Kusserow on Compliance: Four physicians charged in $200M prescription fraud scheme

A CEO and four physicians were charged in a superseding indictment in an investigation of a $200 million health care fraud scheme that involved a network of Michigan and Ohio pain clinics, laboratories, and other medical providers. Additional charges included wire fraud conspiracy, money laundering, and distribution of over 4.2 million medically unnecessary dosage units of controlled substances and medically unnecessary injections to Medicare beneficiaries, some of whom were addicted to narcotics. These included oxycodone, hydrocodone and oxymorphone. Some of the opioids were resold on the street.

When a medical review was made of the injection claims, it was found that 100 percent of the claims were not eligible for Medicare reimbursement. In order to conceal the continued billing of these fraudulent claims to Medicare, the defendants created new shell companies and continued to engage in the same billing of fraudulent claims, often changing only the name of the company on the door to the medical practice and/or inventing new suite numbers to conceal the continuation of the fraudulent practices at the same location. Defendants also owned a diagnostic laboratory to enable them to order medically unnecessary urine drug testing from the laboratory. When Medicare conducted a medical review of claims submitted by the laboratory, it determined that 95 percent of the claims were not eligible for Medicare reimbursement and ordered the diagnostic laboratory to repay $6.9 million in improper payments.

Another scheme involved money laundering in connection with a $6.6 million wire transfer and the withdrawal of $500,000 in cash, which was hidden in plastic bags in the closet of the house.  The indictment alleges that transferred proceeds derived from the conspiracy were used to allow the defendants to live an extravagant lifestyle and spend millions of dollars on luxury items—clothing from retailers like Hermes, rare Richard Mille watches, and exotic automobiles such as a Lamborghini and Rolls Royce Ghost. The proceeds were also used to purchase a mansion and other real estate in the Detroit, Michigan area and to sit courtside or in the first row of NBA basketball games, including the NBA Finals.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Emerging government enforcement priorities for 2018

At the HCCA conference in April, there were several presentations regarding the government’s enforcement priorities. There were a number of emerging issues that were the subject of considerable attention: the opioid crisis, electronic health record (EHR) fraud, and telehealth/telemedicine. By far, the area given the most attention was the opioid crisis.  More than a dozen presenters included comments in their presentations on this subject, including presenters from the DOJ, OIG, CMS, and the OCR. This is not surprising in that last October the President declared this to be a national public health care crisis and marshaled regulatory and enforcement agencies to actively focus on steps to alleviate it. Other agencies not present at the HCCA are included in this effort, such as the FDA, FCC, CDC, Indian Health Service, Veterans Administration, Department of Defense TRICARE program, and others. At the federal and state level, there is increased legislative, regulatory, and enforcement actions activity related to substance abuse and behavioral health services. In January, the Attorney General announced the DEA was increasing its focus on pharmacies and prescribers who dispense unusual or disproportionate amount of such drugs. He also has created the Prescription Interdiction and Litigation (PIL) task force to aggressively deploy and coordinate all available criminal and civil law enforcement tools to address the crisis. Both DOJ and OIG presenters noted the July 2017 “take down” of 412 defendants in 41 different judicial districts. The defendants included over 100 doctors, nurses, and other medical license professionals. Together these individuals were responsible for over $1.3 billion in false billings.

The second most reported topic concerned cyber and IT security of Protected Health Information (PHI). This was a main topic in the presentation by OCR, but was alluded to in seven other presentations on cybersecurity and threats and complying with HIPAA Privacy and Security standards. The OCR reported that since 2009, there have been 2178 reports of breaches over 500 files with more than 300,000 cases of breaches affecting fewer than 500 files. The OCR has responded to over 170,000 complaints that resulted in over 25,000 cases being resolved with corrective action measures.  The OCR expects about 17,000 new complaints this year.  The top 10 recurring issues involve: (1) disclosure of sensitive paper information, (2) business associate agreements, (3) risk analysis, (4) failure to manage risks, such as with encryption, (5) lack of transmission security, (6) failure of ongoing auditing, (7) no patching of software, (8) insider threats, (9) improper disposal of records, and (10) insufficient backup of information and contingency planning.

Several sessions focused on physician arrangements and how they could implicate the Anti-Kickback Statute and Stark Laws.  Statistics from DOJ indicated the continuing trend of increased number of qui tam cases that has grown from 426 in 2015 to around 500 in 2017 with annual settlements averaging about $2.5 billion per year.

New cases involving Meaningful Use Fraud were reported with the promise that more new cases were under development.  Another area getting a lot of enforcement attention by the DOJ and OIG relate to telehealth and telemedicine. Cases surfacing now are focusing on claims arising from billings for these areas that did not qualify as such.  Only certain telehealth services are covered by Medicare and providers should take care to follow CMS guidance on what qualifies.

It is interesting to compare these priorities with results for the 2018 Compliance Benchmark Survey of compliance officers. There was no mention of the opioid crisis, as it was just an emerging national issue at the time the survey was taken. HIPAA security/cyber-security was the highest priority. It is troubling that corrupt arrangements with referral sources remains the number one regulatory and enforcement priority for the OIG and DOJ but is ranked fifth in priority to respondents. The other major and continuing enforcement priority related to claims submissions and that ranked third in priority by compliance officers.  A complementary webinar relating to this survey will be presented on May 9th.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Employee screening against the Specially Designated Nationals and Blocked Persons list

A frequently asked question by compliance officers for health care organizations is whether they should be screening employees and others with whom they do business against the Office of Foreign Assets Control (OFAC) Specially Designated Nationals and Blocked Persons list (SDN). OFAC is part of the U.S. Department of Treasury that determines whether or not an entity or individual is permitted to do business with the United States. The SDN is “….a list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific.”

