Kusserow on Compliance: Tips on mergers and acquisitions due diligence

– Failing to engage in regulatory due diligence may result in legal exposure

– Most M&As in health care fail to adequately check regulatory risk liabilities

Tom Herrmann, a former senior executive in the Office of Counsel to the Inspector General (OCIG) and Medicare Appeals Council Appellate Judge, provides interesting insights on this subject as result of his government experience and work with due diligence reviews.  Traditionally, law firms conducting due diligence reviews focus on contracts and other legal obligations. They examine a multitude of areas including an entity’s structure; contractual, intellectual and property obligations; securities and financing compliance; tax exposure risks; and previous and current litigation. Public accounting firms assess the financial accountability and viability of an entity. It is not uncommon for the accounting and law firms to have the scope of their due diligence reviews limited to their areas of expertise, which often do not include health care regulatory compliance. This may result in a failure to adequately review and address potential problems in the regulatory compliance arena. Regulatory due diligence is a specialized review process that requires the application of certain protocols, and protocols and can be performed quickly and efficiently to identify areas of regulatory risk and vulnerability. A review should include assessing the effectiveness of the entity’s compliance program; evaluating internal monitoring of high-risk areas; conducting sample of claims audits and extrapolations; and the ongoing internal audit process of a company. Regulatory compliance experts know where to look for weaknesses without having to do a “deep dive.” Thus, such a review can be performed in an efficient and cost-effective manner. He offers the following tips for those engaged in M&A:

  1. Any party considering an acquisition or entering into a merger should adequately assess potential future government enforcement or regulatory action. This provides an incentive for an acquiring party to require the disclosure prior to a merger or acquisition of any information or documentation relating to a pending or potential government enforcement or regulatory action.

 

  1. The matters disclosed during a regulatory due diligence review may encompass a broad range of issues, including employing or contracting with an excluded party, a flawed arrangement with a physician, or Medicare or Medicaid overpayments.

 

  1. Once a potential legal or regulatory violation is identified, a resolution of the matter, including self disclosure to appropriate government authorities, should be addressed by the parties.

Tom Herrmann may be reached at thermmann@strategicm.com or at (703) 535-1410 for more information on this topic.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Meeting sanction checking mandates

As the HHS Inspector General, I created what is now referred to as the List of Excluded Individuals and Entities (LEIE) that was followed by OIG compliance guidance documents which call for checking employees, physicians, vendors, and contractors against the LEIE. The OIG considers all claims and costs associated with an excluded party as potentially false and fraudulent and can lead to significant financial penalties and more. The OIG Special Advisory Bulletin on the Effect of Exclusion provides very useful information in assessing this risk area. CMS mandates, as a condition of enrollment, providers may not employ or contract with individuals or entities that are excluded from participation in any federal health care program and call for checking not only against the LEIE, but also the General Service Administration’s (GSA) Excluded Parties List System (EPLS), now part of the System for Award Management (SAM). CMS further called upon State Medicaid Directors to establish their own sanction data base and requires providers to check it on a monthly basis. To date, 40 states have moved to establish their own Medicaid sanction lists with other states in the process of doing the same. This has increased the sanction screening burden exponentially, not only for the compliance office but other departments as well. HR often has responsibility of sanction checking new hires and periodically current employees. Procurement is also affected because they handle the screening of vendors and contractors. The Medical Credentialing Office must ensure checking on physicians who have been granted staff privileges.  Other federal sanction databases worth screening are maintained by the DEA and FDA, as well as the Department of the Treasury Office of Foreign Assets Control (OFAC) Terrorist Watch List.

Daniel Peake, of the Compliance Resource Center (CRC), works with clients to provide a variety of CRC services that includes providing sanction checking services, as well as the investigation and resolution of potential hits. He noted that the time and resources necessary for developing and maintaining a search engine, along with regularly collecting and updating sanction information from many databases is not very cost effective. This high cost of using internal resources to develop and manage the sanction checking has resulted in the great majority of health care entities subscribing to a vendor service that provides a search engine to their established databases. Vendors can afford the high cost of maintaining the currency of the data because they amortize the costs over many clients. The problem is that that vendor quality, cost, and reliability can vary enormously.  From experience, he offered the following tips for those considering a vendor:

 

Tips on choosing a vendor search engine service

  1. Know the cost up front with a fixed rate, not based upon per click searches.
  2. Contract should permit cancelling without cause at any time, if dissatisfied.
  3. Ensure vendor has liability insurance ($ 1 to 3 million preferably).
  4. Determine other services included (e.g. policy templates, regulatory updates, etc.).
  5. Determine how much “help desk” assistance is available to resolve potential hits.

