Kusserow on Compliance: OIG issues first 2017 Semi-Annual report—1,422 exclusions in first half of 2017

The OIG released is first semi-annual report for 2017 which included the number of exclusion actions taken. There were a total of 1,422 individuals and entities they excluded from Medicare, Medicaid, and other Federal health care programs. Most of the exclusions resulted from convictions for crimes relating to Medicare or Medicaid, for patient abuse or neglect, or as a result of license revocation. The OIG posts all such actions on its List of Excluded Individuals and Entities (LEIE).  In its compliance guidance, the OIG calls for screening of all individuals and entities engaged by or with whom they do business against the LEIE. CMS also makes such screening a condition of participation and enrollment. The OIG has a number of Administrative Sanction authorities whereby they have added steadily to the LEIE database. In the last three years the OIG added over 10,000 exclusions to the LEIE.

OIG Enforcement Authorities

Tom Herrmann, JD, is a nationally recognized health care compliance consultant.  He served for a number of years in the OIG Counsel’s Office as Chief of the Administrative Litigation Branch, and supervised the litigation of cases involving the imposition of civil monetary penalties and program exclusions. He explained that the OIG has been delegated the authorities to impose Civil Monetary Penalties, assessments, and program exclusion on health care providers and others determined to have engaged in defined wrongdoing. The effect of an OIG exclusion is that no payment may be made for any items or services furnished by an excluded individual or entity, or directed or prescribed by an excluded physician. He noted that in almost all instances where the OIG’s imposition of program exclusion or CMPs is appealed, it is upheld by a HHS Administrative Law Judge (ALJ), the HHS Departmental Appeals Board (DAB), and Federal Courts. As such, it is absolutely essential to have ongoing sanction-screening of anyone engaged by a healthcare organization.

Jillian Bower, is another highly experienced health care compliance consultant, who has assisted scores of clients in meeting the sanction-screening obligations through the Compliance Resource Center (CRC). She notes that CMS has been very aggressive in calling for sanction screening, not only of the LEIE, but Debarments posted by the General Services Administration (GSA), as well as pressuring State Medicaid Directors to establish exclusion databases and mandate monthly screening by their enrolled providers. Since then most states have moved to comply with the CMS direction. This has increased the sanction-screening burden greatly for not only for the compliance office, but also human resource management (HRM). Procurement is also affected by the number of vendors and contractors that also have to be screened. Medical credentialing is involved because physicians granted staff privileges have to be screened. In order to meet screening mandates, it is almost a necessity to use a vendor search engine tools to assist in sanction-screening. This saves downloading the sanction databases of all the entities and developing their own search engine. So using a vendor for this purpose is a step in the right direction; however the bulk of the work remains with the organization to do screening and resolving potential “hits” remains with the organization. Altogether this can be a considerable effort and many organizations have to dedicate one or many employees to meet all these obligations. Alternatively, many just outsource the entire process, including verification and certification of results to a vendor

Sanction-Screening Tips

  1. Ensure periodic sanction screening of employees, medical staff, contractors, and vendors against the LEIE, not just at time of engagement but periodically thereafter. An individual or entity may be pass a sanction screen at time of engagement, but later have a sanction imposed.

 

  1. Maintain a complete record of sanction screening to evidence meeting mandates with individual(s) responsible for sanction screening attesting to results each time screening has taken place. If using a vendor to conduct the sanction screening on behalf of the organization, they should provide a full certified report each time they perform their service.

 

  1. Develop a compliance policy and applications requiring as a condition of employment, gaining staff privileges, or engagement, attestation that the individual has not been, nor are they now, the subject of an investigation by any duly authorized regulatory or enforcement agency. It is also advisable to add a condition of engagement that employees must promptly report any notice of investigation that involves them.

 

  1. Care should be taken to meet state Medicaid screening requirements in addition to checking the LEIE. For those organizations that cross state lines, it is particularly important to ensure compliance with state sanction screening mandates that differ from state to state.

 

  1. Inasmuch as most exclusions in the LEIE arise from another underlying court, state agency, or licensure board action, it is critical as part of the credentialing process to verify that health care professionals are duly licensed and not until any restrictions. Engaging or giving staff privileges to individuals who are restricted in their license may be considered by CMS as violating conditions of participation.

 

  1. Educate and inform management and employees on their obligation to promptly report any notification of an adverse action by any duly authorized regulatory or enforcement agency. Policies should be implemented to reinforce this.

 

  1. Consider using a vendor tool to assist in sanction-screening, but compare services and costs to avoid unnecessary expenditures; and consider the cost-benefits of outsourcing then entire sanction-screening process.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: 4 out of 5 organizations under 1,000 employees overpay for their hotline

It is estimated that over 80 percent of health care organizations with fewer than 1,000 employees overpay their hotline vendor. The reasons for this vary.  For large scale vendors, higher overhead may cause difficulty scaling down their prices; smaller vendors may just be trying to wring out every dollar they can. Another problem among vendors is that some provide both answer-operated and web-based reporting systems, while others do not.   This variance in level of service is a complicating factor.  At any rate, only vendors that provide full-range coverage that offers live-operator answering, 24 hours a day, seven days a week, along with web-based reporting, should be used. For both services, anonymous reporting must be an option.

