Kusserow on Compliance: Benefits of employing compliance liaisons

Kash Chopra is an MBA and J.D. consultant with Strategic Management, a firm that has built managed evaluated and enhanced hundreds of compliance program. She is a strong advocate for compliance officers making use of Compliance Liaisons (CLs) and notes that many organizations with multiple sites have found them an effective adjunct to the compliance program which can be used to champion the program at outlying or remote facilities or locations.  Among the major benefits of CLs is that they can serve an important role in extending the reach of the compliance office to an organization’s different geographies and businesses. There are many other benefits in that they can be used to develop and expand proactive approaches to regulatory interactions, ensure full visibility regarding what is happening in outlying facilities and locations, and provide the ability to communicate compliance office initiative at their locale while communicating what is happening in their business environment. The CL’s provide an avenue by which to keep organization leadership informed on how shifts in the regulatory landscape are affecting current and—equally important—proposed operational activities. In addition to understanding the organization’s inherent regulatory risks, they should have basic understanding of regulators’ expectations as to how the organization can mitigate risks. However she warns, to be effective, it is very important that they are provided with clear and detailed responsibilities as well as the resources, authority, and independence required to conduct their duties effectively.

 

Compliance Liaison Benefits

  • Raising and maintaining compliance awareness at the local area
  • Providing early identification emerging risks areas and issues
  • Aiding in the investigation and resolution of compliance issues
  • Communicating information on compliance priorities to department faculty and staff
  • Assisting in planning and implementing compliance education/training programs
  • Assisting in development of effective auditing/monitoring plans
  • Providing a channel to refer compliance issues to the compliance office
  • Calling attention to emerging compliance-related issues
  • Assisting in communicating regulatory and legal issues to help ensure compliance
  • Tracking specific metrics for the compliance office
  • Providing a process for responding to regulator requests
  • Assisting in scheduling meetings to discuss compliance matters
  • Providing a process for escalating compliance issues
  • Tracking compliance issues from identification, through investigation to resolution

For more information, Chopra can be reached at KChopra@strategicm.com or (703) 535-1413

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Is outsourcing HIPAA privacy worth considering?

The Ninth Annual Healthcare Compliance Benchmark Survey, conducted by SAI Global and Strategic Management Services, revealed that the highest-ranking priority focus for 2018 was dealing with data breaches. Nearly 75 percent of the 388 responding organizations reported that the compliance office had taken the responsibility for HIPAA Privacy. The Survey also indicated compliance office resources were being strained in meeting all their responsibilities. This was underscored with the reported fact that 75 percent of compliance offices were staffed with five or fewer staff, with one third of offices having only a one person staff.

Kash Chopra, JD, MBA, has outsourced a number of data protection officers (DPOs) in a variety of organizations, as result of the fact that many compliance offices don’t have the experience and knowledge to address the wide range of duties and responsibilities of privacy offices. This is consistent with a growing trend of outsourcing functions that are not at the core of the mission of the organization. When providing outsourced DPOs, they are normally placed under direction of the compliance officer. Most of the DPOs she has provided work at or below an average of 20 hours per week with most of the work being performed remotely.  What makes this possible is that  DPOs already have expertise and are current on state and Federal requirements, as well as what is needed in the development, implementation, and maintenance of privacy policies and key documents that address privacy requirements. The DPO will know how to address and oversee the monitoring of data access and investigations as well as breaches and complaints. Among the advantages of using DPOs are:

  1. Permits compliance officers to focus on other compliance areas
  2. Not paying the loaded cost of a fulltime W-2 employee
  3. DPOs are more efficient with no learning curve on HIPAA
  4. Bring experience and detailed knowledge of federal and state laws/regulations
  5. Experience in dealing with privacy issues
  6. Better risk protection
  7. Lower fixed costs and reduced staff workload
  8. Expertise in HIPAA/HITECH privacy and security compliance

Chopra can be reached at KChopra@strategicm.com or (703) 535-1413 for more information about using HIPAA experts to serve as a DPO.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Understanding and addressing whistleblowers