 

For more information, contact Daniel Peake at (dpeake@complianceresource.com) (703-236-9854).

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: OIG provides Medicaid fraud and overpayment update to Congress

The OIG testified before the Senate Committee on Homeland Security and Governmental Affairs regarding Medicaid Fraud and Overpayments. Up front, it was noted that the Medicaid program has 67 million beneficiaries, costing $600 billion annually with projected improper Medicaid payments at about $59 billion. Key points of the testimony were:

  1. Complete and reliable national Medicaid data—which is necessary for effective program oversight and to quickly detect and address improper payments, fraud, waste, or quality concerns—is limited.
  2. Transformed Medicaid Statistical Information System (T-MSIS) data was mandated to address problems with national Medicaid claims and eligibility data. All states except Wisconsin and the District of Columbia have begun reporting data to T‐MSIS, but the data elements may not mean the same thing across states. CMS must ensure that the same data elements are consistently reported and uniformly interpreted across states.
  3. Eighty percent of all Medicaid beneficiaries receive part or all of their services through managed care entities who are required to report medical claims data to states who then report it to CMS via T‐MSIS. Without accurate and timely data, it is not possible to analyze costs, utilization or trends; evaluate benefits; or determine the quality of services being provided.  Medicaid managed care encounter data was found to be incomplete and CMS needs to ensure this corrected.
  4.  Lack of quality national Medicaid data to identify fraud schemes and other vulnerabilities that cross state lines is hampering enforcement efforts. Identifying schemes in one state can alert other states to patterns of fraudulent or abusive practices that may be occurring in their jurisdiction and can be referred to law enforcement agencies. CMS must improve Medicaid data to ensure T‐MSIS achieves its full potential.
  5. States have not fully enacted enhanced provider screening that prevents bad actors from entering the Medicaid program to reduce improper payments and protect patients from harm, such as conducting fingerprint‐based criminal background checks and site visits. States need timely, complete, and accurate data to identify the providers seeking access to Medicaid monies and patients. CMS must ensure that states timely and fully implement critical safeguards.
  6. The Medicaid improper payment rate is 10.1 percent and CMS is working with state Medicaid agencies to develop corrective action plans that address state‐specific reasons for improper payments as a part of CMS’s Payment Error Rate Measurement Program (PERM). Additional guidance to the states by CMS is needed. OIG has also identified a number of states that inflate payment rates to increase their Federal Medicaid funding and CMS needs to closely review state Medicaid plans and plan amendments for potentially inappropriate cost‐shifting from states to the federal government.
  7. The OIG has found that states are not always correctly determining Medicaid eligibility for beneficiaries. The Affordable Care Act (ACA) allowed states to expand Medicaid eligibility and claim a higher Federal Medical Assistance Percentage, but incorrectly determining beneficiaries’ eligibility could result in the improper shift of costs from the state to the federal government. States must comply with requirements to verify applicants’ income, citizenship, identity, and other eligibility criteria in order to verify eligibility criteria.
  8. Medicaid is overpaying for prescription drugs due to underpaid rebates. Manufacturers are generally required to pay rebates to the states for covered outpatient drugs under the Medicaid Drug Rebate Program that includes reporting product and pricing information to CMS that is used to calculate the rebates owed. Manufacturer misreporting can result in manufacturers’ underpaying rebates, which inappropriately increases federal and state Medicaid costs. Overseeing states’ collection of manufacturer rebates remains a challenge for HHS.
  9. Medicaid must know with whom it is doing business, not only to prevent improper payments to ineligible providers, but also to protect beneficiaries from low‐quality care. The varying standards, and in some cases, minimal vetting, for Medicaid personal care services (PCS) providers, potentially expose the Medicaid program to financial fraud and Medicaid beneficiaries to abuse and neglect. CMS needs to improve states’ ability to monitor billing and care quality by enrolling PCS attendants as providers, or require them to register with their state Medicaid agencies, and assign each attendant a unique identifier.
  10. The OIG found that up to 99 percent of critical incidents of abuse and neglect of developmentally disabled were not reported to the appropriate law enforcement or state agencies as required. The OIG worked with the HHS Administration for Community Living, Office for Civil Rights, CMS, as well as with the DOJ and States to create a joint report entitled Ensuring Beneficiary Health and Safety in Group Homes Through State Implementation of Comprehensive Compliance Oversight. It features suggested model practices for states and CMS with four main aspects of handling critical incidents: investigation, reporting, correction, and transparency and accountability. It also detailed suggestions as to what actions states should take when group homes repeatedly fail to report incidents.
  11. The OIG partners with state Medicaid Fraud Control Units (MFCUs) which, last year, reported more than 1,500 convictions, nearly 1,000 civil settlements and judgments, and more than $1.8 billion in criminal and civil recoveries. The 50 existing MFCUs receive 75 percent of their funding on a matching basis from the federal government but often they encounter severe restrictions on their ability to maintain or expand staff.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Appealing exclusions–practical advice

