Kimberly Johnson, RHIA, CPC, CHC - Health Care Compliance ...
Kimberly Johnson, RHIA, CPC, CHC - Health Care Compliance ...
Kimberly Johnson, RHIA, CPC, CHC - Health Care Compliance ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Volume Twelve<br />
Number Seven<br />
July 2010<br />
Published Monthly<br />
Meet<br />
<strong>Kimberly</strong> <strong>Johnson</strong>,<br />
<strong>RHIA</strong>, <strong>CPC</strong>, <strong>CHC</strong><br />
Professional Practice<br />
<strong>Compliance</strong> Officer,<br />
Corporate <strong>Compliance</strong> Office,<br />
University of Kentucky<br />
<strong>Health</strong><strong>Care</strong><br />
PAGE 14<br />
Feature Focus:<br />
Sparking an epidemic of<br />
compliance<br />
PAGE 20<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
Earn CEU Credit<br />
www.hcca-info.org/quiz—see page 35<br />
The ten compliance<br />
commandments<br />
for medical device<br />
manufacturers<br />
PAGE 42<br />
1<br />
July 2010
Global <strong>Compliance</strong>:<br />
Good for BusinessSM<br />
Hotline<br />
Solutions<br />
Training &<br />
Education<br />
Expert Advice<br />
Expert solutions and insight to<br />
protect your organization’s integrity –<br />
helping you avoid costly and<br />
potentially devastating ethics<br />
and compliance issues.<br />
Performance &<br />
Benchmarking<br />
Learn more about our<br />
complete ethics and<br />
compliance solutions.<br />
Contact us today at<br />
800-876-6023 or contactus@<br />
globalcompliance.com.<br />
July 2010<br />
2<br />
www.globalcompliance.com<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org
INSIDE<br />
Publisher:<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association, 888-580-8373<br />
Executive Editor:<br />
Roy Snell, CEO, roy.snell@hcca-info.org<br />
Contributing Editor:<br />
Gabriel Imperato, Esq., <strong>CHC</strong><br />
Editor:<br />
Margaret R. Dragon, 781-593-4924, margaret.dragon@hcca-info.org<br />
Copy Editor and Proofreader:<br />
Patricia Mees, <strong>CHC</strong>, CCEP, 888-580-8373, patricia.mees@hcca-info.org<br />
Layout and Production Manager:<br />
Gary DeVaan, 888-580-8373, gary.devaan@hcca-info.org<br />
HCCA Officers:<br />
Jennifer O’Brien, JD, <strong>CHC</strong><br />
HCCA President<br />
Medicare <strong>Compliance</strong> Officer<br />
United<strong>Health</strong> Group<br />
Frank Sheeder, JD, CCEP<br />
HCCA 1st Vice President<br />
Partner<br />
Jones Day<br />
Shawn Y. DeGroot, <strong>CHC</strong>-F, CHRC, CCEP<br />
HCCA 2nd Vice President<br />
Vice President Of Corporate Responsibility<br />
Regional <strong>Health</strong><br />
John C. Falcetano, <strong>CHC</strong>-F, CIA, CCEP-F, CHRC<br />
HCCA Treasurer<br />
Chief Audit/<strong>Compliance</strong> Officer<br />
University <strong>Health</strong> Systems<br />
of Eastern Carolina<br />
Catherine M. Boerner, JD, <strong>CHC</strong><br />
HCCA Secretary<br />
President<br />
Boerner Consulting, LLC<br />
Daniel Roach, Esq.<br />
Non-Officer Board Member<br />
to the Executive Committee<br />
Vice President <strong>Compliance</strong> and Audit<br />
Catholic <strong>Health</strong>care West<br />
Julene Brown, RN, MSN, BSN, <strong>CHC</strong>, <strong>CPC</strong><br />
HCCA Immediate Past President<br />
Director of Corporate <strong>Compliance</strong><br />
Innovis <strong>Health</strong><br />
CEO/Executive Director:<br />
Roy Snell, <strong>CHC</strong>, CCEP-F<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association<br />
Counsel:<br />
Keith Halleland, Esq.<br />
Halleland Habicht PA<br />
Board of Directors:<br />
Urton Anderson, PhD, CCEP<br />
Chair, Department of Accounting and<br />
Clark W. Thompson Jr. Professor in<br />
Accounting Education<br />
McCombs School of Business<br />
University of Texas<br />
Marti Arvin, JD, <strong>CPC</strong>, CCEP-F, <strong>CHC</strong>-F, CHRC<br />
Chief <strong>Compliance</strong> Officer<br />
UCLA <strong>Health</strong> Sciences<br />
Angelique P. Dorsey, JD, CHRC<br />
Research <strong>Compliance</strong> Director<br />
MedStar <strong>Health</strong><br />
Brian Flood, JD, <strong>CHC</strong>, CIG, AHFI, CFS<br />
National Managing Director<br />
KPMG LLP<br />
Margaret Hambleton, MBA, CPHRM, <strong>CHC</strong><br />
Senior Vice President<br />
Ministry Integrity, Chief <strong>Compliance</strong> Officer<br />
St. Joseph <strong>Health</strong> System<br />
Dave Heller<br />
Director, Ethics<br />
Boeing Government and International Operations<br />
Rory Jaffe, MD, MBA<br />
Executive Director, California Hospital Patient<br />
Safety Organization (CHPSO)<br />
Matthew F. Tormey, JD, <strong>CHC</strong><br />
Vice President<br />
<strong>Compliance</strong>, Internal Audit, and Security<br />
<strong>Health</strong> Management Associates<br />
Debbie Troklus, <strong>CHC</strong>-F, CCEP-F, CHRC<br />
Assistant Vice President<br />
for <strong>Health</strong> Affairs/<strong>Compliance</strong><br />
University of Louisville<br />
Sheryl Vacca, <strong>CHC</strong>-F, CCEP, CHRC<br />
Senior Vice President/Chief <strong>Compliance</strong><br />
and Audit Officer<br />
University of California<br />
Sara Kay Wheeler, JD<br />
Partner–Attorney<br />
King & Spalding<br />
<strong>Compliance</strong> Today (CT) (ISSN 1523-8466) is published by the <strong>Health</strong> <strong>Care</strong><br />
<strong>Compliance</strong> Association (HCCA), 6500 Barrie Road, Suite 250, Minneapolis, MN<br />
55435. Periodicals postage-paid at Minneapolis, MN 55435. Postmaster: Send<br />
address changes to <strong>Compliance</strong> Today, 6500 Barrie Road, Suite 250, Minneapolis,<br />
MN 55435. Copyright 2010 <strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association. All rights<br />
reserved. Printed in the USA. Except where specifically encouraged, no part of this<br />
publication may be reproduced, in any form or by any means without prior written<br />
consent of the HCCA. For Advertising rates, call Margaret Dragon at 781-593-<br />
4924. Send press releases to M. Dragon, 41 Valley Road, Nahant, MA 01908.<br />
Opinions expressed are not those of this publication or the HCCA. Mention of<br />
products and services does not constitute endorsement. Neither the HCCA nor<br />
CT is engaged in rendering legal or other professional services. If such assistance is<br />
needed, readers should consult professional counsel or other professional advisors for<br />
specific legal or ethical questions.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
4 Developments in the Physician Supervision Rule:<br />
Cracks in the façade<br />
By Edwin Rauzi and Kent “Bernie” Thurber<br />
New guidance from CMS contradicts its earlier stand on<br />
physician supervision of therapy in critical access hospitals.<br />
6 CEU: Opportunity knocks for hospital boards to impact<br />
clinical quality By Janice A. Anderson and C. Jason Hannagan<br />
Study reveals that the hospital board members’ role in overseeing<br />
quality-of-care issues has a direct impact on quality overall.<br />
12 CEU: Waived laboratory tests: Meeting regulatory<br />
requirements and implementing best practices<br />
By Melissa Scott<br />
Point-of-care testing has many benefits, but requires proper<br />
planning and oversight.<br />
14 Meet <strong>Kimberly</strong> <strong>Johnson</strong>, Professional Practice<br />
<strong>Compliance</strong> Officer, UK <strong>Health</strong><strong>Care</strong><br />
An interview by Julene Brown<br />
18 Letter from the CEO By Roy Snell<br />
My favorite photo<br />
19 Social Networking By John Falcetano<br />
20 Sparking an epidemic of compliance By Stephen Kelly<br />
Using small, incremental changes may be what’s needed to<br />
improve compliance in your organization.<br />
26 State attorney general oversight of financial practices<br />
of nonprofit corporations<br />
By Gary W. Herschman and Anjana D. Patel<br />
A case from New Jersey illustrates the need for strong<br />
management of the assets of a nonprofit corporation.<br />
29 <strong>Health</strong> care compliance: Not ready for prime time<br />
By Raj Chaudhary<br />
A majority of covered entities and business associates admit they<br />
are not in compliance with HIPAA privacy and security provisions.<br />
32 The Six Sigma compliance screening process: An<br />
engineer’s perspective By Brady Ballman<br />
Keys to finding a more efficient way to perform compliance<br />
screening of employees, physicians, and vendors.<br />
36 Privacy and security risk assessment based on GRC<br />
principles By Andy Reeder<br />
Using the six phases of risk assessment to break down silos<br />
between areas of common interest.<br />
38 CEU: Managing employee turnover in a shrinking<br />
workforce By Joyce Freville<br />
As the Baby Boomer generation ages, labor shortages of<br />
qualified nurses will have an impact on quality of care.<br />
42 The ten compliance commandments for medical<br />
device manufacturers By Jennifer E. Williams<br />
Ten rules to help you steer clear of regulatory infractions that<br />
can lead to major monetary fines and mandatory oversight.<br />
48 A snapshot of training at the HCCA <strong>Compliance</strong> Academy<br />
By Sheryl Vacca<br />
Creativity and fun are key to learning and retention.<br />
49 Newly Certified <strong>CHC</strong>s and CHRCs<br />
50 New HCCA Members<br />
3<br />
July 2010
July 2010<br />
4<br />
Developments in the<br />
Physician Supervision<br />
Rule: Cracks in the<br />
façade<br />
By Edwin Rauzi, JD and Kent “Bernie” Thurber, JD<br />
Editor’s note: Ed Rauzi and Bernie Thurber<br />
are partners in the Seattle and Portland Offices,<br />
respectively, of Davis Wright Tremaine, LLP.<br />
They work for clients in the health care delivery<br />
system full-time, all the time. Ed may be reached<br />
by telephone at 206/757-8127 and Bernie’s<br />
number is 503/778-5202.<br />
Two recent developments with respect<br />
to the rules governing physician<br />
supervision in hospital outpatient<br />
departments are noteworthy. They are:<br />
n In an untitled, one-paragraph press release,<br />
CMS announced on March 15th that it<br />
would not enforce the physician supervision<br />
rules against critical access hospitals<br />
(CAHs) in 2010.<br />
n On April 23rd, on its website CMS posted<br />
a document entitled “Common Questions<br />
about Supervision Requirements for<br />
Medicare Payment of Hospital Outpatient<br />
Services,” which includes seven questions<br />
and answers. 1 The answers strike a much<br />
more realistic and conciliatory tone than<br />
the recent Preamble discussions.<br />
The key question is whether these cracks in<br />
the façade will lead to a breakthrough, or<br />
CMS will patch up and paint over them.<br />
As “clarified” by CMS in 2008 and 2009, the<br />
Physician Supervision Rule requires a physician<br />
to be available to step in and take over<br />
or change a therapy in progress in a hospital<br />
outpatient department. The physician should<br />
be “credentialed” to perform the therapy, and<br />
cannot be involved in anything that cannot<br />
be interrupted. If the hospital department is<br />
on the main campus, then the physician may<br />
“supervise” from anywhere on the hospital’s<br />
campus. In an off-campus provider-based<br />
department, the physician must be in that<br />
department in order to supervise.<br />
Medicare does not pay the physician for supervising<br />
the therapy. If the requisite degree of<br />
supervision is not provided, then the hospital<br />
should not submit a claim to Medicare. 2<br />
CAHs are unique in that Medicare allows them<br />
to deliver many services through physician<br />
extenders, such as physician assistants (PAs)<br />
or nurse practitioners (NPs). The reason for<br />
the relaxed rule is the shortage of physicians in<br />
many rural areas. As individual CAHs rightfully<br />
pointed out to CMS, requiring physicians to<br />
supervise outpatient procedures contradicts the<br />
Congressionally-approved CAH delivery model.<br />
Based on second-hand reports, this message<br />
was delivered forcefully and with emotion by<br />
CAHs and their advocates during an Open Door<br />
conference call held on March 9, 2010. (The<br />
Hospital & Hospital Quality Open Door Forum<br />
is a conference call held regularly by CMS. 3 )<br />
Politically, CMS may have had no choice<br />
but to exempt CAHs from its draconian<br />
clarification of the Physician Supervision<br />
Rule. CAHs are near and dear to the hearts of<br />
many members of Congress who have rural<br />
constituencies. As a matter of policy, however,<br />
the decision casts doubt about the rationale<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
CMS offered for the rule, which is that “quality”<br />
demands physician supervision.<br />
As readers of <strong>Compliance</strong> Today are aware,<br />
CMS argued in 2008 and 2009 that direct<br />
physician supervision is necessary in order<br />
for quality care to be delivered in hospital<br />
outpatient departments. 4 There is no empirical<br />
evidence, however, that supervision at a level<br />
less than “direct” results in substandard care.<br />
If such evidence existed, then CMS would be<br />
authorizing CAHs to deliver substandard care.<br />
If you take CMS’ comments at face value—<br />
that quality is the driving force behind the<br />
decision—then CMS could justify exempting<br />
CAHs under two circumstances:<br />
n First, supervision by physician extenders in<br />
CAHs is inherently better than physician<br />
supervision in urban medical centers; or<br />
n Second, Medicare beneficiaries seeking services<br />
from CAHs should not expect quality care.<br />
Neither of those propositions is correct; they<br />
are proposed for the sake of argument because<br />
CMS rejects the best answer: that direct physician<br />
supervision is not necessary for hospital<br />
outpatient departments to provide quality care.<br />
CMS answers “common” questions<br />
As this article was going to press, another bit<br />
of guidance emerged in the form of seven<br />
questions and answers on CMS’s website. 1<br />
On the surface, it suggests that CMS may be<br />
beginning an ordered retreat from some of<br />
the harsh aspects of their clarified policy.<br />
Compare the statement from the November 20,<br />
2009 Federal Register notice Preamble to the<br />
Changes to the Physician Supervision Rule (below)<br />
with the statement from the more recent advice:<br />
Preamble:<br />
This interpretation of the previously codified<br />