The vast majority of the cases resolved by the Civil Division of the Department of Justice (DOJ) were cases brought by “whistleblowers” under the qui tam provision of the False Claims Act (FCA). Whistleblowers are responsible for an even higher percentage of cases resulting in OIG Corporate Integrity Agreements (CIAs). Although most compliance officers are well aware of this program, many remain unclear as to how the process works. Tom Herrmann, J.D., who served over 20 years in the Office of Counsel to the OIG and as an Appellate Judge for the Medicare Appeals Board, explained that Congress permitted a whisltleblower called the “Relator” to file a case with the DOJ under the FCA.  Since this provision of law went into effect in 1986, there have been over 10,000 qui tam cases filed with a current average of one such case being filed every day of the year. The intent was to create incentives for private parties to detect and pursue fraud under the FCA. In return for reporting this information, Relators receive a portion (usually about 15 to 25 percent) of any recovered damages.  Once the lawsuit is filed, it is placed “under seal”, meaning that it is kept secret from everyone but the government, in order to give the DOJ enough time to investigate the allegations in deciding whether to join (“intervene”) in the case. Intervention by the DOJ occurs only in about one in five qui tam lawsuits, leaving whistleblowers the option to pursue cases on their own, however the chances of success are much lower than in cases when the government joins. Most successful qui tam cases are resolved through settlement negotiations rather than a court trial, although trials may occur.

Kash Chopra, J.D., noted that the overwhelming number of cases that result in a CIA, arise from whistleblowers and these, in turn, are based upon violations of the federal Anti-Kickback Statute (AKS). It is the government’s position that all claims arising from a corrupt arrangement violating the AKS or in some cases, the Stark Law, are considered fraudulent. This is even when the services rendered were needed and provided appropriately.  She advises here clients that the best ways to manage the whistleblower risk is to ensure that they are channeled through internal communication channels and their complaints are promptly evaluated, investigated, and resolved.  It is worth considering the following:

  1. Using outside experts to independently audit arrangements with physicians and evaluate compliance communication channel effectiveness.
  2. Ensuring a 24/7 hotline operated externally by experts in recognizing health care compliance issues.
  3. Reviewing/updating hotline-related polices/procedures (confidentiality, anonymity, non-retaliation, duty to report, etc.).
  4. Making sure that the duty to report suspected wrongdoing is explained in the Code, policies and training.
  5. Having trained and competent people on hand to conduct prompt and competent investigations of matters raised through the hotline.
  6. Moving quickly to use CMS and OIG self disclosure protocols when there is credible evidence of violations; and not wait until the DOJ gets involved.

For more information on this subject, Kashish Parikh-Chopra can be reached at kchopra@strategicm.com or via telephone at (703) 535-1413.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Internal investigations by any other name

In most organizations, there are many people who may be called upon to respond to a complaint or concern raised by an employee; few of these complaints or concerns, however, might rise to the level of requiring a formal investigation. Emil Moschella, JD is a highly experienced health care compliance consultant who previously served as an FBI executive and also taught at the FBI National Academy. He warns to be careful about calling something an “investigation,” as it is an emotionally charge term that may lead people to infer a lot more about what is occurring than is factually correct. If a person believes that something may result in referral to an enforcement agency, the situation may make them more defensive and cautious when responding to questions.  As such, wherever possible, he advises using neutral terminology to avoid unnecessarily exciting concerns and speculation among employees. There are a lot of other terms that can be used as the definition of “investigation.” It is a detailed and systematic inquiry into something, often through gathering facts and information to solve a problem or resolve an issue. A number of other activities in organizations could meet that general definition, including conducting an audit, evaluation, internal inquiry, or internal review. He has found that characterizing the activity using these “less charged” terms can avoid the potential emotional response of using the term investigation.

Kashish Parikh-Chopra, JD, MBA, CHC, CHPC works with compliance officers to train staff on conducting internal investigations. She notes that many complaints, allegations, and concerns are often very routine in nature that can be resolved within a day or two through normal management procedures or with Human Resources. However, when confronted with a serious or complex matter, it is necessary to have properly trained individuals conduct the investigation in order to avoid aggravating matters and potentially creating additional problems. Professional investigators cannot be expected to be available for a compliance office to conduct an internal investigation, however, certain basic principles should be taught to anyone taking on the role of an investigator in an organization. Those who may become actively involved in internal investigations may include individuals from the compliance office, Human Resources, internal audit, privacy/security officers, legal counsel, etc. They should undergo training by experts to learn how to plan an investigation, conduct proper interviews, organize evidence, prepare written reports, and manage documentation. This can be done by participating in investigator training through webinars, conferences, or having experts provide training on-site.

 

For more information, Kashish Parikh-Chopra can be reached at kchopra@strategicm.com or via telephone at (703) 535-1413.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.