Tom Herrmann, JD—who served over 20 years in the HHS Office of Inspector General (OIG) Office of Counsel to the IG and subsequently 6 years as an Appellate Judge for the Medicare Appeals Board—was asked to comment on this issue. He noted that the SDN list was primarily designed for use by financial institutions; they are not permitted to deal with anyone on the list. As a result, OFAC alerts can sometimes show up on credit reports. It is safe to assume that employers, also, would prefer not to hire someone on the SDN list. Those industries most involved in OFAC screening are international businesses, particularly in banking, finance, and insurance. He made special note of the fact that screening against the OFAC SDN List is not required for healthcare providers or managed care and may create more problems than benefits from doing it.

Ashley Felder is a Human Resources Consultant who warns that from an employer’s perspective, a significant problem is that the list consists of a very large number of common Arabic names that can be transliterated into English many different ways that create many false hits. This opens up the possibility of discriminatory practices unless a great deal of care is used in applying the information. In view of the fact that there is not specifically identifiable data that can confirm a match, means that a potential hit cannot be fully resolved without confronting the individual for a detailed briefing of their background. This can be very troublesome and may lead to charges of discrimination, profiling, defamation of character, etc. The result is that OFAC may or may not be a useful supplement to a standard criminal check or screening against state credentialing agencies, the OIG List of Excluded Individuals, and Medicaid sanction lists.

Jillian Bower, Vice President of the Compliance Resource Center that provides sanction-screening tools and services, noted that the overwhelming majority of healthcare related entities “do not” screen against the OFAC SDN. She explained that there are some issues and potential complications in using it for employment screening, as result of the fact that for the most part, the list is name-only with multiple aliases per person, and is a mix of individuals and organizations. Dates of birth are usually missing, or multiple possibilities are listed. Address history, if present, only includes city and country. So OFAC checks are name-only, and making a positive identification can be difficult, if not impossible. As such, the Compliance Resource Center (CRC) does not recommend screening OFAC, unless there are special concerns or reasons for doing so, such as operating outside the United States in areas designated by the Department of Treasury for special concern.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Questions Boards should be asking their compliance officer

Effective compliance programs require top-down commitment beginning at the Board level to oversee and support its implementation and operations.  The Board should have a committee to do this. The OIG compliance guidance calls for a Board level committee to oversee the Compliance Program (CP). The HHS Inspector General, General Dan Levinson has noted that the best boards as those that are active, questioning, and exercise (constructive) skepticism in their oversight. He further stated that Boards have a duty to ask probing questions about the operation of the Compliance Program, including how the compliance reporting system works and what reports they can expect on the reporting of compliance issues. They have a duty to ask probing questions about the goals and objective of the compliance program. The problem for most Boards is to know what type of questions they should be asking. Compliance Officers should assist them with this problem; however they in turn should be prepared to provide full and complete answers to them. The OIG and American Health Lawyers Association developed specific suggested questions that Board’s should be asking about the compliance program that the compliance officer should be prepared to provide proper responses to them. They jointly produced “Corporate Responsibility and Corporate Compliance: A Resource for Health Care Boards of Directors” and “Corporate Responsibility and Health Care Quality (2007): A Resource for Health Care Boards of Directors.” The following are drawn from these advisory documents:

  1. Does the compliance officer have sufficient authority to implement the program?
  2. What are the resources necessary to properly implement operate the program?
  3. Has compliance officer been given the sufficient resources to carry out the mission?
  4. Have compliance-related responsibilities been delegated across all levels of management?
  5. What evidence is there that all employees held equally accountable for compliance?
  6. How has the code been incorporated into corporate policies across the organization?
  7. What evidence is there that the code is understood and accepted across organization?
  8. Has management widely publicized importance of the code to all of its employees?
  9. Are there compliance-related policies that address operational compliance risk areas?
  10. Are there policies/procedures for the compliance program operation?
  11. How often are compliance-related policies reviewed and updated?
  12. What is the scope of compliance-related education and training?
  13. What evidence is there of the effectiveness of compliance training is effective?
  14. What measures are taken to enforce training mandates?
  15. What evidence that employees understand what is expected of them regarding compliance?
  16. How is compliance risks identified?
  17. What is the evidence that identified compliance risks are being addressed?
  18. How is the compliance program structured to address such risks?
  19. Does the compliance program undergo periodical independent effectiveness evaluation?
  20. What is the process for the evaluation and responding to suspected compliance violations?
  21. What kind of training is provided to those who conduct investigation of reported violations?
  22. How does Compliance, HRM & Legal Counsel coordinate resolving compliance issues?
  23. What are the policies to ensure preservation of relevant compliance program documents and information?
  24. What policies address protection of “whistleblowers” and those accused of misconduct?
  25. What are the results of ongoing compliance monitoring by all program managers?
  26. How is ongoing compliance auditing being performed and by whom?
  27. How often is sanction-screening conducted with what results?
  28. What are the results from sanction-screening and are they certified by responsible parties?
  29. Has the compliance program been evaluated for effectiveness by a qualified independent reviewer?
  30. What evidence is there concerning hotline operation and follow-up investigations?
  31. What are the metrics being used to evidence compliance program effectiveness?
  32. What are the results of an independent review and assessment of the compliance program?

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.