language is consistent with our longstand-
ing application of direct supervision across<br />
settings in terms of the physical presence of<br />
the physician and what it means to ‘‘furnish<br />
assistance and direction throughout the<br />
performance of the procedure.’’ We do not<br />
believe that allowing a supervisor to be<br />
responsible for emergencies only would satisfy<br />
the standard to ‘‘furnish assistance and<br />
direction throughout the performance of the<br />
procedure’’ as the language has historically<br />
been interpreted for physicians’ offices and<br />
PBDs [provider-based departments]. We<br />
disagree with commenters who stated that<br />
the historical intent of direct supervision has<br />
been for a supervising physician to provide<br />
guidance and direction without expecting<br />
that professional to be able to perform the<br />
service or procedure and that performance<br />
of the procedure applies only to personal supervision.<br />
It would be unreasonable to think<br />
that a physician or nonphysician practitioner<br />
could competently assist and direct a procedure<br />
for which they do not have sufficient<br />
knowledge and skills to perform or redirect<br />
the procedure or service. (emphasis added)<br />
Common question #5:<br />
Can an emergency department<br />
physician or non-physician practitioner<br />
directly supervise therapeutic<br />
outpatient services while in the<br />
emergency department? In most cases,<br />
the emergency physician or non-physician<br />
practitioner can directly supervise outpatient<br />
services so long as the emergency<br />
physician in the emergency department<br />
of the campus is immediately available,<br />
meaning that, if needed, he or she<br />
could reasonably be interrupted to furnish<br />
assistance and direction in the delivery of<br />
therapeutic services provided elsewhere in<br />
the hospital. We have stated that the supervisor<br />
must be a person who is “clinically<br />
appropriate” to supervise the therapeutic<br />
service or procedure. We believe that most<br />
emergency physicians can appropriately<br />
supervise many services within the scope<br />
of their knowledge, skills, licensure, and<br />
hospital granted privileges including observation<br />
services. With regard to whether<br />
an emergency physician or a non-physician<br />
practitioner could be interrupted, such that<br />
the emergency physician could be immediately<br />
available, each hospital will need to<br />
assess the level of activity in their emergency<br />
department and determine whether at least<br />
one emergency physician or non-physician<br />
practitioner could be interrupted to furnish<br />
assistance and direction in the treatment of<br />
outpatients. (emphasis added)<br />
To our eyes, CMS’s more recent discussion is<br />
much closer to an attainable goal than the prior<br />
pronouncements. There is still something of a<br />
fiction in the assumption that an emergency<br />
room physician will not, from time to time, be<br />
engaged in activities that cannot be interrupted,<br />
but the concession is a welcome development<br />
in a process that had been going in the wrong<br />
direction for at least two years. The good news<br />
is that hospitals now have something to “hang<br />
their hats on” if they choose to do less than<br />
radically restructure the delivery of outpatient<br />
services. The bad news is that the guidance is<br />
now contradictory, and there is still plenty of<br />
potential for mischief if the Preamble statements<br />
fall into the hands of a whistleblower’s attorney.<br />
Conclusion<br />
Hospital outpatient departments have been<br />
delivering high quality care without a direct<br />
level of supervision for years. The best<br />
examples are the chemotherapy departments<br />
of rural hospitals where oncologists are on-site<br />
only one or two days a week. Because of CMS’<br />
misguided attempt to promote quality, cancer<br />
patients may be forced to travel long distances<br />
to receive chemotherapy. The hardships those<br />
patients will face is a compelling argument<br />
against applying the new rule to rural hospitals.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
Granted, there may be hospital outpatient<br />
procedures for which direct supervision is<br />
appropriate. But, requiring direct supervision<br />
for all outpatient procedures—as a “one size<br />
fits all” rule—cannot be squared with CMS’s<br />
recent decision. If CMS is firmly committed to<br />
the concept of requiring some level of supervision,<br />
then they need to study the therapies and<br />
regulate them with a much narrower focus.<br />
CMS announced that it “plans to revisit the<br />
issue of supervision for therapeutic services<br />
provided to hospital outpatients in CAHs<br />
through the annual rulemaking cycle for<br />
calendar year (CY) 2011.” An interesting<br />
question is whether that rulemaking will be<br />
limited to CAHs, or whether other hospitals<br />
will be allowed to present equally compelling<br />
reasons why CMS should not apply the<br />
Physician Supervision Rule to them. Given<br />
the recent guidance, perhaps there is a way to<br />
broaden the moratorium on enforcement.<br />
It is impossible to know the outcome of the<br />
rule-making process in advance. From a<br />
policy perspective, however, CMS has painted<br />
itself into a corner from which escape will<br />
not be easy. One diplomatic retreat might<br />
be for CMS to suspend application of the<br />
rule generally while it reviews whether some<br />
therapeutic procedures might be appropriate<br />
for “general” physician supervision. Given the<br />
demands created by health reform legislation,<br />
that review might take some time to complete.<br />
At this point, a return to the earlier rule—that<br />
physician supervision of outpatient services on<br />
a hospital’s main campus is “presumed”—is<br />
probably best outcome for all concerned. n<br />
1 The document is available at http://www.cms.gov/HospitalOutpatientPPS/Downloads/Common_Questions_about_Supervision_in_the_<br />
Outpatient_Setting.pdf<br />
2 74 Fed. Reg. at 60575 et seq.<br />
3 See http://www.cms.gov/OpenDoorForums/18_ODF_Hospitals.<br />
asp#TopOfPage<br />
4 Rauzi, Thurber: CMS formalizes new guidance on physician supervision in<br />
hospital outpatient departments. <strong>Compliance</strong> Today, April 2009, pp 11-13<br />
Rauzi, Thurber: Physician supervision of hospital outpatient departments:<br />
CMS gets it wrong. <strong>Compliance</strong> Today, February 2010, pp 4-7<br />
5<br />
July 2010
July 2010<br />
6<br />
Opportunity knocks<br />
for hospital boards<br />
to impact clinical<br />
quality<br />
By Janice A. Anderson, Esq. and C. Jason Hannagan, Esq.<br />
Editor’s note: Janice A. Anderson, Shareholder hospitals with respect to quality. 1 The results<br />
in the Chicago offices of Polsinelli Shughart of the study could be instrumental in how<br />
PC, has over 25 years experience focusing on the federal government determines to best<br />
health regulatory and compliance issues and influence quality in hospitals.<br />
over 30 years experience working in the health<br />
care industry. She may be contacted by e-mail The authors of the study, Harvard Professors<br />
at janderson@polsinelli.com or by telephone at Ashish Jha and Arnold Epstein, surveyed nonprofit<br />
312/873-3623.<br />
hospital board chairs regarding whether hospital<br />
boards are engaged in overseeing clinical quality<br />
C. Jason Hannagan is a former Associate with and, if so, whether the boards’ involvement leads<br />
Polsinelli’s Kansas City office. He may be contacted to improved quality. In addition to highlighting<br />
by e-mail at jhannagan@dstsystems.com.<br />
that quality of care is not currently a top priority<br />
for many hospitals, the survey exposed a direct<br />
The hospital board’s role in ensuring<br />
quality of care is increasingly a top priority and the performance of the hospital<br />
correlation between those boards where quality is<br />
important as reimbursement changes on nationally-reported quality metrics (i.e., those<br />
based on quality become more prevalent. hospitals with boards identifying quality as a<br />
Notwithstanding, the exact role hospital board top priority were much more likely to be high<br />
members need to assume to enhance hospital performing on quality metrics).<br />
quality of care is not well defined. This article<br />
discusses (1) the results of a recent study published<br />
by <strong>Health</strong> Affairs journal on hospital care hospitals that reported quality data to the<br />
The survey was focused on nonprofit acute<br />
boards’ influence in impacting quality of care; Hospital Quality Alliance (HQA) in 2007. For<br />
(2) recent trends in the health care industry in each hospital, the authors calculated an overall<br />
focusing boards on improving quality of care; quality score based on the hospital’s performance<br />
on 19 evidence-based practices reported<br />
and (3) recommendations on how hospital<br />
boards can better impact quality of care in nationally in three clinical conditions (i.e.,<br />
their organizations.<br />
acute myocardial infarction, congestive heart<br />
failure, and pneumonia). The authors randomly<br />
chose 1,000 hospitals from this group,<br />
Study on hospital board’s impact on quality<br />
of care<br />
over-sampling those ranked in the top 10%<br />
Although there have been several studies linking<br />
hospital board practices with the quality (“low-performing”) of HQA performance.<br />
(“high-performing”) and the bottom 10%<br />
of care provided to patients, <strong>Health</strong> Affairs<br />
journal published the first national survey of The survey focused on five categories:<br />
board chairs related to performance of their n board training and expertise in quality;<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
n quality as a priority for board oversight<br />
and evaluation of the chief executive officer’s<br />
(CEO’s) performance;<br />
n the board as an influential entity in the<br />
quality of care delivered by the hospital;<br />
n the board’s awareness of current quality<br />
performance; and<br />
n specific board functions related to quality,<br />
such as setting priorities for quality,<br />
devoting time to quality during meetings,<br />
and examining quality “dashboards” (i.e.,<br />
report cards containing the hospital’s quality<br />
performance data).<br />
Board training and quality of care<br />
Although nearly three-quarters of the board<br />
chairs surveyed reported having moderate<br />
or substantial expertise in quality of care<br />
represented on their boards, only 32% of the<br />
respondents reported receiving any formal<br />
training in clinical quality, and such training<br />
was far more common in high-performing than<br />
low-performing hospitals (49% versus 21%).<br />
Among hospital boards receiving training on<br />
clinical quality, the board members spent a<br />
median of four hours total on quality issues.<br />
Board oversight priorities and CEO<br />
evaluations<br />
More than half of board chairs chose clinical<br />
quality as one of the two top priorities for<br />
board oversight, but board chairs of high<br />
performing hospitals chose quality as a top<br />
priority more often than those of lowperforming<br />
hospitals. Just 44% of all surveyed<br />
board chairs chose clinical quality as one of<br />
the top two priorities for evaluating CEO<br />
performance. Financial performance, rather<br />
than clinical quality, was the primary factor<br />
selected by the respondents for determining a<br />
CEO’s performance (high-performing, 70%<br />
versus low-performing, 75%).<br />
Perceived influences on quality of care<br />
Only 20% of respondents reported that the
chairperson of the board, the board itself, or<br />
one of the board’s committees were one of the<br />
two most influential forces driving quality of<br />
care in their hospital. Board chairs from highperforming<br />
hospitals were nearly four times as<br />
likely as those from low-performing hospitals<br />
to report that the board was influential in<br />
impacting quality of care in their hospitals<br />
(38% versus 11%). In contrast, 69% of board<br />
chairs reported that the CEO was one of the<br />
top two influences on quality.<br />
performance was on the agenda at every board<br />
meeting in only 63% of US hospitals, whereas<br />
financial performance was on every agenda<br />
in 93% of hospitals. Furthermore, less than<br />
half of the hospitals spent at least 20% of the<br />
board’s time discussing quality of care.<br />
Board priority setting<br />
Most respondents reported that their boards<br />
had established, endorsed, or approved goals<br />
in four areas of quality: hospital-acquired<br />
infections (82%), medication errors (83%),<br />
focus extensive attention on the role hospital<br />
governance plays in the quality of health care<br />
in hospitals. It all started in 1999 when the<br />
Institute of Medicine (IOM) reported that as<br />
many as 98,000 people die each year because<br />
of preventable medical harm, making medical<br />
error the fourth leading cause of death in the<br />
United States. The IOM report, titled “To Err<br />
is Human: Building a Safer <strong>Health</strong> System,”<br />
estimated the total annual cost of errors to be<br />
between $17 billion and $29 billion. The report<br />
was a call to action for hospital leadership to<br />
Familiarity and perception of current<br />
performance<br />
More than two-thirds of the board chairs<br />
surveyed reported being somewhat or very<br />
familiar with the Joint Commission core<br />
measures or with HQA measures. As expected,<br />
chairs from high-performing hospitals were<br />
significantly more likely than those from lowperforming<br />
hospitals to report such familiarity<br />
(80% versus 64%). When questioned about<br />
their hospital’s current level of performance,<br />
66% of the respondents rated their institution’s<br />
performance on the Joint Commission core<br />
measures or HQA measures as either better<br />
or much better than that of the typical US<br />
hospital. Surprisingly, only 1% of board chairs<br />
reported that their institution’s performance<br />
was worse or much worse than the typical hospital.<br />
Among the low-performing hospitals,<br />