Fair pricing rates. Today, all health care organizations are cost-sensitive and seek reductions anywhere they can, without loss of quality of service. The general rule of thumb for the price of hotline vendor services for organizations under 1,000 employees that provide both operator-answered and web-based reporting system is that the rates for services should range from around a low of $500 per year to $1,000, depending on employee population. Keep in mind set-up costs for a new service, as well as the continuing service fees. For organization with greater employee populations, the service rate should not exceed $1 per employee per year. Those paying higher rates may want to investigate alternative providers to save expenses.

Recent trends in hotline reporting. Carrie Kusserow, a hotline expert with experience gained from running hotline vendor services and managing hotlines as a compliance officer, reports a significant increase in reporting rates on hotlines. She attributes this to a variety of factors. There has been increased promotion of reporting suspected violations by government agencies and compliance officers, coupled with whistleblower protection laws and regulations. Most organizations now have developed compliance programs that mirror the compliance guidance provided by the HHS Office of Inspector General (OIG).  Over time, this has taken hold and become standard operating practice.  This guidance emphasizes the need for organizational commitment to ensuring confidentiality and to those reporting problems, in addition to offering anonymity for those desiring it.  Kusserow quoted Compliance Resource Center reports of a significant trend in the health care sector of an increase in the percentage of anonymous hotline reports, with about three out of four now being submitted that way. In addition, Kusserow explained that compliance officers have become more professional in responding to and investigating complaints and allegations they receive.  This, in turn, has encouraged employees that their reporting will be taken seriously.  Furthermore, compliance training has reinforced the employee’s duty to report problems.

Jillian Bower, of the Compliance Resource Center, has identified another factor contributing to the increase in reporting: the addition of new avenues of communication. As a new generation of technically savvy employees entered the workforce, more employees feel more comfortable using web-based reporting tools; that is becoming the preferred method in increasing numbers.  She notes there has been an increasing percentage of employees who prefer submitting their hotline report through web-based systems, when given that option.   Today, the percentages reported through a live operator and via the web have reach near parity.  As such, it is important the vendor offer the web-based option, and those that do not should not be used.  The end result of all these changes is that the OIG’s advocacy of organizations developing alternative compliance communication channels is a reality.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Engaging experts to supplement and assist compliance offices

Most compliance offices are swamped with work. Sometimes it is a periodic rush to meet some urgency, while at other times there is just too much to be done with too little to meet all challenges in the ever-changing regulatory and enforcement environment. There are three broad ways to handle the load: (1) insource, so that all compliance office work is handled in-house, using consultants only occasionally for advisory services or evaluation of the compliance program; (2) outsource the compliance program to designated or interim compliance officers as a temporary solution for maintaining continuity, using an expert to be the interim compliance officer; or (3) cosource by using on-call experts to supplement the compliance office with specific duties or assignments.

Suzanne Castaldo, J.D., an expert on the subject, notes that many smaller organizations cannot justify the cost and burdens of supporting the program in-house and outsource it entirely to a designated compliance officer, who most often is a part-time engaged expert. The HHS Office of the Inspector General (OIG) recognized the use of designated compliance officers who may serve in that capacity for several organizations. Taking this approach should entail engaging experts on a part-time basis. If a full-time person can be afforded, then using this approach doesn’t make sense. The benefits include bringing the experience of many organizations to the entity that could ill afford to develop in-house.

Kashish Chopra, J.D., MBA, CHC, has served as an interim compliance officer and makes the point that in this day and age, with such a rapidly evolving regulatory and enforcement environment, health care organizations cannot afford to take the chance on having a gap in the compliance office. Having an expert on a short-term engagement can take over the reins of the program while a permanent replacement is found.

Jillian Bower, a highly experienced consultant has been instrumental in providing supplemental support to compliance officers. She noted that cosourcing has evolved as a “middle ground” between insourcing and outsourcing and has also been recognized by the OIG as a useful solution when expertise and resources are limited. It involves using experts on an ongoing basis to supplement limited staff resources to carry out part of their workload. It offers the advantage of the compliance officer maintaining control and direction of the program. Cosourcing can help bridge the gap in a manner that does not compromise the flexibility to easily return to a position where the Compliance Office can reassume full operation and end cosourcing at any time, when staffing issues are resolved. It is hiring piecemeal as needed. Common cosourcing may be using a consultant as a HIPAA privacy and/or security officer, conducting ongoing monitoring/auditing, performing enterprise risk management/analysis, engaging a statistical data claims analyst expert to determine error rates, hotline operations management, compliance investigations/training, reviewing arrangements with referral sources, and managing the sanction screening operations.

