Kusserow on Compliance: Questions Boards should be asking their compliance officer

Effective compliance programs require top-down commitment beginning at the Board level to oversee and support its implementation and operations.  The Board should have a committee to do this. The OIG compliance guidance calls for a Board level committee to oversee the Compliance Program (CP). The HHS Inspector General, General Dan Levinson has noted that the best boards as those that are active, questioning, and exercise (constructive) skepticism in their oversight. He further stated that Boards have a duty to ask probing questions about the operation of the Compliance Program, including how the compliance reporting system works and what reports they can expect on the reporting of compliance issues. They have a duty to ask probing questions about the goals and objective of the compliance program. The problem for most Boards is to know what type of questions they should be asking. Compliance Officers should assist them with this problem; however they in turn should be prepared to provide full and complete answers to them. The OIG and American Health Lawyers Association developed specific suggested questions that Board’s should be asking about the compliance program that the compliance officer should be prepared to provide proper responses to them. They jointly produced “Corporate Responsibility and Corporate Compliance: A Resource for Health Care Boards of Directors” and “Corporate Responsibility and Health Care Quality (2007): A Resource for Health Care Boards of Directors.” The following are drawn from these advisory documents:

  1. Does the compliance officer have sufficient authority to implement the program?
  2. What are the resources necessary to properly implement operate the program?
  3. Has compliance officer been given the sufficient resources to carry out the mission?
  4. Have compliance-related responsibilities been delegated across all levels of management?
  5. What evidence is there that all employees held equally accountable for compliance?
  6. How has the code been incorporated into corporate policies across the organization?
  7. What evidence is there that the code is understood and accepted across organization?
  8. Has management widely publicized importance of the code to all of its employees?
  9. Are there compliance-related policies that address operational compliance risk areas?
  10. Are there policies/procedures for the compliance program operation?
  11. How often are compliance-related policies reviewed and updated?
  12. What is the scope of compliance-related education and training?
  13. What evidence is there of the effectiveness of compliance training is effective?
  14. What measures are taken to enforce training mandates?
  15. What evidence that employees understand what is expected of them regarding compliance?
  16. How is compliance risks identified?
  17. What is the evidence that identified compliance risks are being addressed?
  18. How is the compliance program structured to address such risks?
  19. Does the compliance program undergo periodical independent effectiveness evaluation?
  20. What is the process for the evaluation and responding to suspected compliance violations?
  21. What kind of training is provided to those who conduct investigation of reported violations?
  22. How does Compliance, HRM & Legal Counsel coordinate resolving compliance issues?
  23. What are the policies to ensure preservation of relevant compliance program documents and information?
  24. What policies address protection of “whistleblowers” and those accused of misconduct?
  25. What are the results of ongoing compliance monitoring by all program managers?
  26. How is ongoing compliance auditing being performed and by whom?
  27. How often is sanction-screening conducted with what results?
  28. What are the results from sanction-screening and are they certified by responsible parties?
  29. Has the compliance program been evaluated for effectiveness by a qualified independent reviewer?
  30. What evidence is there concerning hotline operation and follow-up investigations?
  31. What are the metrics being used to evidence compliance program effectiveness?
  32. What are the results of an independent review and assessment of the compliance program?

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: October 2017 Work Plan update

This year, the OIG is updating their annual Work Plan during the year, rather than annually. The Work Plan sets forth various audits and evaluations that are underway or planned during the fiscal year and beyond. The updates will include the addition of newly initiated Work Plan items and removal of completed items. In conducting its work, the OIG assesses relative risks in HHS programs and operations to identify those areas most in need of attention. In evaluating potential projects to undertake, the OIG considers a number of factors, including mandates set forth in laws, regulations, or other directives; requests by Congress, HHS management, or the Office of Management and Budget; top management and performance challenges facing HHS; work performed by other oversight organizations (e.g., GAO); management’s actions to implement OIG recommendations from previous reviews; and potential for positive impact. In addition to working on projects that often result in audits, reviews, and reports, the OIG also engages in a number of legal and investigative activities that are separately reported.

5 New Projects Added

  1. Secretary Price’s Use of Chartered Aircraft for Federal Travel. Federal Travel Regulations provide limited instances in which chartered aircraft can be used for official Government business. OIG initiated a review of HHS Secretary Price’s use of chartered aircraft for Federal travel. He subsequently resigned and agreed to payback funds improperly expended.