no respondent reported that their performance<br />
was worse or much worse than that of the<br />
typical US hospital, and 58% reported their<br />
performance to be better or much better, thus<br />
indicating that board chairs of low-performing<br />
hospitals mistakenly believe the quality at their<br />
institutions to be much better than it is.<br />
the HQA/Joint Commission core measures<br />
(72%), and patient satisfaction (91%). In<br />
these areas, high-performing hospitals were<br />
more likely than low-performing hospitals to<br />
have established goals to improve care.<br />
The survey demonstrated that programmatic<br />
emphasis on quality was not a consistent<br />
priority for the boards at most US nonprofit<br />
hospitals. Also, the survey highlighted the sizable<br />
difference between how a high-performing<br />
hospital prioritized quality for board oversight<br />
compared to that of a low-performing hospital.<br />
Specifically, there was a 37% gap between<br />
high-performing and low-performing hospitals<br />
for prioritizing quality for board oversight.<br />
Most importantly, the authors of the survey<br />
revealed that US hospitals have significant<br />
variation in whether quality is a governance<br />
priority, as evidenced by quality being a<br />
consistent agenda item for board meetings.<br />
Although the report did not clearly establish<br />
a causal link between board practices and<br />
quality of care, it is noteworthy that the<br />
survey did reveal that low-performing<br />
hospitals reported spending less time on<br />
take steps to improve patient safety and quality. 2<br />
After the 1999 IOM report, a plethora of<br />
government and private activities began, all<br />
focused on improving quality of care in the<br />
health care industry. In 2004, the National<br />
Quality Forum (NQF) members convened to<br />
discuss strategies for improving the quality of<br />
care in hospitals. As a result, the NQF released<br />
guidance to hospital governing boards on how<br />
to promote quality of care. 3 The guidance,<br />
titled, “A Call to Responsibility,” included<br />
a list of 23 recommendations for hospital<br />
governing boards to consider and implement<br />
in order to better improve quality of care in<br />
hospitals. The NQF recommendations focused<br />
on pragmatic steps the board should take to<br />
achieve better focus on quality of care. For<br />
instance, the NQF recommended that boards:<br />
n prominently place patient safety and quality<br />
issues (e.g., reviewing errors and their<br />
impact on hospital resources) on board<br />
meeting agendas;<br />
n engage more frequently in patient safety<br />
and quality improvement projects by<br />
establishing governance practices that<br />
support a system of performance measurement<br />
Performance reporting, agendas, and board<br />
function<br />
The results of the survey underscored that<br />
hospital boards generally are more concerned<br />
with financial performance than with<br />
issues of quality performance than those of<br />
high-performing hospitals.<br />
Recent trend<br />
Long before the above study, the health care<br />
and quality improvement; and<br />
n ensure that a system of performance<br />
measurement and quality improvement is<br />
in place and that credible results enable the<br />
evaluation of the organization’s effectiveness.<br />
quality performance. For instance, quality industry, government, and the public began to<br />
Continued on page 9<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
7<br />
July 2010
ARE YOU<br />
PREPARED<br />
FOR THE<br />
RAC AUDITOR?<br />
Take control with a strong defense<br />
The RAC Auditors will soon be calling on your hospital. The RAC appeals<br />
process is very complex and missed deadlines can result in the automatic<br />
recoupment of your legitimate revenues. To minimize your risk of financial<br />
losses, you need to be prepared with practical, reliable processes and<br />
controls to ensure that critical appeals deadlines are met, with complete,<br />
substantiated information.<br />
July 2010<br />
www.compliance360.com<br />
8<br />
<strong>Compliance</strong> 360 is the leader in compliance and risk management solutions<br />
for healthcare. More than 300 hospitals nationwide rely on us every day to<br />
ensure compliance with legal and industry regulations. Using our unique<br />
software solutions, they are always “audit ready” with both proactive<br />
defenses and the audit management tools needed to ensure successful<br />
audit response and appeals. We are proud to help these healthcare<br />
organizations prevent and contain compliance sanctions and we stand<br />
ready to help you as well.<br />
To learn more about the <strong>Compliance</strong> 360 Claims Auditor for managing<br />
RAC audits, please visit us at booth 102 at the HCCA <strong>Compliance</strong> Institute<br />
Conference, visit www.compliance360.com/RAC or call us at 678-992-0262<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
NEEDS A LOT OF WO
Opportunity knocks for hospital boards to impact clinical quality ...continued from page 7<br />
Two years later, in 2006, The Joint Commission<br />
Journal on Quality and Patient Safety published<br />
a report titled “Getting the Board on Board:<br />
Engaging Hospital Boards in Quality and<br />
Patient Safety.” The report focused on the<br />
role of hospital governance in quality. Unlike<br />
the <strong>Health</strong> Affairs article, which surveyed the<br />
chairs of nearly 1,000 hospitals, the Joint<br />
Commission’s report was based on interviews<br />
with CEOs and board chairs from only 30<br />
hospitals. The report revealed a significant<br />
disconnect between the CEO’s perception of<br />
the board’s level of expertise on quality-of-care<br />
issues and the board chair’s self-perception.<br />
The report also revealed a small link between<br />
board engagement in quality and hospital performance.<br />
The Joint Commission article suggested<br />
implementing several steps to improve<br />
a hospital’s overall performance with respect to<br />
quality of care including:<br />
n increasing education on quality-of-care issues,<br />
n improving the framing of an agenda for<br />
quality,<br />
n more quality planning and incentives for<br />
leadership and governance for quality<br />
improvement, and<br />
n greater focus on the patients.<br />
oversight obligations for ensuring quality of<br />
care are part of the board’s responsibilities<br />
under its fiduciary duties of care and obedience.<br />
The guidance explains that the fiduciary<br />
duty of care obligates boards to become<br />
involved in quality of care to discharge both<br />
its decision-making and oversight functions.<br />
For example, it is the governing board’s<br />
responsibility to actively monitor the hospital’s<br />
quality of care, which requires staying upto-date<br />
with the emergence of new quality of<br />
care issues, managing specific quality-of-care<br />
measurement and reporting obligations, and<br />
monitoring the organizational quality-of-care<br />
initiatives implemented by the medical staff.<br />
According to the guidance, the fiduciary<br />
duty of obedience to corporate purpose and<br />
mission also mandates governance to actively<br />
address quality of care, which is inherent in<br />
the purpose and mission of most non-profit<br />
health care organizations. Thus, to properly<br />
discharge the boards’ duty of obedience,<br />
boards should monitor the maintenance of<br />
standards of professional care within the<br />
organization. The guidance concludes that,<br />
due to the ever-increasing attention being<br />
paid to quality of care by the policy makers<br />
and agencies in federal and state government,<br />
that dashboards can be an important strategic<br />
tool to ensure that the board’s quality agenda<br />
is advanced. The final recommendations from<br />
roundtable participants also included establishing<br />
a business case for quality, educating the<br />
board on quality issues, establishing a culture<br />
of quality and accountability that permeates<br />
the hospital, and making quality transparent.<br />
Recommendations<br />
The <strong>Health</strong> Affairs study’s results will likely<br />
attract the attention of the applicable state<br />
and federal agencies on the potential role the<br />
board plays in influencing quality of care.<br />
Specifically, the study exposed that nearly<br />
half of the hospital board chairs surveyed<br />
do not see quality as a top priority and the<br />
vast majority of the boards lacked sufficient<br />
expertise and education on quality of care<br />
issues. Only a few board chairs surveyed had<br />
work experience in the health care industry,<br />
and less than one-third of chairs surveyed had<br />
formal training programs that include clinical<br />
quality. These results create an opportunity<br />
for improving quality of care by creating<br />
better awareness and training for hospital<br />
boards on quality-of-care issues.<br />
In September 2007, the Office of Inspector<br />
General (OIG) for the Department of <strong>Health</strong><br />
and Human Services (HHS), in partnership<br />
with the American <strong>Health</strong> Lawyers Association<br />
(AHLA), released a resource guide on<br />
quality of care for health care boards, titled<br />
“Corporate Responsibility and <strong>Health</strong> <strong>Care</strong><br />
Quality: A Resource for <strong>Health</strong> <strong>Care</strong> Boards<br />
of Directors.” 4 The resource guide focused<br />
on quality of care as a core fiduciary duty of<br />
governing boards of health care organizations<br />
and as a top priority of the OIG.<br />
boards will be held accountable for quality-ofcare<br />
failures in the hospitals that they govern.<br />
On November 10, 2008, the <strong>Health</strong> <strong>Care</strong><br />
<strong>Compliance</strong> Association (HCCA) teamed<br />
up with OIG to hold a government-industry<br />
roundtable called “Driving for Quality<br />
in Acute <strong>Care</strong>: A Board of Directors<br />
Dashboard.” 5 The roundtable focused on<br />
how a hospital’s board of directors can use<br />
performance scorecards or dashboards as a tool<br />
to promote quality of care in the institution.<br />
Although the one-day roundtable addressed a<br />
In light of the recent studies and guidance,<br />
hospital governing boards are encouraged to<br />
engage in quality-of-care initiatives that are<br />
consistent with the following principles:<br />
n Being informed<br />
n Improving board oversight, and<br />
n Improving infrastructure<br />
A more informed board<br />
A board should take several steps to ensure<br />
it is actively educating itself on key qualityof-care<br />
issues. First, a board must recognize<br />
quality of care is a core fiduciary obligation.<br />
OIG and AHLA intended for the guide<br />
to assist boards in promoting improved<br />
quality of care in hospitals. In the guidance,<br />
plethora of quality-of-care issues confronting<br />
hospital governing boards, its notable conclusions<br />
included that governance must lead the<br />
As noted above, quality of care falls under a<br />
board’s duty of care and obedience responsibilities.<br />
Secondly, the board should routinely<br />
OIG and AHLA explained how the board’s way for quality improvement in hospitals and<br />
Continued on page 11<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
9<br />
July 2010
MediRegs ® CCH ®<br />
The<br />
ComplyTrack Suite<br />
Total Solutions for Enterprise<br />
<strong>Compliance</strong> and Risk Management<br />
Regulatory<br />
Risk Assessment<br />
and<br />
Remediation<br />
Electronic<br />
Survey Tools<br />
& Audit<br />
Templates<br />
Incident<br />
Activity<br />
Management<br />
The<br />
ComplyTrack <br />
Suite<br />
Policy,<br />
Procedure &<br />
Document<br />
Management<br />
RAC and<br />
Claims-Based<br />
Audit<br />
Management<br />
Contract &<br />
Relationship<br />
Management<br />
MediRegs.com<br />
Aspen Publishers<br />
MediRegs ®<br />
<strong>Compliance</strong> Today ad CTrack.indd 1<br />
5/17/2010 10:01:54 AM
Opportunity knocks for hospital boards to impact clinical quality ...continued from page 9<br />
receive and understand reports on quality of<br />
care in the hospital (e.g., errors, outcomes).<br />
If the board is properly educating itself, it will<br />
be able to properly assess the hospital’s top<br />
quality and compliance risks.<br />
Improving board oversight<br />
The board’s oversight function can be<br />
improved if the board, administration, and<br />
the medical staff develop a quality agenda<br />
that is aligned with that of CMS, the Joint<br />
Commission, and other organizations. The<br />
Joint Commission has worked with CMS<br />
to publicly report quality measures to allow<br />
patients the opportunity to better distinguish<br />
between providers. CMS and the Joint Commission<br />
also have adopted standards used to<br />
grade a hospital’s performance in a number<br />
of areas, including quality-of-care issues. The<br />
closer the board-driven quality agenda is<br />
aligned with these standards, the less likely<br />
its hospital will face the consequences for<br />
not effectively ensuring its patients are being<br />
treated with the necessary quality of care.<br />
Another tool to improve board oversight<br />
is the use of a quality dashboard. Dashboards<br />
have emerged as an essential tool<br />
for hospital boards dedicated to advancing<br />
quality improvement within their hospitals.<br />
Dashboard reports use graphics to concisely<br />
present critical data in summary form.<br />
Dashboards expose problem areas in a board’s<br />
management of quality-of-care factors,<br />
which allows the board to focus on solutions<br />
to improve quality of care and advance the<br />
board’s agenda related to quality.<br />
The board should also assess whether the hospital<br />
management is addressing quality issues appropriately<br />
and is keeping the board informed on a<br />
regular basis. If not, it is possible that the hospital<br />
has profited by allowing its medical staff to render<br />
poor quality to the hospital’s patients—a fact<br />
that raises the ire of federal regulators, courts, and<br />
the public. Through appropriately structured<br />
oversight mechanisms, the board can avoid learning<br />
of serious quality problems through a costly<br />
