Kusserow on Compliance: Questions concerning compliance outsourcing

One of the most significant recent trends has been the movement towards outsourcing as many functions as possible that are not directly involved in a business’s core activities. The two most prevalent motivations for outsourcing are cost savings and gaining expertise. For most, there are many questions regarding this practice in the compliance arena.

WHY? Today, many pieces of compliance offices are routinely outsourced to enable the compliance office to focus on the core elements of the program. Among the common outsourced functions to vendors are hotlines, sanction screening services, and training programs. In some cases, the reason to seek expert assistance arises upon departure that creates a gap where assistance is needed until a replacement can be hired. Also, an existing compliance program may need supplemental assistance to deal with added responsibilities, such as HIPAA Privacy/Security Officer support.

WHEN? Often the decision is made when there are identified weaknesses or gaps in operations, such as a vacancy in compliance, privacy and security officers. In other cases, it may be the need for quick fixes as result of government intervention, such as settlement mandates.

WHERE? Where do you find necessary compliance expertise to engage? The easiest starting point is checking the internet to find professional journal articles on the subject. This can provide additional insights into the subject, as well as identify experts on the subject. Also, an Internet search can identify firms that may provide the needed service.

WHO? Who are some of these experts that can fill gaps or supplement compliance programs that have built, assessed, and managed effective compliance programs? They are individuals with hands on experience in multiple circumstances and settings that make them an expert.The following are examples of experts with extensive compliance program consulting experience, as well as having served in multiple compliance officer roles:

  • Cornelia Dorfschmid, Phd, over 20 years of health care consulting experience with service on multiple occasions as designated/interim compliance officer with hospital systems and physician practices.
  • Steve Forman, CPA, 12 years as a health care consultant; 10 years as VP for Audit/Compliance at a hospital system; and multiple service as interim/designated compliance officer.
  • Suzanne Castaldo, JD, CHC, experienced consultant who served as interim/designated compliance officer several times
  • Thomas E. Herrmann, JD, 20 years with the Office of General Counsel to the IG; 6 years as Appellate Judge for the Medicare Appeal Council; and 5 years as a compliance consultant and multiple service as interim/designated compliance officer

HOW? How can an organization use compliance experts to best advantage? There are a lot of benefits in using qualified experts, but key in investing in hiring them is to bring an optimum return of benefit for the cost by ensuring a lot of added value. In addition to day-to-day management, consider including some of the following:

  1. Examine the program to confirm strengths, and identifying opportunities for improvement
  2. Conduct an independent evaluation of the program for senior management and board
  3. Review the Code and other written guidance
  4. Evaluate quality and effectiveness of compliance training
  5. Assess high-risk areas that warrant attention
  6. Assess resources needed to effectively operate the compliance program
  7. Have them identify and build metrics evidencing compliance program effectiveness
  8. Use them to assist in identification and evaluation of candidates for the permanent position
  9. Provide a “road map” for incoming compliance officer to follow

WHAT? What is the level of effort needed to use compliance experts in compliance programs?  For even large organizations, a true compliance expert can hold things together for several months without having to be full time on site. Most organizations can keep their compliance program efficiently using an expert for 50 to 80 hours per month for up to 6 months, before it becomes critical to have a permanent compliance officer put in place. For smaller organizations and most physician practices, the number of hours is often half that rate. With current technology and communication, not all hours need to be on site; however, the key is to have the expert on call and available to address any emergent issues. It is worth noting that the OIG has accepted the fact that for smaller organizations, it may make sense to engage a qualified expert as the Designated Compliance Officer. The OIG cites many reasons an organization may consider using an outside expert, instead of a W-2 full time employee.

For more information on this topic, contact Suzanne Castaldo, JD at scastaldo@strategicm.com.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: OIG Civil Monetary Penalties Law enforcement actions for the second half of 2019

Many remain unaware of the Civil Monetary Penalties Law (CMPL). It comes into action when the DOJ believes false claim cases don’t rise to a level sufficient for prosecution in the courts. The OIG is authorized under the CMPL to impose administrative penalties, assessments, and exclusions against a person who, among other things, submits, or causes to be submitted, claims to a federal health care program that the person knows, or should know, are false or fraudulent. The exclusions statute also authorizes OIG to exclude a person who violates the CMPL. Those who appeal the OIG imposed penalties can appeal to an HHS Administrative Law Judge (ALJ). It is rare that an ALJ has overturned the OIG. During this semiannual reporting period, the OIG concluded cases involving more than $30 million in CMPs and assessments.

THE CMPL can be thought of as the administrative version of the False Claims Act. This means that any person who submits, or causes to be submitted, to a federal health care program a claim for items and services that the person knows, or should know, is false or fraudulent is subject to a penalty of up to $15,270 for each item or service falsely or fraudulently claimed, an assessment of up to three times the amount falsely or fraudulently claimed, and exclusion.