 

  1. Specialty Drug Coverage and Reimbursement in Medicaid. Medicaid spending on specialty drugs has rapidly increased. There is no standard definition for specialty drugs. They may be expensive; be difficult to handle, monitor or administer; or treat rare, complex or chronic conditions. OIG plans are to determine states’ definitions of, and payment methodologies for, Medicaid specialty drugs and determine how much states paid for specialty drugs; and review strategies that states use to manage specialty drug costs, such as formularies, cost sharing, step therapy, and prior authorization.

 

  1. FDA Oversight of Risk Evaluation and Mitigation Strategies to Address Prescription Opioid Abuse. Opioid abuse and overdose deaths are at epidemic levels in the United States. The FDA has been provided legal authority to require pharmaceutical companies to develop Risk Evaluation and Mitigation Strategies (REMS), when the FDA determines that the risk of using a drug outweighs its benefit. Through the REMS program, the FDA intends to “increase the number of prescribers who receive training on pain management and safe prescribing of opioid drugs in order to decrease inappropriate opioid prescribing.” The OIG will conduct an evaluation on how the FDA determined the need for opioid REMS and determine the extent to which they have held pharmaceutical companies with required opioid REMS accountable for REMS assessments. The OIG also plans to determine the extent to which the FDA has held opioid REMS sponsors accountable for REMS goals to mitigate risks of misuse, abuse, addiction, overdose, and serious complications because of medication errors.

 

  1. Drug Traceability Test. Potentially dangerous drugs, including diverted, counterfeit, and imported unapproved drugs, can enter the supply chain and pose a threat to public health and safety. The Drug Supply Chain Security Act (DSCSA) provides the FDA and others with new tools to prevent the introduction of harmful drugs into the supply chain and to identify and remove them. DSCSA requires trading partners to exchange drug product tracing information when they take ownership of drugs, resulting in a tracing record that the FDA and others can use to investigate suspect and illegitimate drugs. Ensuring that DSCSA’s drug product tracing requirements function as intended will help the FDA respond effectively to potentially harmful drugs in the supply chain. The OIG plans to determine the extent to which selected drugs can be traced from the dispenser back to the manufacturer. This study—part of OIG’s body of work in this area—builds on the OIG’s previous examinations of trading partners’ early experiences exchanging drug product tracing information by testing the accuracy of those tracing records.

 

  1. Review of Medicare Payments for Bariatric Surgeries. Bariatric surgery is performed to treat comorbid conditions associated with morbid obesity. Medicare Parts A and B cover certain bariatric procedures if the beneficiary has (1) a body mass index of 35 or higher, (2) at least one comorbidity related to obesity, and (3) been previously unsuccessful with medical treatment for obesity. Treatments for obesity alone are not covered. The Comprehensive Error Rate Testing program’s special study of certain Healthcare Common Procedure Coding System codes for bariatric surgical procedures found that approximately 98 percent of improper payments lacked sufficient documentation to support the procedures. OIG auditors will review supporting documentation to determine whether bariatric services performed met the conditions for coverage and were supported in accordance with federal requirements.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Summary of OIG fraud and abuse actions first half of 2017

The HHS OIG issued their Semi-Annual report for first half of fiscal year (FY) 2017 and summarized key accomplishments, significant problems, abuses, deficiencies, and investigative outcomes relating to the administration of HHS programs and operations that were disclosed during the reporting period. The following summarizes reported statistical accomplishments.

Criminal Actions (468). OIG reported 468 criminal actions against individuals or entities that engaged in crimes against HHS programs and 461 civil actions, which include false claims and unjust-enrichment lawsuits filed in Federal district court, civil monetary penalties (CMP) settlements, and administrative recoveries related to provider self-disclosure matters.  During the first half of FY 2017, OIG reported expected investigative recoveries of over $2.04 billion.

Health Care Strike Force (152 Criminal Actions). The Health Care Fraud Strike Force teams brought charges against 45 individuals or entities, 152 criminal actions, and $267 million in recoveries through investigations.