and public enforcement action.<br />
Improving infrastructure<br />
Improving the infrastructure is a key<br />
component to the board fulfilling its role in<br />
ensuring quality of care in the hospital. The<br />
board’s infrastructure can be improved by<br />
recruiting board members who have expertise<br />
on quality-of-care issues. A board composed<br />
of members with expertise in quality, patient<br />
safety, and clinical areas will increase the<br />
likelihood that the board will recognize and<br />
understand quality-of-care concerns it may<br />
not have understood otherwise.<br />
A board can also improve the hospital’s<br />
infrastructure if the hospital’s executive team<br />
routinely conducts assessments of the hospital’s<br />
quality of care and communicates those<br />
results, along with other quality of care issues,<br />
to the board. Studies have disclosed that<br />
hospitals often fall short in areas of clinical<br />
quality when discussions between the board<br />
and management on these issues fail to occur<br />
on a regular basis. 6 Consistent and open<br />
dialogue between the board and the executive<br />
team members may also impact hospital-wide<br />
buy-in for quality initiatives that is necessary<br />
to improve quality of care.<br />
Hospital boards should also set up a structure<br />
to monitor management’s performance with<br />
respect to national benchmarks and work to<br />
eliminate any shortfalls in a timely manner.<br />
Under this principle, the board should establish<br />
compensation methodologies whereby the<br />
hospital’s executive team’s compensation is<br />
based, in part, on how the hospital measures up<br />
to the national benchmarks for quality of care.<br />
Conclusion<br />
The <strong>Health</strong> Affairs study identified significant<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
opportunity to improve the role hospital boards<br />
play in impacting clinical quality, and suggests<br />
that better board oversight is linked to higher<br />
quality of care. As a result, hospital boards<br />
should focus now on their role in driving clinical<br />
quality within the hospitals they govern and<br />
implement the necessary steps to make sure that<br />
quality is a top governance priority. n<br />
1 Ashish Jha and Arnold Epstein: Hospital Governance and the Quality of<br />
<strong>Care</strong>. <strong>Health</strong> Affairs, January/February 2010; 29(1):182-187<br />
2 Available at http://www.iom.edu/~/media/Files/Report%20Files/1999/<br />
To-Err-is-Human/To%20Err%20is%20Human%201999%20%20<br />
report%20brief.ashx<br />
3 National Quality Forum: Hospital Governing Boards and Quality of<br />
<strong>Care</strong>: A Call to Responsibility. Washington DC, 2004<br />
4 Available at http://oig.hhs.gov/fraud/docs/complianceguidance/CorporateResponsibilityFinal%209-4-07.pdf<br />
5 The report from this roundtable can be found at http://www.hcca-info.<br />
org/staticcontent/07OIGRoundtableReport.pdf<br />
6 Stephen Hines and Maulik Joshi: Getting the Board on Board: Engaging<br />
Hospital Boards in Quality and Patient Safety. Journal of Quality and<br />
Patient Safety, Volume 32 Number 4 (April 2006)<br />
Attention<br />
Fellow <strong>Compliance</strong><br />
Professional:<br />
In this difficult economic environment,<br />
it is more important than ever that we<br />
do what we can to help students who<br />
are enrolled in university and law school<br />
programs that focus on compliance<br />
(most of which have been certified by<br />
the <strong>Compliance</strong> Certification Board)<br />
find summer jobs, internships, and/or<br />
entry-level positions in the compliance<br />
and ethics profession. Whether you<br />
are a lawyer in a law firm, an ethics or<br />
compliance consultant, or an ethics &<br />
compliance officer, we encourage you<br />
to work hard to create opportunities for<br />
those trying to break into our profession.<br />
To help this effort along, HCCA<br />
has created a spot on the HCCA job<br />
websites www.hcca-info.org/intern where<br />
you could list opportunities for interns<br />
and students without charge. Please take<br />
advantage of this opportunity to post<br />
your positions to this site. In addition,<br />
we encourage all of you to do what you<br />
can to create opportunities wherever<br />
you can.<br />
11<br />
July 2010
Waived laboratory<br />
tests: Meeting<br />
regulatory<br />
requirements and<br />
implementing best<br />
practices<br />
By Melissa Scott, BS, <strong>CHC</strong>, <strong>CPC</strong><br />
certification. To comply with CLIA regulations<br />
for waived testing sites an entity must:<br />
n Enroll in the CLIA program by completing<br />
form CMS-116, 2 obtain a certificate,<br />
and pay the applicable fees to maintain<br />
active status;<br />
n Follow the manufacturer’s instructions for<br />
the waived test(s) performed;<br />
n Notify the applicable state agency 3 of any<br />
changes in lab ownership, name, address,<br />
or director within 30 days;<br />
n Notify the applicable state agency if adding<br />
tests that are more complex; and<br />
n Permit inspections when requested by a<br />
CMS agent.<br />
July 2010<br />
12<br />
Editor’s note: Melissa Scott is a senior consultant<br />
with Sinaiko <strong>Health</strong>care Consulting, Inc.,<br />
one of the nation’s leading independent health<br />
care management consulting firms. She works<br />
with health care organizations nationwide on<br />
a diverse range of compliance issues. For more<br />
information, please e-mail mscott@sinaiko.com<br />
or go to www.sinaiko.com.<br />
Congress passed the Clinical<br />
Laboratory Improvement<br />
Amendments (CLIA) 1 in 1988,<br />
which granted the responsibility for regulating<br />
all human laboratory testing (with the<br />
exception of research) to the Centers for<br />
Medicare & Medicaid Services (CMS). The<br />
goal of CLIA is to ensure standards for quality,<br />
consistency, and accuracy for every clinical<br />
laboratory test performed.<br />
The most significant outcome of the CLIA<br />
program is the requirement that all entities<br />
that accept materials from the human body<br />
for laboratory examination for the purpose<br />
of diagnosis, prevention, treatment, or<br />
the assessment of health must be properly<br />
certified. Certification requirements under<br />
CLIA vary, based on the complexity level of<br />
the tests performed. Laboratory tests can be<br />
classified as waived; moderate complexity,<br />
which includes provider-performed microscopy<br />
(PPM) procedures; or high complexity.<br />
This article addresses the specific regulatory<br />
requirements, compliance issues, and best<br />
practices with respect to waived tests, which<br />
pose particular and interesting challenges.<br />
Waived laboratory tests are most commonly<br />
used for point-of-care testing. To be deemed<br />
waived, the test must be cleared by the Food<br />
and Drug Administration (FDA) for home<br />
use; employ simple and accurate methodology<br />
that renders the potential for erroneous results<br />
negligible; or yield minimal risk of danger to<br />
the patient if performed incorrectly. Although<br />
CLIA is the regulatory body that oversees<br />
waived testing, ultimately it is the FDA that<br />
grants approval to the test manufacturer’s<br />
application for test system waiver. A complete<br />
list of waived tests is available at http://www.<br />
cms.hhs.gov/CLIA/downloads/waivetbl.pdf.<br />
Many fail to realize that just because a test has<br />
been granted waived status, it does not mean it<br />
is waived from regulatory requirements. Even<br />
if a provider never bills the patient or insurance<br />
for the analysis, regardless of volume,<br />
performance of waived testing requires CLIA<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
To ensure quality and reliability, the Centers<br />
for Disease Control (CDC) published “Good<br />
Laboratory Practices for Waived Testing<br />
Sites” 4 in the Morbidity and Mortality Weekly<br />
Reports (MMWR). If an entity is considering<br />
starting a waived testing program, this<br />
reference may serve as the “how to” guide<br />
that addresses pre-analytical, analytical,<br />
and post-analytical considerations. Existing<br />
waived testing laboratories should also evaluate<br />
and implement the practices outlined by<br />
the CDC to enhance their efforts to mitigate<br />
potential regulatory exposure. Areas of focus<br />
should include management responsibility,<br />
regulatory and safety requirements, testing<br />
space and facilities, benefits and costs, staffing,<br />
and documents and records.<br />
A laboratory director should be designated<br />
to provide management oversight for each<br />
waived testing location. Ideally, this designee<br />
would complete the CMS-116 CLIA application.<br />
The laboratory director should have<br />
the appropriate background and education<br />
to make sound decisions related to testing,<br />
quality, and regulatory compliance.<br />
In addition to the CLIA obligations outlined,<br />
waived testing sites must also consider the
many implications related to state and local<br />
regulations, safety, and the <strong>Health</strong> Insurance<br />
Portability and Accountability Act of 1996<br />
(HIPAA). 5 As a general rule, in the event that<br />
state or local requirements are found to be<br />
more stringent than federal, the more stringent<br />
will always supersede. Some laboratories may<br />
be granted CLIA-exempt status, meaning the<br />
laboratory has been licensed or approved by a<br />
state 6 in which CMS has determined that the<br />
state has enacted laws relating to laboratory<br />
requirements that are equal to or more stringent<br />
than CLIA requirements, and the state licensure<br />
program has been approved by CMS.<br />
A major variable by state is the licensure<br />
requirements for laboratory technicians and<br />
phlebotomists. Standards for workplace<br />
safety are mandated by the Occupational<br />
Safety and <strong>Health</strong> Administration (OSHA) 7<br />
and are job-specific, based upon potential<br />
hazards encountered. OSHA requirements<br />
may include a written exposure-control plan,<br />
job-specific safety training and equipment, or<br />
provision of hepatitis B vaccinations. There<br />
are also very specific prohibitions under<br />
OSHA which are commonly overlooked<br />
(e.g., no application of makeup, eating, or<br />
drinking in locations where specimens are<br />
collected or tested).<br />
With respect to the <strong>Health</strong> Insurance<br />
Portability and Accountability Act (HIPAA),<br />
waived testing sites are mandated (as all<br />
providers are) to establish policies and<br />
procedures to protect patient privacy and<br />
confidentiality. Whether on paper, electronic,<br />
or communicated orally, protected health<br />
information includes all patient identification<br />
and other personally identifiable information<br />
and test results.<br />
The designated laboratory area should provide<br />
adequate space to safely conduct testing and<br />
maintain privacy. The accuracy of test kits<br />
can potentially be hindered by environmental<br />
factors – such as humidity, temperature, and<br />
lighting – which also must be considered<br />
when setting up and maintaining laboratory<br />
space. The manufacturer’s product insert for<br />
each individual test will outline those conditions<br />
which are not conducive to testing.<br />
Prior to adding a new test, it is advised that<br />
an entity complete a cost/benefit analysis.<br />
It is not uncommon for the direct cost of<br />
a waived test kit to exceed the reimbursement.<br />
Indirect costs associated with test<br />
performance should also be considered, such<br />
as staff training, quality controls, calibrators,<br />
and equipment maintenance. There are times<br />
where a clinician may feel that the benefit of<br />
having that immediate test result outweighs<br />
the loss that is taken. These decisions should<br />
be made on a case-by-case basis, and it is best<br />
to have awareness up front of which tests will<br />
be revenue generators.<br />
It might come as a surprise to learn that<br />
the CDC identified staff competency and<br />
turnover as two of the biggest impacts on<br />
the quality and reliability of test results.<br />
The importance of training and periodic<br />
competency assessments should not be<br />
overlooked. Written policies and procedures<br />
should be developed, based on manufacturer’s<br />
test inserts, to guide staff training and<br />
job performance. CLIA mandates that all<br />
manufacturer’s instructions are to be followed<br />
when performing a waived test; adhering only<br />
to those found in a quick reference guide does<br />
not suffice. Additional procedures should be<br />
in place related to identification of a properly<br />
completed test order, patient identification<br />
verification, specimen collection, and specimen<br />
processing and handling.<br />
Documentation and record keeping are often<br />
vulnerable areas for waived testing sites. It is<br />
permissible to record test results in a laboratory<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
log book; however, it is important to note that<br />
an auditor will most likely look for test results<br />
in the medical record. Many audits uncover<br />
that the clinician’s interpretation of the test<br />
result is documented, but the actual test result<br />
itself is not. If the laboratory is not able to<br />
provide sufficient documentation of the test<br />
result, the test charges are disallowed, which<br />
results in an overpayment liability.<br />
Quantitative results should be documented<br />
with their unit of measurement. Qualitative<br />
results should be in narrative form (positive,<br />
negative, etc.) and not symbols (+/-).<br />
Reference ranges should be indicated, and<br />
results that are abnormal should be flagged.<br />
Procedures should indicate what values are<br />
considered critical in nature and the clinician<br />
notification protocols. In the event that an<br />
invalid result is obtained or recorded in error,<br />
it should not be erased from the chart and/<br />
or log. Additional documentation should be<br />
added to explain the anomaly and the corrective<br />
action taken.<br />
It is clear that a compliant waived testing program<br />
is not as simple as the name may imply,<br />
