Kusserow on Compliance: Oncology remains high federal enforcement priority

Oncology continues to be a high enforcement priority for the DOJ, OIG, FBI, and CMS.  The latest fraud investigation by the DOJ involves CCS Oncology, large and prominent providers of cancer care. The reported question being investigated relates to possible billing irregularities involving Medicare and Medicaid. As with most cases related to oncology irregularities, the predication was by a “whistleblower.” The complaint alleges CCS billed for more expensive procedures than were actually performed, billed for procedures that never were performed, and performed medically unnecessary procedures on patients, among other violations, according to the source. The stream of cases is long enough to outline key factors that have led to settlements with the DOJ and OIG. Compliance Officers, whose portfolio of responsibilities include oncology services may wish to review the following to ensure none of these factors are at work in a manner that may trigger investigation.

Common Oncology Enforcement Issues

  1. Employees knowingly submitted false records to Medicare and Medicaid to increase revenue
  2. Claims submitted for services performed without required physician supervision
  3. Offering unnecessary treatments and services to patients
  4. Recruitment and treatment of terminal patients that should have been referred to hospice care
  5. Re-treatment of patients in excess of prescribed dosage limits
  6. Claims for services when physician reviews had not taken place
  7. Claims where treatment occurred without prior required IGRT scan
  8. Physicians allowed registered nurses to fill out prescriptions for medications
  9. Offering inducements (“kickbacks”) to patients by waiving their co-pays
  10. Conducting not necessary fluorescence in situ hybridization (FISH) tests for bladder cancer
  11. Filing payment claims for GAMMA functions by improperly trained physicians and staff
  12. Seeking payments for tests whose results doctors had not reviewed
  13. Billing E&M services on the same day as a related procedure
  14. Double and over-billing Medicare for services that lacked supporting documentation
  15. Improperly billing for radiation treatment without proper physician supervision
  16. Submitting false claims for magnetic resonance imaging (MRI) services
  17. Billing for services that were not documented in the patients’ medical records
  18. Billing twice for the same services
  19. Misrepresentation of the level of a service provided to increase reimbursement
  20. Routinely waived patient copayments as an inducement, then billing Medicare for them.
  21. Claims for services not performed, medically necessary, and/or properly documented
  22. Claims for services rendered to patients referred by physicians benefiting from referral
  23. Purchasing cancer treatments from unlicensed sources for oncology practice
  24. Diluting patients’ chemotherapy treatments and delivering in a manner designed to extend period of treatment time
  25. Claims for medically unnecessary or properly documented intensity-modulated radiation therapy (IMRT)
  26. Unsupported add-on claims for “special treatment procedures” and “specialty physics consults”
  27. Violating the Stark Laws and Anti-Kickback statute by rewarding referring physicians


Kusserow on Compliance: Extending and economizing compliance programs—tools, services and tips

Compliance officers are confronted with a host of ever increasing external regulatory and internal demands with most having inadequate resources to meet all the challenges.  Furthermore, it is becoming increasingly common to add responsibility for HIPAA Privacy to the portfolio of compliance officers’ duties. All of this results in ongoing efforts to find ways to extend capabilities, while being sensitive to limited available resources. There are finite options available. Of course, the preference is to handle all this with internal staff. However, unfortunately for most compliance officers, limitations on increased office staffing limits this option. In some cases, organizations turn to Out-Sourcing their compliance program. This is most often done as a measure to temporarily fill gaps with an Interim Compliance Officer (ICO) when an incumbent leaves, or smaller organizations contracting the function out to an individual or firm to assume responsibility by providing a Designated Compliance Officer (DCO). Co-Sourcing is a third option and “middle ground” between hiring new staff (In-Sourcing) and Out-Sourcing and may prove to be the best strategy available for compliance officers to take huge pressures away, if implemented correctly. It involves using limited vendor services and tools to address key elements in the compliance program.