Attorneys and consultants frequently have sanctioned clients desperately wanting to appeal and overturn the HHS Office of Inspector General (OIG) decision on exclusion, adding them to the List of Excluded Individuals and Entities (LEIE). The desperation is driven by the fact that exclusion is tantamount to putting them out of business. Few health care providers of services and products can function without access to federal health care programs and trying to continue servicing in that area after exclusion represents further violation of law with increased penalties.

Tom Herrmann, J.D., served over 20 years in the Office of Counsel to the Inspector General and as Appellate Judge for the Medicare Appeals Counsel and is frequently engaged to assist in Medicare appeals. He explained that there is, indeed, a process for appeal on exclusion to an HHS Administrative Law Judge (“ALJ”), the HHS Departmental Appeals Board (“DAB”), and ultimately the federal courts.  However, he warns that trying to appeal exclusions imposed by the OIG is not generally advisable, in that they are rarely overturned.  This is because most exclusion actions, both mandatory and discretionary, are derivative of a prior official action, whether it is court conviction or licensure board revocation.  Upon appeal, the underlying predicate action for exclusion may not be challenged through the established administrative and judicial review process.  The governing regulations provide further that an ALJ may not “review the exercise of discretion by the OIG to exclude an individual or entity under section 1128(b) of the Act, or determine the scope or effect of the exclusion.”   Moreover, the ALJ is prohibited from setting “a period of exclusion at zero, or reduce[ing] a period of exclusion to zero, in any case where the ALJ finds that an individual or entity committed an act described in section 1128(b) of the Act.”

Furthermore, an excluded party can affect entities with who affiliated. Should a provider permit an excluded party to be involved in services, it will create a liability to that organization.  As a condition of participation in Medicare/Medicaid, it is the affirmative duty and responsibility of the organization to ensure that any provider of services or products that is included in claims submitted for payment to those programs are licensed, qualified and NOT excluded.  To engage excluded parties places in jeopardy the entity’s status as a provider.  Furthermore, it is the OIG’s position that all claims submitted that include anything from a sanctioned provided may be considered false and potentially fraudulent.  Providers should take steps to avoid being poisoned by excluded parties.  Sanction screening can be a challenge because of multiple exclusion databases and variations of names and data.

Practical tips

Organizations should consider the following:

  • The fact that most exclusions arise from court or licensing agency actions underscores the importance of sanction screening and conducting background investigations prior to engaging employees, contractors, and vendors, to ensure they have not been subject to adverse actions by these authorities.
  • Screen parties before engaging them and thereafter periodically (e.g. monthly) against the LEIE or relevant State sanction lists.
  • Ensure data used in screening is accurate and up to date. Frequently, sanctioned parties disguise their exclusion with a name change (e.g. spouse surname), variations on name (particularly significant in the case of names that are transliterated).
  • Include on any application for employment or for medical privilege a statement that they are not under investigation and have not been subject of adverse action by any duly authorized enforcement agency.
  • Check the enrollment and exclusion status of physicians and other non-physician practitioners that routinely order or prescribe, as any services ordered or prescribed by an excluded health care practitioner will not be eligible for program payments.
  • If a party is verified to be on an exclusion list, take immediate action to terminate the party; determine the monetary exposure of the services involving that party that was billed to Federal health care programs; and disclose the findings to the OIG.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.