nor is waived testing free from regulatory<br />
oversight. There are many requirements and<br />
operational challenges that must be considered<br />
and addressed to minimize risks associated<br />
with even the most basic of laboratory testing<br />
platforms. However, with proper planning and<br />
oversight, a waived testing program can offer<br />
invaluable benefits to the patient and clinician,<br />
as well as added revenues. n<br />
1 Clinical Laboratory Improvement Amendments, 42 CFR Part 493.<br />
Available at: http://wwwn.cdc.gov/clia/regs/toc.aspx<br />
2 CMS-116 Form and Instructions. Available at http://www.cms.hhs.gov/<br />
cmsforms/downloads/cms116.pdf<br />
3 CLIA State Agency Contacts. Available at http://www.cms.hhs.gov/<br />
CLIA/downloads/CLIA.SA.pdf<br />
4 CDC Good Laboratory Practices for Waived Testing Sites. Available at<br />
http://www.cdc.gov/mmwr/PDF/rr/rr5413.pdf<br />
5 U.S. Department of <strong>Health</strong> & Human Services <strong>Health</strong> Information<br />
Privacy. Available at: http://www.hhs.gov/ocr/privacy/<br />
6 List of Exempt States Under the Clinical Laboratory Improvement<br />
Amendments (CLIA). Available at: http://www1.cms.gov/CLIA/downloads/Exempt.States.List.pdf<br />
7 The Occupational Safety and <strong>Health</strong> Administration. Available at:<br />
http://www.osha.gov/<br />
13<br />
July 2010
feature<br />
article<br />
Meet <strong>Kimberly</strong> <strong>Johnson</strong>, <strong>RHIA</strong>, <strong>CPC</strong>, <strong>CHC</strong><br />
Professional Practice <strong>Compliance</strong> Officer, Corporate<br />
<strong>Compliance</strong> Office, University of Kentucky <strong>Health</strong><strong>Care</strong><br />
July 2010<br />
14<br />
Editor’s note: This interview with <strong>Kimberly</strong><br />
<strong>Johnson</strong> was conducted in April by Julene<br />
Brown, Immediate Past President of HCCA and<br />
Director of Corporate <strong>Compliance</strong> for Innovis<br />
<strong>Health</strong>. Julene may be contacted by e-mail at<br />
jbrown@innovishealth.com. <strong>Kimberly</strong> may be<br />
contacted by e-mail at KimJ@kmsf.org.<br />
JB: When I hear people talk about the<br />
University of Kentucky, I think basketball,<br />
so it will be great to hear about the UK<br />
<strong>Health</strong><strong>Care</strong> compliance program and what<br />
you do. First though, please share some information<br />
on your background with us.<br />
KJ: I obtained my degree in <strong>Health</strong><br />
Information Management [HIM] from<br />
Eastern Kentucky University. My career<br />
began in quality assurance at Kentucky<br />
Clinic, which is the primary UK <strong>Health</strong><strong>Care</strong><br />
outpatient practice. We obtained Joint<br />
Commission accreditation. I was responsible<br />
for helping clinical departments develop<br />
quality plans and assisting them with<br />
monitoring quality indicators. This was my<br />
first real experience with chart reviews. I<br />
moved from that position into the first HIM<br />
Director position for the outpatient practice.<br />
In 1997, Kentucky Medical Services<br />
Foundation (KMSF), which is the billing<br />
agent for the UK Physician Group Practice,<br />
recruited me to join their compliance team as<br />
a <strong>Compliance</strong> Analyst, due to my experience<br />
in conducting chart reviews and due to the<br />
coding education that I received as part of<br />
my HIM training.<br />
After mastering coding audits and the<br />
CMS Teaching Physician rules, I decided<br />
to take my experience on the road as a consultant.<br />
I joined PricewaterhouseCoopers<br />
as a Physician Coding Consultant. While<br />
there, I had the opportunity to participate<br />
in several Physicians At Teaching Hospitals<br />
[PATH] audits.<br />
I eventually returned to UK and KMSF<br />
and continued to work my way up the ladder<br />
to my current position as Professional Practice<br />
<strong>Compliance</strong> Officer.<br />
JB: Can you tell us about the organization<br />
you work for?<br />
KJ: I am employed by Kentucky Medical<br />
Services Foundation, which is a non-profit<br />
501(c)3 corporation that supports the<br />
University of Kentucky by providing billing<br />
and collection services on behalf of the<br />
physicians who practice within the UK<br />
<strong>Health</strong><strong>Care</strong> enterprise, and administration of<br />
all clinical practice income. KMSF provides<br />
a broad range of services for the faculty<br />
and community physicians within UK<br />
<strong>Health</strong><strong>Care</strong>, including accounts receivable<br />
management, contracting, contract monitoring,<br />
financial counseling, insurance billing<br />
and follow-up, patient billing and collections,<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
insurance training for all registration staff<br />
within UK <strong>Health</strong><strong>Care</strong>, financial reporting<br />
and analysis, clinical budget management,<br />
compliance, customer service, coding oversight,<br />
physician fringe benefit management,<br />
and practice plan administration. KMSF also<br />
assists in the development of UK <strong>Health</strong><strong>Care</strong><br />
strategic initiative planning and budgeting.<br />
Additionally, KMSF conducts comprehensive<br />
due diligence associated with prospective<br />
community-based practices and an ongoing<br />
broad range of support for established practices.<br />
KMSF does not employ the physicians.<br />
UK <strong>Health</strong><strong>Care</strong> is a component of the<br />
University of Kentucky. It was established<br />
in 1957 and consists of the medical, nursing,
health sciences, public health, dental, and<br />
pharmacy colleges and related patient care<br />
activities in Lexington, Kentucky and in several<br />
off-site locations. UK <strong>Health</strong><strong>Care</strong> facilities<br />
include UK Chandler Hospital, Kentucky<br />
Children’s Hospital, UK <strong>Health</strong><strong>Care</strong> Good<br />
Samaritan Hospital, UK <strong>Health</strong><strong>Care</strong> East,<br />
Kentucky Clinic, Polk-Dalton Clinic, and<br />
Kentucky Clinic South as well as a network<br />
of community hospital clinical affiliations<br />
and stand-alone clinics throughout Kentucky.<br />
It encompasses 80 specialized clinics, 143<br />
outreach programs, and a team of 6,000<br />
physicians, nurses, pharmacists, and health<br />
care workers—all dedicated to patient health.<br />
JB: Would you review the structure of your<br />
compliance program at UK?<br />
KJ: The Office of Corporate <strong>Compliance</strong><br />
has the responsibility of overseeing compliance<br />
monitoring for the UK College of<br />
Medicine, UK College of Pharmacy, UK<br />
College of Nursing, UK Chandler Hospital,<br />
UK <strong>Health</strong><strong>Care</strong> Good Samaritan Hospital,<br />
the UK Physician Group Practice, and<br />
Kentucky Medical Services Foundation. Our<br />
department is comprised of a chief compliance<br />
officer, research compliance manager,<br />
coding compliance educator, senior compliance<br />
analyst, RAC analyst, three coding compliance<br />
analysts, an administrative assistant,<br />
and my position. We are adding a special<br />
investigator position who will focus on high<br />
risk areas.<br />
Our program is based upon the U.S.<br />
Sentencing Commission’s guidelines (the<br />
seven elements for an effective compliance<br />
program).<br />
JB: You are the Professional Practice<br />
<strong>Compliance</strong> Officer. Can you explain what<br />
your job entails?<br />
JK: My title was chosen to encompass<br />
compliance officer responsibilities related not<br />
only to the physician group practice, but also<br />
to the many other health care providers we<br />
employ, such as nurse practitioners and physician<br />
assistants. The majority of my time has<br />
been, and continues to be, spent on billing<br />
compliance matters. However, my role has<br />
recently expanded to include all compliance<br />
activities that impact the professional practice,<br />
such as HIPAA, the Stark Law, contracts,<br />
electronic medical records, etc.<br />
JB: In working with professional practice<br />
compliance, do you have any tips for getting<br />
compliance with the rules and regulations<br />
across to providers of care?<br />
KJ: It really isn’t as difficult as some may<br />
think. They are busy, so always get to the<br />
point quickly, and be clear, concise, and<br />
consistent. Be flexible about scheduling<br />
meetings with them, as patient care is their<br />
first priority. I often hear, “Just tell me what<br />
I need to do and I will do it.” Always show<br />
them how the rule or regulation will directly<br />
affect them. If you can provide scenarios or<br />
explanations that relate to them clinically,<br />
that is best. Make them part of the solution;<br />
get their buy-in.<br />
JB: What does your education program<br />
involve with the providers? How do you keep<br />
it fresh and enticing?<br />
KJ: We include a mix of customized<br />
one-on-one educational sessions and<br />
computer-based learning. Each new billing<br />
provider receives a mandatory coding and<br />
documentation class prior to billing. The<br />
key to keeping their interest is making it real<br />
through the use of clinical scenarios that are<br />
tailored to their unique specialty. We also<br />
use benchmarks to let them know how they<br />
compare to their peers.<br />
JB: Do you measure the effectiveness of<br />
your professional practice program? And if<br />
so, how?<br />
KJ: We have two key approaches. The<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
first is through our annual compliance<br />
report process. These reports are presented<br />
to the <strong>Compliance</strong> Committee and senior<br />
leadership by each clinical department and<br />
each college on an annual basis. We use an<br />
electronic survey tool that is populated with<br />
indicators (questions) based upon key risks<br />
to that particular department and the organizations.<br />
Based upon answers, a scorecard<br />
is completed.<br />
The second approach is our auditing<br />
and monitoring program for coding and<br />
documentation compliance. Every new<br />
provider receives coding and documentation<br />
compliance education as soon as he/she is<br />
granted clinical privileges. Then we conduct<br />
a review of their services within 30-60 days<br />
of billing to identify any potential aberrances.<br />
Based upon results, we may repeat this<br />
process. Otherwise the provider is placed<br />
into our regular audit schedule. We sample<br />
a minimum of 10 claims for every billing<br />
provider each audit cycle and provide oneon-one<br />
education and feedback. Currently,<br />
we are auditing approximately 800 providers.<br />
Coding and documentation audit results are<br />
included in each department’s annual report<br />
to the <strong>Compliance</strong> Committee for review and<br />
further action.<br />
JB: Where do you see <strong>Compliance</strong> headed<br />
in the future?<br />
KJ: <strong>Compliance</strong> needs to be at the head<br />
of the table in every organization. The<br />
<strong>Compliance</strong> department is too often seen<br />
as a reactive department, as opposed to<br />
proactive. As we have heard in many forums<br />
recently, there will be a greater focus on<br />
quality and pay-for-performance in the<br />
future. I believe that is exactly where efforts<br />
should be focused.<br />
JB: <strong>Kimberly</strong>, are you certified in health<br />
care compliance (<strong>CHC</strong>)?<br />
Continued on page 17<br />
15<br />
July 2010
MediTract helps healthcare organizations manage intricacies of<br />
the HITECH Act so they can focus on their primary objective –<br />
providing the highest levels of patient care.<br />
MediTract’s Contract Management Solution<br />
increases profits and productivity<br />
while helping healthcare organizations<br />
manage business associate agreements,<br />
track and monitor compliance regulations<br />
associated with physician contracts and<br />
reduce the risk of disclosure of information<br />
to unauthorized parties.<br />
Comprehensive management of BAAs<br />
Enhance <strong>Compliance</strong><br />
Centralized, secure database<br />
MediTract® is the leading technology-based contract management service provider in healthcare serving<br />
more than 1,600 healthcare organizations in over 5,900 locations across the United States.<br />
Changing the Way <strong>Health</strong>care Does Business<br />
July 2010<br />
16<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
www.meditract.com<br />
(877) 492-8490
Meet <strong>Kimberly</strong> <strong>Johnson</strong> ...continued from page 15<br />
KJ: Yes, I became certified in health<br />
care compliance in 2007. The continuing<br />
education required by certification keeps me<br />
informed. The credential has provided me<br />
with an additional level of credibility as a<br />
compliance officer.<br />
JB: Have you attended any of the HCCA<br />
conferences or academies? If so, what benefits<br />
has this brought to your career in compliance?<br />
KJ: This is great timing, as I just returned<br />
from the <strong>Compliance</strong> Institute in Dallas.<br />
HCCA provided me with the opportunity<br />
to meet others who have similar jobs with the<br />
same concerns and challenges I experience.<br />
Through the HCCA conferences, I have had<br />
the opportunity to hear from the best leaders<br />
in the industry and my colleagues. At this<br />
year’s conference, I attended a session on how<br />
to be an effective compliance officer. We tend<br />
to focus so much on how we as compliance<br />
officers can help our programs be effective. I<br />
was grateful to see a session that would help<br />
me be more effective! I would like to see<br />
more sessions like this at the conferences.<br />
JB: What have been your biggest challenges<br />
in your job?<br />
KJ: There are two: communication and<br />
staying apprised of changes. In a large organization<br />
full of busy clinicians and administrators,<br />
getting the word out to a large audience is<br />
tough, especially when it involves complex<br />
regulatory guidance and continual changes.<br />
JB: What do you think is the most important<br />
component of a compliance program?<br />