State Medicaid Fraud Control Units (MFCUs) (1,564 Criminal Actions).  The OIG has oversight responsibility for MFCUs and administers grants that provide federal funding for their operations. There are 50 MFCUs (in 49 States and the District of Columbia) totaled almost $259 million. The MFCUs employed 1,965 individuals. MFCUs reported 18,730 investigations, of which 15,509 were related to Medicaid fraud and 3,221 were related to patient abuse and neglect, including misappropriation of patients’ private funds. The cases resulted in criminal charges or indictments involving 1,721 individuals, including 1,249 for fraud and 472 for patient abuse and neglect. In total, 1,564 convictions were reported in FY 2016, of which 1,160 were related to Medicaid fraud and 404 were related to patient abuse and neglect. Civil judgments and settlements for FY 2016 totaled 998, and monetary recoveries in civil cases totaled over $1.5 billion. During this reporting period, OIG special agents partnered with MFCUs in conducting joint investigations on 714 criminal cases.

Program Exclusions (1,422). During this semiannual reporting period, OIG excluded 1,422 individuals and entities from Medicare, Medicaid, and other federal health care programs. Most of the exclusions resulted from convictions for crimes relating to Medicare or Medicaid, for patient abuse or neglect, or as a result of license revocation. OIG is also responsible for reinstating providers who apply and have met the requirements of their exclusions.

Sanction Authorities and Other Administrative Actions (1,504).  OIG sanctions include the exclusion of individuals and entities from federal health care programs and the imposition of CMPs for submitting false and fraudulent claims to a federal health care program or for violating the Anti-kickback statute, the Stark law, or the Emergency Medical Treatment and Labor Act (EMTALA), also known as the patient dumping statute. During this semiannual reporting period, OIG imposed 1,504 administrative sanctions in the form of program exclusions or administrative actions for alleged fraud or abuse or other activities that posed a risk to federal health care programs and their beneficiaries.

Civil Monetary Penalties Law (CMPL) ($26 million0. The CMPL authorizes OIG to impose administrative penalties on and assessments against a person who, among other things, submits, or causes to be submitted, claims to a federal health care program that the person knows, or should know, are false or fraudulent. In addition to administrative penalties and assessments, OIG can also exclude individuals for engaging in conduct prohibited by the CMPL. During this semiannual reporting period, OIG concluded cases involving more than $26.3 million in CMPs and assessments.

Self-Disclosure Programs ($23 million). Health care providers, suppliers, or other individuals or entities subject to CMPs can apply for acceptance into the Provider Self-Disclosure Protocol, a program created in 1998, to voluntarily disclose self-discovered evidence of potential fraud. During this semiannual reporting period, self-disclosure cases resulted in more than $23 million in HHS receivables.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Webinar provides triage tips for internal investigations

Health care compliance investigations are not like a fine wine, stressed Kashish Chopra—age may improve a wine, but waiting for an investigation will never make it go more smoothly. Chopra, along with former HHS Inspector General Richard P. Kusserow, both of Strategic Management Solutions, presented a webinar titled Best Practices for Internal Investigations, during which they provided pertinent information on internal investigations. The information included the goals of such investigations, key individuals who should be involved in the process, and necessary steps and precautions. They also provided listeners with a sample Protocol Policy to clarify the relationship between a compliance officer and legal counsel when they have overlapping responsibilities.

Kusserow and Chopra explained the importance of having an internal investigation program as part of a robust compliance program. Internal investigations are a form of risk management, as they can prevent costly mistakes and provide reassurance to everyone that problems and reports are taken seriously and examined carefully. The foundation of a successful investigation is to have a formalized process for everything, including even informal processes, to ensure that complaints can be received, investigated, and, if necessary, mitigated. Chopra noted that although most complaints that anonymous compliance hotlines receive are related to human relations (HR), the type of complaints that are most likely to lead to an investigation include allegations of harassment, discrimination, retaliation, privacy or security threats, theft or fraud, notice of litigation, and inquiries by government agencies or contractors.

It is important for all individuals involved in an investigation to have well-defined roles and to maintain communication and transparency. Kusserow explained how it is important, during an investigatory interview, to minimize note-taking and maintain eye contact; however, he reminded listeners to build in time between interviews to fill in gaps left by minimal note-taking to ensure adequate records are kept. They also provided tips on how to “triage” complaints—ranking tasks according to priority, which requires a quick, accurate assessment of each issue. They especially emphasized the importance of providing individuals the opportunity to report problems both confidentially and anonymously. The difference being that although anonymity is protected, there is no obligation for the compliance department to protect the job of an anonymous source, while confidential sources must be protected against retaliation.