The fact is that there are options for consideration when a compliance program is being stretched beyond its capability to meet challenges or where a gap takes place among key compliance staff.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Tips for getting the most from your CIA

This was the title of a section in a presentation by Laura Ellis, HHS Office of Inspector General (OIG) Senior Counsel, at the recent Health Care Compliance Association (HCCA) Compliance Institute, where she explained that the settlement process is very lengthy, and that compliance officers should spend that time period preparing for what is to come. Even before matters are referred to the OIG for settlement negotiations, the matter will have been with the Department of Justice (DOJ) for a long time.  It is only after the DOJ turns matters over to the OIG that the agency determines whether or not a corporate integrity agreement (CIA) is necessary, and if so, what terms and condition should be included in the agreement.  Ellis stated that negotiations with the OIG may take up to a year before a CIA emerges.   It is during this rather long lead-up period that the compliance officer should be very busy preparing for what is to come.  Ellis offered a number of suggestions for the compliance officer to follow while this process is underway, including:

Thomas Herrmann, J.D., was previously responsible for negotiating CIAs on behalf of the OIG and in providing monitors with a number of years’ consulting experience, working with more than a dozen clients with CIAs and as an Independent Review Organization (IRO). He agreed with the Ellis statement about the long lead time before a CIA is signed, and that the compliance officer should not waste that valuable time.  Once executed, the clock begins ticking and a lot has to be accomplished in a relatively short time.   Among the most important tasks needing immediate attention is finding and vetting potential outside experts to be the IRO and, in some cases, compliance experts for the Board and quality monitors. The responsibility for selecting these experts lies with the organization, not the OIG.  This may take a lot of time and warrants serious consideration as in all likelihood, the organization will have them for five years.  A mistake in selection will come back to haunt the organization and may aggravate matters with the OIG.  The compliance officer should be very much involved in finding and selecting the right experts with the right expertise.   The more experience the firm selected has in performing this type of work, the less likely there will be problems.  An experienced firm won’t have the learning curve of an inexpert firm that oftentimes adds cost to the engagement and results in poor reports to the OIG.  For an organization that is already in hot water with the DOJ and OIG, this kind of complicating matter is not wanted.

Carrie Kusserow has over 15 years’ compliance officer and consultant experience, and was brought in to be the compliance officer to an organization under a CIA while Laura Ellis was the monitor. Kusserow echoes Ellis’ advice to organizations to take steps to “get the most out of the money” expended on these resources. The more expert they are in the health care sector, the better.  The more experience the individuals assigned to do the work have, particularly experience with the OIG, the better.   The one thing to avoid is hiring an IRO and then paying it to learn about the type of work being done by the organization or how to interact with the OIG. Having top-notch experts can impart considerable added value from prior experience of doing this kind of work. She also pointed out that once these outside experts are engaged, there is another lag period before they begin their work and again when they present reports on the results of their work.  It is a huge mistake to allow these gap periods to elapse without doing serious preparation work.  It is important to begin planning at the earliest date for what is needed to meet CIA terms and conditions, which will assist in this effort, and development of a project plan for execution.   The planning process and timelines for meeting CIA requirements will have to take into account when reports by the IRO, and possibly the compliance expert, are due to the OIG.

Steve Forman, CPA, has over 35 years’ experience, having served as both as a compliance officer and as an IRO many times, and as a compliance expert four times under a CIA. He advises compliance officers that one step that cannot be undertaken too soon is getting the Executive/Management Compliance Committee and Board Compliance Committee involved. They need to understand fully in practical and operational terms their personal obligations, along with what is needed from them to meet CIA obligations.   He also strongly recommends at the first indication that a CIA may be in the future to begin reviewing posted agreements on the OIG website, especially those that involve similar types of organizations.   One point of caution is that the OIG has been changing CIAs significantly as to new requirements, conditions, and certifications by board members and executives. Information derived from these reviews should be translated into a plan of action to ensure the organization is in tune with what the OIG will expect.  He strongly suggests that compliance officers consider engage compliance experts to do two things:

  1. Have the compliance program conduct an independent evaluation and act on findings and recommendations. Having such a report with evidence of correcting any deficiencies can be invaluable evidence to the OIG in making a determination as to whether a CIA is necessary and, if so, mitigating terms and conditions. It will be looking for this evidence.
  2. Once a CIA is executed, immediately engage experts to conduct a mock audit to test the terms and conditions that must be met under the CIA and to have them addressed before the IRO or compliance expert under the CIA begins work.

Taking these two steps can avoid a lot of problems, expenditures and complications under a CIA. The OIG takes evidence of independent experts serious. That is why they rely upon them as IROs, Compliance Experts, and Quality Monitors.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on
Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.