KJ: You must have buy-in at the top. If<br />
the tone at the top is that compliance is a<br />
necessary evil, as opposed to compliance is<br />
important to the success of the organization,<br />
you are going to have problems. <strong>Compliance</strong><br />
should be a part of the solution, rather than<br />
the department that is consulted when a<br />
problem arises.<br />
JB: Please tell us why <strong>Compliance</strong> is important<br />
to you.<br />
KJ: First, as a tax payer and a patient, I<br />
want to receive the best quality of care for<br />
the money. Second, I want to ensure that our<br />
elderly and the lower-income population have<br />
access to affordable health care. Finally, I want<br />
our organization and providers to continue<br />
to thrive and remain the premier provider of<br />
health care services in the State of Kentucky.<br />
JB: What advice would you give to a new<br />
compliance officer?<br />
KJ: It is important to build bridges and<br />
maintain an atmosphere of openness. Avoid<br />
scare tactics when discussing risks, as this<br />
typically creates silos. Always remember<br />
that compliance is everyone’s responsibility,<br />
not just the <strong>Compliance</strong> department. Never<br />
take things personally. You won’t be loved by<br />
everyone, but remember that as a compliance<br />
professional, it is your duty to “do the<br />
right thing.” Network not just inside but also<br />
outside your organization. I have developed<br />
numerous working relationships with peer<br />
institutions such as Vanderbilt University,<br />
University of Louisville, University of Florida,<br />
etc. You’ve heard of peer pressure? Use it!<br />
JB: Leisure time – we always need to think<br />
about that! Do you have any hobbies you are<br />
involved in?<br />
KJ: I enjoy riding horses and playing an<br />
occasional game of golf—two great hobbies<br />
to have when you live in Kentucky! And, of<br />
course, when the Wildcats are playing, I’m<br />
right there cheering them on!<br />
JB: It has been a pleasure interviewing you.<br />
Thank you and keep up the great work in the<br />
health care compliance profession. n<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
2010<br />
ComplianCe<br />
aCademies<br />
September 27–30<br />
New York, NY<br />
October 25–28<br />
San Francisco, CA<br />
November 15–18<br />
Orlando, FL<br />
December 13–16<br />
San Diego, CA<br />
2010<br />
privaCy<br />
aCademy<br />
October 4–7<br />
San Diego, CA<br />
2010<br />
researCh<br />
aCademy<br />
August 9–12<br />
Chicago, IL<br />
LeArN mOre At<br />
www.hcca-info.org<br />
17<br />
July 2010
My favorite photo<br />
We have taken thousands of pictures over the years. This is my favorite<br />
by far. It captures the what the purpose of our organization is about<br />
like no other picture we have ever taken. We facilitate the gathering of<br />
compliance professionals from many organizations. We facilitate the<br />
bringing together of people with similar responsibilities. We provide<br />
them networking and educational opportunities.<br />
The people in this<br />
picture are all interested<br />
in each other.<br />
They are all clearly<br />
happy and relaxed.<br />
They are sharing an<br />
important moment.<br />
They are spending<br />
time together<br />
between sessions at<br />
one of our meetings<br />
and networking,<br />
sharing stories, or<br />
solving problems.<br />
They may be doing nothing more than enjoying each other’s company.<br />
But, what is most important is that they are spending time with peers<br />
who know what their life is like and what challenges they face. They<br />
are letting each other know they are not alone in what can sometimes<br />
be a very difficult job. They are compliance professionals.<br />
It requires a staff that is welcoming and<br />
knowledgeable. It requires a Board and<br />
speakers who take the time to network<br />
with the attendees/members. We have few<br />
people who fly in and fly out because they<br />
are too busy to bother with the attendees/<br />
members. We don’t have any business<br />
meetings, and we free our main volunteers<br />
ROY sNELL<br />
and Board to network with the attendees. Many organizations have<br />
lead volunteers that run from one committee meeting to another<br />
during the whole conference. Their focus is to add to their resume and<br />
make it clear to people how important they are.<br />
Our members take their job seriously. They are up en masse on<br />
Sunday morning to attend preconference classes, rather than treating<br />
their trip like a junket or boondoggle. There is something special<br />
about people who<br />
take their job and<br />
education seriously.<br />
There is something<br />
special about people<br />
who work hard. Our<br />
members/attendees,<br />
by nature, are well<br />
educated, ethical, and<br />
friendly.<br />
Many people, particularly<br />
speakers, attend<br />
several meetings a<br />
year. They regularly comment that our culture/environment is more<br />
upbeat, friendly, and inviting. I attend many meetings conducted by<br />
other organizations. The absence of a positive networking culture is<br />
deafening. After attending one of our meetings, some describe other<br />
meetings as stuffy, dead, or uninviting.<br />
For those who know what they are doing, providing education is not<br />
that hard. Luckily, we have many people who can teach and many<br />
who can select teachers and content. What we do, that is much more<br />
difficult, is provide quality networking. It is very subtle. It requires<br />
building a culture of trust. It requires an appreciation for everyone, not<br />
just the elite. It requires a relaxed atmosphere. More boring, but just as<br />
important, it requires attention to details like receptions, long breaks,<br />
and extended lunches.<br />
It is no accident that we are where we are. We work hard for what we<br />
have. We worry about everyone, rather than a select few. Our members/<br />
attendees are well-educated, principled people who are a joy to network<br />
with. Our Board is forward thinking and interested in everyone’s<br />
experience. Our staff are friendly, happy, and know what they are doing.<br />
Everyone works hard on seemingly unimportant details to ensure our<br />
meetings, networking environment, and culture stay strong. n<br />
July 2010<br />
18<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org
Social Networking<br />
John Falcetano<br />
Editor’s note: John Falcetano, <strong>CHC</strong>-F,<br />
CCEP, CHRC, CIA is Chief Audit/<br />
<strong>Compliance</strong> Officer for University <strong>Health</strong><br />
Systems of Eastern Carolina and Treasurer<br />
of the HCCA Board of Directors. John may<br />
be contacted at jfalcetano@suddenlink.net.<br />
Social networking gives compliance<br />
professionals the opportunity to further their professions by sharing<br />
their knowledge, fostering their skills, learning from others, and developing<br />
strategies to help them succeed in the 21 st century. There are<br />
many social networking e-groups on our site, and the HCCA/SCCE<br />
Social Networking site has something for everyone. Below are some of<br />
the discussion groups available:<br />
n Auditing and Monitoring n Nonprofit Network<br />
<strong>Compliance</strong><br />
n Privacy Officer’s Roundtable<br />
n Chief <strong>Compliance</strong>/Ethics Officer n Privately Held Corporations<br />
n Communication Training and n Product Review Forum<br />
Curriculum<br />
n Quantitative <strong>Compliance</strong><br />
n Competition Law and Anti-trust n Red Flags Rule<br />
n <strong>Compliance</strong> Risk Management n Retail Forum<br />
n Educators Forum: Teaching n Utilities and Energy Network<br />
<strong>Compliance</strong><br />
n <strong>Health</strong>care Billing and<br />
n European <strong>Compliance</strong> and Ethics Reimbursement<br />
n FCPA: Foreign Corrupt Practices n HIPAA<br />
Act<br />
n Hospital Network<br />
n Financial Institutions Network n Long-term <strong>Care</strong> Network<br />
n Global <strong>Compliance</strong> and Ethics n Managed <strong>Care</strong> & Medicare<br />
n Government: City, County, State Participation<br />
n Government Contractor/Vendor n Medical Device Group<br />
n Insurance Network<br />
n Physicians <strong>Compliance</strong><br />
n Investment Management Forum Professionals<br />
n Legal Holds and Record n Quality of <strong>Care</strong> Forum<br />
Management<br />
n Research <strong>Compliance</strong> Network<br />
Go to the following link to connect to our social network site: http://<br />
www.hcca-info.org/sn. Don’t forget you can also find us on Twitter,<br />
Facebook, and Linked-in as well.<br />
Sign onto HCCA’s Social Network site to see how other members<br />
are responding. To read the information posted on blogs, participate<br />
in the discussion, review the comments, or just talk with your<br />
peers, you can access the Social Network site by going to the link:<br />
www.hcca-info.org/sn n<br />
Web 2.0 is about the<br />
new, faster, everyone<br />
connected Internet.<br />
HCCA is embracing this approach and offers you<br />
a number of ways to build out your network,<br />
connect with compliance professionals, and<br />
leverage this new technology. Take advantage of<br />
these online resources; keep abreast of the latest<br />
in compliance news; and stay ahead of the curve.<br />
Dozens of discussion groups and<br />
more than 5,000 participants<br />
http://community.hcca-info.org<br />
Profiles of over 2,600 compliance<br />
and ethics professionals<br />
http://www.hcca-info.org/LinkedIn<br />
Over 12,000 people already follow us on<br />
Twitter to get breaking compliance news<br />
http://twitter.com/HCCA_News<br />
Connect with compliance and ethics<br />
professionals on Facebook<br />
http://www.hcca-info.org/Facebook<br />
http://www.hcca-info.org/Facebook_page<br />
Each resource is 100% dedicated to<br />
compliance and ethics management.<br />
So sign up for whichever one works<br />
best for you, or for all four if you’re<br />
already living the Web 2.0 life.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
19<br />
July 2010
focus<br />
feature<br />
Sparking an epidemic of compliance<br />
By Stephen Kelly, JD, LLM, <strong>CHC</strong>, CHRC<br />
July 2010<br />
20<br />
Editor’s note: Stephen Kelly is the Chief <strong>Compliance</strong> & Privacy Officer for<br />
the Carle Foundation Hospital and <strong>Health</strong> System, located in Urbana,<br />
Illinois. He may be contacted by telephone at 217/383-3927 or by e-mail<br />
at mcshane66@gmail.com.<br />
It’s axiomatic that an organization cannot have a culture of compliance<br />
without executive leadership and the board members<br />
setting the right “tone at the top.” The conventional wisdom<br />
is that if the leaders of the organization talk the talk and walk the<br />
walk, somehow a compliance ethos will permeate all layers of the<br />
organization. Undoubtedly, having leaders who pay more than lip<br />
service to compliance and ethics is a huge step in the right direction.<br />
Without their support, the compliance program doesn’t get the staff<br />
and resources it needs, it doesn’t get included in significant decisions<br />
affecting the structure and operation of the organization, and it<br />
doesn’t get the muscle to mete out discipline or to make significant<br />
overpayment refunds to payers and the government. After reading<br />
Malcolm Gladwell’s, The Tipping Point, 1 however, I began to question<br />
the assumptions that once an organization’s leadership has bought in<br />
to the compliance program, the rest of the organization will surely<br />
follow, or that creating a “tone at the top” is the only way to create a<br />
culture of compliance.<br />
If you have not read it, The Tipping Point, is a compelling study of<br />
how the rules governing viral epidemics can also be used to explain<br />
dramatic changes in social behaviors, cultural trends, and the broad<br />
acceptance of new ideas. According to Gladwell, there is a tendency to<br />
think that, in order to affect major change, one has to put out major<br />
effort in order to have the desired impact. For example, I once thought<br />
developing a culture of compliance in my organization could be<br />
accomplished through a series of over-the-top gestures, such as getting<br />
in a dunk tank during <strong>Compliance</strong> & Ethics Week, or by showing<br />
up on the clinical floors in the middle of the night to demonstrate<br />
the organization’s commitment to compliance. To the contrary, the<br />
key message of The Tipping Point is that dramatic changes in societal<br />
or organizational behavior are not necessarily achieved through such<br />
grandiose efforts. Instead, they are normally achieved through a series<br />
of much smaller adjustments: adjustments to the message being<br />
communicated, to the type of people to whom the message is delivered<br />
and, finally, to the environment in which the message is delivered. By<br />
making such small-scale adjustments, one can accelerate the contagiousness<br />
of an idea, trend, or behavior to the tipping point, which is<br />
the point where it becomes a cultural or social epidemic. This article<br />
examines Gladwell’s thesis and ponders whether the ideas presented<br />
in The Tipping Point can be applied to the chief aim of compliance<br />
programs (i.e., to prevent fraud, waste, and abuse and to develop a<br />
culture of compliance throughout an organization). In other words,<br />
can one create an “epidemic” of compliance?<br />
The three rules of epidemics<br />
In his study of social epidemics, Gladwell identified three unifying<br />
principles that all of them have in common. By altering a message<br />
to exploit these rules, Gladwell suggests that we have the power to<br />
control what ideas transform into epidemics both in society and in our<br />
organizations.<br />
Rule number one: The Law of the Few<br />
Gladwell’s first rule of epidemics is The Law of the Few, which holds<br />
that the spread of a social epidemic heavily depends on a very small<br />
number of people who become the primary agents of change. These<br />
are people who are blessed with certain social gifts and who most<br />
effectively carry the message, new trend, or idea (i.e., the contagion) to<br />
the broader population we are trying to reach. Gladwell refers to these<br />
people as Connectors, Mavens, and Salesmen.<br />