Co-Sourcing Compliance Services/Tools

The key factor that separates Out-Sourcing from Co-Sourcing is the maintaining control and direction under the compliance officer. It involves using a third-party on an ongoing basis to supplement limited staff resources by carrying part of the workload. It can help bridge the gap without compromising the ability to easily return to a structure where the compliance officer reassumes full operation when staffing issues are resolved. This approach is also recognized by the OIG as a useful solution to where an organization is limited in-house compliance expertise and resources. Compliance Officers are increasingly employing this as a means as a practical solution when confronted with a staffing shortage and offers the advantage of using limited, rather than full time services. It also may permit gaining access to a range of specialist without having them full time on payroll.

Common Types of Co-Sourcing Tools/Services

Co-Sourcing Expert Services

There are a number of advantages of engaging outside experts for limited scope of work, especially to address staff shortage or obtaining technical skills that do not exist in-house. Careful use of vendors to supplement the Compliance Office can not only gain access to experts not available in-house, but can save time, money, and effort; while maintaining flexibility to end an arrangement at anytime, when no longer needed. The following are common examples of Co-Sourced services:

Co-Sourcing Tips

  1. Clearly define duties, tasks, responsibilities, and methodology for vendor to follow.
  2. Ensure the agreement is flexible to expand or contract levels of service as needed.
  3. Look for providers that have industry specific expertise.
  4. Check experience and seek references of the firm.
  5. Ensure individuals provided have the needed skills, experience, and expertise.
  6. Bigger is not always better, as smaller niche firms are more likely to provide better, less expensive services.
  7. If planning to Co-Source for multiple tools and services, consider seeking discounts for a “bundling” arrangement.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Compliance officers’ checklist—25 suggestions

Health care organizations are facing increasing risk of exposure to actions by government regulators or enforcement authorities. Government authorities are conducting aggressive investigations and taking actions to hold entities and responsible corporate executives more accountable. It is well understood that having an effective compliance program is a necessity to prevent and detect misconduct that could give rise to liabilities. Despite the abundance of guidance pertaining to corporate compliance, achieving a program that is effective in reducing the likelihood of unwanted events or actions that could give rise to liabilities remains a continuing challenge. The following are suggestions that Compliance Officers may wish to consider during the course of the year.

Ensure That…

  1. A charter for the Compliance Officer function provides proper empowerment and authority.
  2. Minutes of Board and executive oversight committee evidence proper support and oversight.
  3. A clear and consistent message is communicated to everyone that compliance applies to all, regardless of position.
  4. Program managers are engaged in ongoing monitoring over their areas, including risk identification, policies addressing those risks, training of their staff on them, and verifying they are adhering to them.
  5. The code of conduct (code) is written as the “Constitution” for the compliance program, setting forth commitments to the patients being served, staff performing the services, safety of the work environment, and adherence to applicable laws, regulations, and standards.
  6. The code is understandable by all employees; written at no higher than 10th grade level.
  7. Policies and procedures reflect in detail what must be followed to adhere to the code.
  8. Compliance program-related policies/procedures are up to date.
  9. A document management system that tracks changes, revisions, and recessions in policies.
  10. Adequate written guidance are in place for all risk-related aspects of the organization’s
  11. There is evidence that managers/executives are held responsible for supporting compliance.
  12. Adequate resources and support for the compliance program is evidenced in the record.
  13. Periodic independent assessments are made to evidence compliance program effectiveness.
  14. All deficiencies found in reviews are remediated quickly and documented.
  15. A test of the hotline to ensure calls are answered and reported promptly, accurately.
  16. Available metrics are used to confirm the hotline and other channels of communication are
  17. Compliance training and education effectively convey the commitment to compliance.
  18. There is evidence of employee understanding of compliance education programs.
  19. Employee participation in training is documented and filed.
  20. Policies address timely self-disclosures of overpayments and potential violations of law or regulation.
  21. Meaningful and consistent discipline occurs for conduct that violates the code.
  22. A process is in place to capture lessons learned from costly errors resulting from compliance weaknesses.
  23. Assessments are being conducted for all high-risk areas and corrective actions for identified weaknesses.
  24. Periodic surveys of employees to measure and evidence employee understanding of the compliance program; and in measuring the compliance culture of the organization.
  25. Compliance is included in management performance reviews and compensation.


Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Reminder to compliance officers—EMTALA is a high risk area

EMTALA enforcement is on the rise, and a good example of this was AnMed Health, a hospital located in South Carolina. The hospital recently agreed to pay $1.3 million for violating EMTALA; the largest such settlement to date and it included a CIA. This was as result of failing to provide appropriate screening examinations and stabilizing treatment to patients presented to the emergency department (ED) with psychiatric conditions. As large as the penalty was, the OIG indicated it would have likely been much larger, but AnMed was credited with being cooperative with the OIG during the investigation and having engaged in significant corrective action. It is worth recalling that the OIG issued new regulations that (1) increased the civil monetary penalty amounts for EMTALA violations and (2) encourage providers to self-report EMTALA violations to CMS in order to potentially receive more lenient penalties where there is a violation of the law. Compliance officers should ensure the EMTALA high-risk area is being addressed by ongoing monitoring and auditing. The following offers a suggestions and tips for Compliance officers provided by the Policy Resource Center that have detailed audit guides for high-risk areas, including EMTALA, as well as many related policies and procedures. For more information, contact them directly.

EMTALA Policies

Comprehensive EMTALA policies should address:

  • Who conducts screening with detailed screening protocols
  • Processes for reassessing patients after initial screenings
  • Screenings to be conducted by a physician or qualified medical personnel
  • Documentation and uniformity of screenings regardless of ability to pay
  • Conduct and timeframes for stabilization of patients as obligated under EMTALA
  • Process and patients’ rights for transfers
  • Requirements for physician certifications and medical record documentation for transfers
  • Processes for transfers into the hospital
  • Transfers to medical records and patient consent
  • Refusal for emergencies transfers and state-specific transfer requirements
  • Prohibition of retaliation against whistleblowers that make reports
  • Creating a method to internally report and address potential violations and timely conduct investigations
  • Any changes in the law or accreditation standards.

Training on Policies

The key to a successful EMTALA program is education so that the policies can be followed appropriately by frontline staff. All new staff assigned to the ED should first undergo intensive training on EMTALA policies and annual refresher training is advisable. The training should address scenarios of real life situations that prepare for making quick decisions on the job.

Determine EMTALA Investigating and Reporting Responsibility

EMTALA complaints can come from many sources, including other hospitals, patients, family members and ambulance companies. They frequently also are reported to CMS and the OIG.  It is critical that reported EMTALA issues are addressed promptly and appropriately and how this is handled is viewed seriously by regulatory and enforcement agencies. Clinical leadership should play a key role in this process, but they should understand when and how they would work with the compliance officer and legal counsel who will need to be involved in guiding investigations and interactions with government agencies. Investigations at the direction of legal counsel, especially outside counsel, will preserve privilege, especially since EMTALA provides for the potential for a private cause of action in malpractice cases.

22 Ongoing Auditing EMTALA Tips

  1. Verify that policies/procedures specifically address EMTALA compliance.
  2. Check to see that transfer policies and arrangements are being followed
  3. Determine if there are long delays in the ED
  4. Review triage and screening protocols and training
  5. Review on-call polices and contracts to ensure the ED has adequate coverage
  6. Review bylaws related to who can conduct screenings
  7. Ensure that staff members are not requesting payment prior to screening patients
  8. Review transfer forms and logs
  9. Conduct a medical record audit for screening and transfers
  10. Confirm whistleblower protections
  11. Review internal reporting chain
  12. Review training materials and documentation
  13. Verify specialists are on staff to meet the screening and stabilization requirements, as well as inpatient capabilities for stabilizing emergency patients
  14. Ensure there are no payments requested prior to screening patients
  15. Verify policies prohibit retaliation against whistleblowers that make reports
  16. Verify a method for internally reporting (e.g. hotline) and addressing potential violations
  17. Check to see there is a central log that is properly maintained for disposition and compliance with legal requirement
  18. Confirm that the physician on-call list reflects coverage of services available to inpatients
  19. Verify triaging of patients is being performed properly
  20. Verify all physicians come to the facility when called and are in compliance with the timeframes set forth in policies
  21. Confirm all transfers of individuals with un-stabilized EMCs are initiated either by (a) a written request for transfer or (b) a physician certification regarding the medical necessity for the transfer
  22. Verify there is an established a transfer request log to capture necessary information.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.