For the purposes of the CMPL, “should know” is defined to mean that the person acted in reckless disregard or deliberate ignorance of the truth or falsity of the claim. The law and its implementing regulations also authorize actions for a variety of other violations, including submission of claims for items or services furnished by an excluded person; requests for payment in violation of an assignment agreement; violations of rules regarding the possession, use, and transfer of biological agents and toxins; and payment or receipt of remuneration in violation of the anti-kickback statute.

Additional authorities for the OIG use of CMPL have been added in recent years. The Patient Protection and Affordable Care Act (ACA) added more grounds for imposing CMPs. These include, among other types of conduct, knowingly making, or causing to be made, any false statements or omissions in any application, bid, or contract to participate as a provider in a federal health care program (including Medicare and Medicaid managed care programs and Medicare Part D). The ACA authorizes a penalty of up to $55,262 for each false statement, as well as activities relating to fraudulent marketing by MCOs, their employees, or their agents. The 21st Century Cures Act added more grounds for imposing CMPs, assessments, and exclusion from federal health care programs for fraudulent conduct in an HHS grant, contract, or other agreement. The OIG may assess CMPs of up to $10,000 per claim and assessments of up to three times the amount claimed for knowingly presenting a false or fraudulent claim. In addition, the OIG may impose a penalty of up to $50,000 and assessments of up to three times the amount of funds at issue: (1) for each instance of knowingly making a false statement in a document required to be submitted in order to receive funds under an HHS contract, grant, or other agreement; (2) for knowingly making or using a false record or statement that is material to a false or fraudulent claim; and (3) for knowingly making or using a false record or statement material to an obligation to pay or transmit funds or property owed to HHS. The OIG may impose a penalty of up to $10,000 per day and assessments of up to three times the amount at issue for knowingly concealing, or knowingly and improperly avoiding or decreasing, an obligation owed to HHS with respect to an HHS grant, contract, or other agreement. Finally, The OIG may impose a penalty of up to $15,000 per day for failing to grant timely access to OIG upon reasonable request for audits or to carry out other statutory functions in matters involving an HHS grant, contract, or other agreement.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 202o Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Is there no limit to fraud cases?

Doctor convicted in connection to a $325 million fraud case

Falsely diagnosing patients with lifelong illnesses

Needlessly subjected patients to unnecessary medications

A Texas rheumatologist was convicted in a jury trial in connection with a $325 million healthcare fraud case. He was found guilty of falsely diagnosing patients with lifelong illnesses and needlessly subjecting them to unnecessary medications such as chemotherapy drugs and then falsely billing insurers for millions of dollars. The DOJ saw this as an extremely egregious case because the doctor falsely diagnosed vulnerable patients—the young, elderly and disabled—with life-long diseases requiring invasive treatments that those patients did not in fact need.

The DOJ further noted that many of the patients, including one as young as 13, suffered physical and emotional harm as a result of the chemotherapy injections, hours’ long intravenous infusions, and other excessive, repetitive and profit-driven medical procedures. Also noted was that the evidence presented at trial showed that to obstruct and mislead a federal grand jury investigation, the doctor falsified medical records.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 202o Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Not all data breaches are from accidents or cyber attacks

1,182 Beaumont Health patient records compromised

Employee passed patient information to a personal injury law firm

Undetected for 3 years

Not found by hospital but from an alert by the Attorney Grievance Commission

OCR not notified because it was not a data breach

An employee for Beaumont Health, an eight-hospital health system in Michigan, was caught siphoning sensitive patient information without permission then handing it over to a personal injury attorney. The medical records involved 1,182 individuals. The identity of the law firm was not identified and it is not clear how the law firm used the information. The case is under investigation and all persons whose records were compromised are being notified.

The Michigan Health & Hospital Association was notified to alert other hospitals about the incident and guard against similar intrusions. The breach was discovered on December 10, 2019, and resulted in an internal investigation. The matter was not discovered by Beaumont, but as result of an alert by the Michigan Attorney Grievance Commission—a watchdog to maintain ethical law practices in the state. How the Commission learned of the issue was not reported.

It was determined that from February 1, 2017, until October 22, 2019, the employee accessed and disclosed protected health information (PHI) without authorization. The information accessed included names, addresses, dates of birth, phone number, email addresses, reason for treatment, insurance information, and Social Security numbers. Notified individuals have been advised on how to further protect their information and monitor financial accounts for fraud. They also were asked to closely review health insurance claim information. Those having Social Security numbers exposed have been given information about enrolling in free credit monitoring, Beaumont said.  Beaumont reported that they have no experienced or reported a data hack or unauthorized patient data loss to the Office of Civil Rights that tracks and investigates breaches of patient data.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 202o Strategic Management Services, LLC. Published with permission.