A Connector is the type of person who seems to know everyone and<br />
is a natural at networking. If you go to lunch with a Connector, he<br />
or she will probably run into somebody they know. Not only do<br />
Connectors know a lot of people, they know a lot of different types<br />
of people. For example, in high school, a Connector was the kid who<br />
could easily circulate amongst the jocks, the nerds, and the artsy crowd<br />
with little difficulty. In our context, Connectors are important because<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org
they can carry your compliance message rapidly to a lot of different<br />
people in all strata of your organization.<br />
and Salespeople—individuals whose people skills are able to positively<br />
influence the culture of compliance.<br />
We rely on Connectors to connect us with a number and variety<br />
of different people, but we rely on Mavens to connect us with new<br />
information. Unlike Connectors, Mavens don’t necessarily know a lot<br />
of people, but they seem to know a lot. Mavens are encyclopedias of<br />
knowledge and want to share their knowledge with you, not because<br />
they are know-it-alls, but because they are genuinely interested in<br />
helping you solve your problems. If you are talking with a Maven,<br />
regardless of the subject, a Maven has read an article about it and<br />
will probably forward you a link to the website where they read it. A<br />
Maven in your organization might be the person who seems to know<br />
the rules better than you do and who always knows what’s going on in<br />
the organization or the industry before you do.<br />
Another question to consider is: Who do you send to educational<br />
seminars? The obvious answer is that the compliance officer and, when<br />
funds allow, the compliance staff members should go to conferences<br />
and other educational opportunities. Thinking outside the box,<br />
maybe it would be a good idea from time to time to send a Connector,<br />
Maven, or Salesman from outside your department to one of the<br />
HCCA conferences. By doing so, you are helping to create another<br />
compliance disciple who can share your message and reach different<br />
people in your organization. For instance, one year you may consider<br />
sending an information Maven from your Revenue Cycle team to the<br />
annual <strong>Compliance</strong> Institute and meet your staff’s educational needs<br />
through trade journals and audio conferences.<br />
In creating a cultural epidemic, Mavens discover the information to You may want to examine your own behavior. Who do you typically<br />
be spread, Connectors get the information in the hands of a lot of network with? A lot of people, including myself, have a tendency to<br />
people, but you still need a third kind of person, a Salesman, who network with other people like themselves in related departments<br />
can persuade people to change their behavior on the basis of this new like Quality and Risk Management. In addition to developing these<br />
information. Of course, compliance officers are expected to be the contacts, work to expand your professional circle by developing<br />
perfect blend of all three—a Connector, a Maven, and a Salesman. relationships with people that you don’t typically get to interact<br />
But what can you do if, like a mere mortal, you do not possess the with. Maybe you are on a lot of your organization’s business-oriented<br />
perfect mix of these personality traits and you do not have the full committees, such as the Revenue Cycle Committee. If so, try getting<br />
buy-in of your senior leaders? In attempting to spark an epidemic of invited to a clinical committee that you’re not normally involved<br />
compliance in your organization, perhaps you should seek out people with, such as a Joint Commission Patient <strong>Care</strong> Managers meeting, as<br />
at all levels of your organization, not just the executives, who are a means of networking and sharing information with clinicians. Or,<br />
natural Connectors, Mavens, and Salesmen, and try to involve them in as a means of risk assessment, try identifying the information Mavens<br />
your program.<br />
in key departments, the people with their ears to the ground, and<br />
conduct focus groups with them as part of your annual risk assessment<br />
But how? For one, consider your hiring practices. Say you are a process. Information Mavens will probably know the rules that impact<br />
Connector, but do not consider yourself to be a natural information their department, as well as its key compliance weaknesses. Make sure<br />
Maven, then you should look to hire or network with people who are. you share your “intelligence” with them too. They will file it away and,<br />
If you are an information Maven, then make an effort to lure talented when you are not looking, they will help you spread your message to<br />
people who have been around your organization for a long time and others.<br />
served in many different capacities, because these people probably<br />
have numerous contacts throughout the organization. Certainly, you Even by networking or hiring Connectors and Mavens, it is still largely<br />
always want to hire the best candidate, but give some consideration up to you as the compliance officer to persuade people to change their<br />
to bringing people into your program that have spent years networking<br />
in your organization. If you can’t hire from within, then maybe if you do not consider yourself a born Salesperson? The good news<br />
behavior in your role as the Chief <strong>Compliance</strong> Salesperson. But, what<br />
intellectual brawn and detail orientation are not the only traits we is that The Tipping Point offers a number of subtle changes you can<br />
should interview for. In my own practice, I have focused on hiring make in your communication style that have been demonstrated to<br />
people with different professional backgrounds, such as clinical or make people more persuasive. It’s commonly understood that most of<br />
coding experience. Clearly, these are important, but all things being communication is non-verbal and, in fact, The Tipping Point discusses<br />
equal, perhaps I should be on the lookout for Connectors, Mavens,<br />
Continued on page 22<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
21<br />
July 2010
Sparking an epidemic of compliance ...continued from page 21<br />
July 2010<br />
22<br />
a number of studies that illustrate how the persuasiveness of a message but unwittingly, we made it more interactive and the staff seemed to<br />
often depends not just on the logic of a position, but on the physical be more engaged.<br />
cues emitted by the messenger. For example, research has proven<br />
that facial expressions, such as smiling when speaking or nodding Another interesting aspect of the survey was how we more effectively<br />
can appreciably increase the chances whether a message is received engaged the board just by presenting the results of the survey in a<br />
positively. Similarly, we tend to imitate each other’s emotions as a way different format. Ordinarily, we verbally report to the board, in addition<br />
of expressing empathy and support. So, by controlling one’s outward<br />
to presenting a written executive summary of core compliance<br />
behavior, one can influence another’s moods and thoughts. By controlling<br />
activities and metrics. But, we typically have not been very good at<br />
one’s physical demeanor and making sure to present a positive visually presenting the information. In this case, however, we used an<br />
and lively disposition, a compliance officer can actually influence the online survey tool, 2 which allowed us to present the results in pie chart<br />
power of the message.<br />
format. It was fascinating to witness how easily the board engaged<br />
when we presented information to them in pictures, rather than using<br />
In sum, if you find that you haven’t quite achieved the perfect culture words to convey the same information.<br />
of compliance, consider new people in your organizational network,<br />
the so-called Connectors, Mavens, and Salesmen, people who through From these examples, a major takeaway for our program was that by<br />
their own social skills will be naturally inclined to take your message of making information more interactive, we were able to easily and effectively<br />
“doing the right thing” and make it their own. In this way, try enlisting<br />
educate our staff regarding several key aspects of our program.<br />
a new army of employees into your mission of creating a culture of Then, through the use of pictures, we were able to engage the board in<br />
compliance.<br />
a discussion of ways to improve the program in a way that we had not<br />
experienced before, without ever having to change the actual content<br />
Rule number two: The Stickiness Factor<br />
of what we were trying to communicate.<br />
Gladwell’s first rule of epidemics, The Law of the Few, deals with<br />
people. Gladwell’s second rule of epidemics is the Stickiness Factor, Another dilemma compliance professionals face, and an easy trap<br />
which addresses the quality of the message itself. The Stickiness Factor to fall into, is that we frequently rely on fear tactics (e.g., fear of<br />
states that in a world of competing ideas and messages, stickiness is substantial fines and penalties, fear of reputational harm) to motivate<br />
what makes a message memorable, and ideas have to be memorable employees and management to do the right thing. The problem with<br />
in order to cause us to change our behavior. Interestingly, while the such tactics is that most people in health care already feel like they are<br />
content of the message is important, surprisingly, how the message doing the best that they can for their patients and the communities<br />
is presented turns out to be critical. So, to make your compliance they serve. It is hard for them to see their organization as a bad actor<br />
message more memorable, focus on how you are saying it, instead of capable of committing fraud. So, a message laden with fear typically<br />
concentrating on what you are saying.<br />
does not resonate and people tend to resist a negative message anyway,<br />
so think of ways to spin your compliance message into a positive for<br />
For example, compliance programs tend to struggle with getting your organization and its patients. When you are speaking with your<br />
people to use the compliance hotline. <strong>Compliance</strong> professionals spend CFO, for instance, show him or her how doing things the right way<br />
a lot of time marketing the hotline by sending out e-mails and posters, can improve the bottom line. In addition to improving charge capture<br />
and by employing any number of other similar devices. Recently, opportunities, our program has uncovered a number of instances<br />
my organization conducted a <strong>Compliance</strong> Awareness Survey. Those where payments were due from a variety of business partners. Taking<br />
who participated were entered into a raffle to win a prize. One of the credit for these wins can be a marvelous way to earn converts to your<br />
questions was a multiple choice question that asked people if they program. When you are speaking to your clinicians, demonstrate to<br />
knew the hotline number. You would be amazed at how many people them how being compliant can actually improve the quality of care<br />
called the hotline just to find out if they answered the survey question provided to the patient, for example, by improving documentation<br />
correctly, even though they were aware that they were being entered in the medical record or by saving patients money on their co-pay or<br />
into the raffle regardless of how they answered the questions. Since coinsurance. If you have trouble figuring out how best to tweak your<br />
then, we have seen a modest increase in the number of calls to the message, consult with your Marketing or Education departments to<br />
hotline. In this way, we didn’t change the content of the information, craft a presentation style that will make your message “stickier” and<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org
more likely to engage your organization’s various constituencies.<br />
The third rule: The power of context<br />
Gladwell’s third and final rule of epidemics asserts that epidemics are<br />
sensitive to the conditions and circumstances of the times and places<br />
in which they occur. Just as people, through their physical behavior,<br />
can affect their state of mind, so can our environment. Thus, changing<br />
our environment brings the opportunity to impact how people think<br />
and behave and how well a message is received. To illustrate this, the<br />
book focuses on a concept called the Broken Window Theory, which<br />
holds that crime is the result of disorder. The theory suggests that if a<br />
window is broken and left unrepaired, people will conclude that no<br />
one cares and no one is in charge, which makes the home or business<br />
more susceptible to property crimes. As the environment gets more<br />
and more disorderly, there will be more crime. This theory was put to<br />
the test in New York City during the 1990s. There, authorities first<br />
focused on eliminating quality-of-life crimes (e.g., subway turnstile<br />
jumping, public drunkenness, graffiti on the subways) as a means of<br />
reducing overall crime in the city. Lo and behold, once these qualityof-life<br />
crimes were severely reduced, suddenly and without warning,<br />
murder and other felonies also steeply declined. Although the results<br />
were counterintuitive, experts attribute this sharp decline, in part, to<br />
law enforcement’s effort to create the perception of order and stability<br />
in the city.<br />
In our field, because of a lack of time and resources, we have a<br />
tendency to be primarily concerned about the biggest risks to the organization.<br />
After all, in a world of limited compliance resources, we tend<br />
to only focus on the largest risks and, as a result, we may not be able to<br />
effectively address smaller compliance issues that people report or that<br />
are identified during a risk assessment. Nor are we able to cross every<br />
“t” or dot every “i” by properly following up on every minor issue or<br />
letting a reporter know that their issue has been addressed. However,<br />
