documents are up to date?
  12. What is the scope of compliance-related education and training?
  13. What evidence is there of the effectiveness of CP training?
  14. What measures enforce training mandates and provide remedial training?
  15. What evidence is available that employees understand compliance expectations?
  16. How are compliance risks identified?
  17. What is the evidence that identified compliance risks are being addressed?
  18. Is the board being kept up to date on regulatory and industry compliance risks?
  19. How is the compliance program structured to address such risks?
  20. How are “at risk” operations assessed from a compliance perspective?
  21. Is conformance with the CP periodically evaluated?
  22. Does the CP undergo periodical independent evaluation of its effectiveness?
  23. What is the process for the evaluation and responding to suspected compliance violations?
  24. What kind of training is provided to those who conduct investigation of reported violations?
  25. How do the CO, HRM, and legal counsel coordinate in resolving compliance issues?
  26. What are the policies to ensure preservation of relevant CP documents and information?
  27. What policies address protection of “whistleblowers” and those accused of misconduct?
  28. What are the results of ongoing compliance monitoring by all program managers?
  29. How is ongoing compliance auditing being performed and by whom?
  30. How often is sanction-screening conducted and with what results?
  31. Are results from sanction-screening included in a signed report by the responsible parties?
  32. Has the CP been evaluated for effectiveness by a qualified independent reviewer?
  33. What evidence regarding effectiveness of hotline operation and follow-up investigations?
  34. What are the metrics being used to evidence CP effectiveness?
  35. What are the results of an independent review and assessment of the CP?

 

More information regarding available tools and resources available to assist in answering these questions, contact Daniel Peake at (dpeake@complianceresource.com) (703-236-9854).

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Meeting sanction checking mandates

As the HHS Inspector General, I created what is now referred to as the List of Excluded Individuals and Entities (LEIE) that was followed by OIG compliance guidance documents which call for checking employees, physicians, vendors, and contractors against the LEIE. The OIG considers all claims and costs associated with an excluded party as potentially false and fraudulent and can lead to significant financial penalties and more. The OIG Special Advisory Bulletin on the Effect of Exclusion provides very useful information in assessing this risk area. CMS mandates, as a condition of enrollment, providers may not employ or contract with individuals or entities that are excluded from participation in any federal health care program and call for checking not only against the LEIE, but also the General Service Administration’s (GSA) Excluded Parties List System (EPLS), now part of the System for Award Management (SAM). CMS further called upon State Medicaid Directors to establish their own sanction data base and requires providers to check it on a monthly basis. To date, 40 states have moved to establish their own Medicaid sanction lists with other states in the process of doing the same. This has increased the sanction screening burden exponentially, not only for the compliance office but other departments as well. HR often has responsibility of sanction checking new hires and periodically current employees. Procurement is also affected because they handle the screening of vendors and contractors. The Medical Credentialing Office must ensure checking on physicians who have been granted staff privileges.  Other federal sanction databases worth screening are maintained by the DEA and FDA, as well as the Department of the Treasury Office of Foreign Assets Control (OFAC) Terrorist Watch List.

Daniel Peake, of the Compliance Resource Center (CRC), works with clients to provide a variety of CRC services that includes providing sanction checking services, as well as the investigation and resolution of potential hits. He noted that the time and resources necessary for developing and maintaining a search engine, along with regularly collecting and updating sanction information from many databases is not very cost effective. This high cost of using internal resources to develop and manage the sanction checking has resulted in the great majority of health care entities subscribing to a vendor service that provides a search engine to their established databases. Vendors can afford the high cost of maintaining the currency of the data because they amortize the costs over many clients. The problem is that that vendor quality, cost, and reliability can vary enormously.  From experience, he offered the following tips for those considering a vendor:

 

Tips on choosing a vendor search engine service

  1. Know the cost up front with a fixed rate, not based upon per click searches.
  2. Contract should permit cancelling without cause at any time, if dissatisfied.
  3. Ensure vendor has liability insurance ($ 1 to 3 million preferably).
  4. Determine other services included (e.g. policy templates, regulatory updates, etc.).
  5. Determine how much “help desk” assistance is available to resolve potential hits.

 

For more information, contact Daniel Peake at (dpeake@complianceresource.com) (703-236-9854).

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Internal investigations by any other name

In most organizations, there are many people who may be called upon to respond to a complaint or concern raised by an employee; few of these complaints or concerns, however, might rise to the level of requiring a formal investigation. Emil Moschella, JD is a highly experienced health care compliance consultant who previously served as an FBI executive and also taught at the FBI National Academy. He warns to be careful about calling something an “investigation,” as it is an emotionally charge term that may lead people to infer a lot more about what is occurring than is factually correct. If a person believes that something may result in referral to an enforcement agency, the situation may make them more defensive and cautious when responding to questions.  As such, wherever possible, he advises using neutral terminology to avoid unnecessarily exciting concerns and speculation among employees. There are a lot of other terms that can be used as the definition of “investigation.” It is a detailed and systematic inquiry into something, often through gathering facts and information to solve a problem or resolve an issue. A number of other activities in organizations could meet that general definition, including conducting an audit, evaluation, internal inquiry, or internal review. He has found that characterizing the activity using these “less charged” terms can avoid the potential emotional response of using the term investigation.

Kashish Parikh-Chopra, JD, MBA, CHC, CHPC works with compliance officers to train staff on conducting internal investigations. She notes that many complaints, allegations, and concerns are often very routine in nature that can be resolved within a day or two through normal management procedures or with Human Resources. However, when confronted with a serious or complex matter, it is necessary to have properly trained individuals conduct the investigation in order to avoid aggravating matters and potentially creating additional problems. Professional investigators cannot be expected to be available for a compliance office to conduct an internal investigation, however, certain basic principles should be taught to anyone taking on the role of an investigator in an organization. Those who may become actively involved in internal investigations may include individuals from the compliance office, Human Resources, internal audit, privacy/security officers, legal counsel, etc. They should undergo training by experts to learn how to plan an investigation, conduct proper interviews, organize evidence, prepare written reports, and manage documentation. This can be done by participating in investigator training through webinars, conferences, or having experts provide training on-site.

 

For more information, Kashish Parikh-Chopra can be reached at kchopra@strategicm.com or via telephone at (703) 535-1413.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.