the New York City example demonstrates that appearances do count<br />
for something and, probably, more than we realize. The success of New<br />
York City in reducing violent crime and felonies, in part by emphasizing<br />
relatively minor quality-of-life crimes that create the perception of<br />
disorder, causes me to wonder whether there is a similar application<br />
of the Broken Window Theory in our hospitals and other provider<br />
settings. In our effort to mitigate the bigger compliance risks, could it<br />
be that we lose sight of the smaller issues that our staff might be more<br />
aware of and concerned with? Do we unintentionally demonstrate to<br />
them that their concerns are not important, even though we are trying<br />
our best to remedy the biggest risks to our organization (risks that a<br />
staff person may not be able to see or appreciate)? Although they may<br />
not rank high on our risk spectrum, perhaps we cannot ever lose sight<br />
of the compliance concerns that are most important to our staff that, if<br />
unremedied, create the perception of disorder and cause them to lose<br />
faith in the process.<br />
Conclusion<br />
In truth, the changes that I have suggested seem like such small<br />
changes as to be inconsequential and, frankly, I hesitated to submit<br />
this article. But then it occurred to me that this is precisely the thrust<br />
of The Tipping Point—that as human beings we are conditioned to<br />
believe that we have to make major changes to have a major impact.<br />
We assume that to have an outstanding culture of compliance, our<br />
efforts to achieve it have to be over-the-top. But, that is not necessarily<br />
the case. So, if you feel like your organization already has a culture of<br />
compliance, congratulations! Keep doing what you are doing. But,<br />
if you feel like you are not quite there yet, why not experiment with<br />
how you conduct your business? If you feel like you can’t get through<br />
to senior management, try an end run. Try reaching out to new and<br />
different types of people who might not have previously received<br />
your message, put a new spin on your compliance message to make it<br />
“stickier,” and make sure you devote meaningful time and attention to<br />
the compliance details that your staff level employees are most likely to<br />
see, even though the problems may not pose the most significant risk.<br />
In making subtle changes to your program, you may be surprised that,<br />
as Gladwell predicts, you’ve created an epidemic of compliance in your<br />
organization. What do you have to lose? n<br />
1 Gladwell, Malcom: The Tipping Point: How Little Things Can Make a Big Difference. Little, Brown and<br />
Company, 2000.<br />
2 Survey Monkey is a free online survey and questionnaire tool, available at http://www.surveymonkey.com<br />
How to Conduct<br />
Effective Internal<br />
Investigations<br />
November 11–12, 2010<br />
Orlando, Florida<br />
A TWO-DAY WORKSHOP<br />
To learn more and register, visit<br />
www.internalinvestigations.org<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
23<br />
July 2010
July 2010<br />
24<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
25<br />
July 2010
July 2010<br />
26<br />
State attorney general<br />
oversight of financial<br />
practices of nonprofit<br />
corporations<br />
By Gary W. Herschman and Anjana D. Patel<br />
Editor’s note: Gary W. Herschman is Chair of oversee the disposition of assets by nonprofit<br />
the <strong>Health</strong> and Hospital Law practice group at corporations serving charitable purposes. The<br />
Sills Cummis & Gross, PC in Newark, New article also discusses a recent enforcement<br />
Jersey. He can be reached at 973/643-5783 or action brought by the New Jersey attorney<br />
by e-mail at gherschman@sillscummis.com. general regarding the financial management<br />
practices of a nonprofit corporation, as well<br />
Anjana D. Patel is Vice Chair of the firm’s as the terms of the settlement of that case and<br />
<strong>Health</strong> and Hospital Law practice group and lessons learned as a result.<br />
can be contacted at 973/634-5097 or by e-mail<br />
at apatel@sillscummis.com.<br />
State attorneys general common law authority<br />
Among their other duties, state attorneys<br />
The recent adverse economic conditions general may, in many states, have a common<br />
have impacted nonprofit organizations law duty to oversee the activities of charitable<br />
just like everyone else. Nonprofits are corporations. For example, many state courts<br />
being forced to deal with deteriorating financial<br />
conditions resulting from the confluence responsibilities include protecting, supervis-<br />
have recognized that their attorney general’s<br />
of depreciating portfolio assets and diminished ing, and enforcing charitable trusts for the<br />
donor contributions. As a result, transactions common interest of the general public. In<br />
are becoming more prevalent in which nonprofit<br />
organizations that provide health care charitable corporation seeks to dispose of its<br />
these states, it is often determined that if a<br />
services are either divesting certain assets in assets, the attorney general may be responsible<br />
order to generate cash flow or, in some cases, for oversight of the transaction.<br />
being forced to sell their entire operations.<br />
This type of public policy argument has been<br />
Nonprofits that are considering these types adopted by courts and legislatures throughout<br />
of transactions need to be aware that under the country, noting that unlike a for-profit<br />
many state laws, these transactions could corporation, a nonprofit corporation does<br />
trigger reporting and other obligations to not have shareholders to monitor whether its<br />
the state attorney general, and sometimes activities are aligned with its charter or are<br />
can entail a lengthy and detailed regulatory being conducted in furtherance of the best<br />
approval process.<br />
interests of its community. In sum, attorney<br />
general oversight is a necessity afforded by<br />
This article provides a general overview of the extension of common law charitable trust<br />
the typical attorney general’s authority under principles, and is often mandated by statute<br />
common law (and in some cases by statute) to to protect the public interest.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
Another doctrine often invoked when a<br />
charitable organization seeks to sell a substantial<br />
portion of its assets is the doctrine of cy<br />
pres. Cy pres states that when a charitable trust<br />
can no longer carry out its intended purpose,<br />
the funds must be applied to a similar purpose.<br />
Under several states’ common law, only the<br />
court has authority to make this determination,<br />
however, attorneys general, as overseers<br />
of charitable trusts and charitable corporations,<br />
are responsible to review abandonment<br />
of charitable purpose. Often, a change in<br />
purpose occurs due to the disposition of a large<br />
amount of assets, which renders the nonprofit<br />
corporation effectively powerless to continue<br />
its original mission. Under a cy pres analysis,<br />
the attorney general is responsible to ensure<br />
that the assets are sold for reasonable value and<br />
used for similar charitable purposes.<br />
It is also important to note that in addition to<br />
common law authority, many states’ attorneys<br />
general have been given more direct authority<br />
over these types of transactions by legislation.<br />
Certain states have, for example, enacted<br />
legislation applicable to the transfer of control<br />
of nonprofit hospitals and/or other nonprofit<br />
corporations, giving the state attorney general<br />
broad powers to oversee this process.<br />
Recent developments: Stevens Institute of<br />
Technology<br />
On September 17, 2009, New Jersey’s attorney<br />
general filed a 16-count lawsuit against Stevens<br />
Institute of Technology, a New Jersey nonprofit<br />
corporation, as well as the school’s president<br />
and chairman of the board. 1 The complaint<br />
alleged that the defendants, in violation of the<br />
New Jersey Nonprofit Corporation Act, the<br />
Uniform Management of Institutional Funds<br />
Act, and their fiduciary duties:<br />
n engaged in negligent spending and borrowing<br />
practices,<br />
n failed to properly maintain records and<br />
accounts,
n financially mismanaged and improperly The attorney general’s complaint also cited broad powers over the corporation’s<br />
administered the university’s endowment additional situations in which the defendants financial matters.<br />
and investments,<br />
allegedly breached their fiduciary duties by n Restructuring other committees, such<br />
n failed to report complete and accurate mismanaging the university’s endowment as Human Resources, Compensation,<br />
information to the full board, and funds, including:<br />
Nominating and Governance, and<br />
n excessively compensated the university’s n On numerous occasions, the university Investment committees to increase transparency<br />
president.<br />
made excessive expenditures and borrowed<br />
and accountability.<br />
excessive funds without board approval, n Posting certain financial and investmentrelated<br />
The suit sought removal of certain board and failed to inform the full board when<br />
information, as well as certain<br />
members and the president, an overhaul of third-party consultants/auditors warned corporate governance documents, on the<br />
the university’s internal controls and accounting<br />
the school that its financial management corporation’s website.<br />
practices, repayment by the president of policies and activities were improper. n Adopting a gift acceptance policy contain-<br />
“unreasonable” compensation he received, n The university violated restrictions placed on ing guidelines for the acceptance of gifts,<br />
and damages from the defendants equal<br />
certain assets by donors when it improperly and a donors’ “bill of rights.”<br />
to the losses sustained by the university’s used such assets as collateral for loans, and n Working with outside consultants on,<br />
endowment resulting from their alleged<br />
also when it misappropriated trust assets. among other things, corporate governance<br />
mismanagement.<br />
n The university failed to properly segregate, and conflicts of interest policies.<br />
monitor, and account for gifts that had n Appointing a special counsel, a former<br />
The lawsuit was the outcome of a three-year been donated with restrictions on their use. New Jersey Supreme Court Justice, to<br />
investigation of the university’s financial<br />
monitor compliance for two years.<br />
management practices that initially began in The lawsuit was settled on January 15, 2010.<br />
response to suspicions raised by university Among other things, the settlement requires Conclusion<br />
trustees and alumni. In response to the suit, major corporate governance changes, including: The Stevens case is important because it is yet<br />
the university contended that the attorney n The president’s resignation, effective another indication that state attorneys general<br />
general overstepped her authority in trying July 1, 2010, and his repayment of the are becoming more vigilant in their enforcement<br />
to substitute her judgment for that of its loans granted to him by the institution.<br />
and oversight of the financial manage-<br />
board.<br />
n A prohibition on future loans from the corporation<br />
ment and corporate governance practices of<br />
to its officers, and the corporation nonprofit organizations.<br />
In her complaint, the attorney general cited acting as a guarantor for loans to any officer;<br />
numerous facts to support her allegation that n Setting term limits for trustees, including The case provides a valuable lesson for boards<br />
the university excessively compensated its the chairman and the vice-chairman, and of nonprofit hospitals and health systems by<br />
president, including:<br />
barring the chairman, the vice-chairman, identifying the types of activities and practices<br />
n Over a nine year period, the president’s and any member of the executive committee<br />
(or lack thereof) that are likely to become<br />
compensation grew by more than<br />
from serving on any other committee; the subject of scrutiny if a state attorney<br />
$700,000 (to over $1 million).<br />
n Reducing the powers of the Executive general were to review and/or investigate the<br />
n The president was one of the highest paid Committee to an advisory committee and corporate governance and related nonprofit<br />
college presidents in the United States, yet vesting the full board of trustees with the compliance issues of their organization. To<br />
the school’s operating budget was approximately<br />
exclusive power over certain financial, op-<br />
that end, all nonprofits should consider<br />
90% less than other universities erational, and compliance issues, including implementing the following practices:<br />
that paid comparable salaries.<br />
the power to approve the compensation n Evaluate internal financial management<br />
n In addition, the president received over of the president and the five highest paid and accounting practices with respect<br />
$1 million in allegedly illegal loans at below employees;<br />
to the administration of charitable gifts.<br />
market rates from the university, which were n Restructuring the responsibilities of the Be mindful of the importance of strong<br />
subsequently forgiven by the school.<br />
Audit Committee so that it will have oversight over restricted gifts and other<br />
Continued on page 31<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
27<br />
July 2010
REGISTER BY<br />
SEPTEMBER 8<br />
AND SAVE<br />
regiSter<br />
befOre<br />
AuguSt 31<br />
And SAve<br />
September 26–28, 2010<br />
Renaissance Harborplace Hotel<br />
Baltimore, MD<br />
The Fraud and <strong>Compliance</strong> Forum is jointly sponsored by<br />
the <strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association (HCCA) and the<br />
American <strong>Health</strong> Lawyers Association (AHLA). It will include<br />
an explicit designation of a session as “compliance focused”<br />
or “legal focused.” The Planning Committee has included<br />
enough sessions in each designation that an individual could<br />
attend all “compliance” sessions or all “legal” sessions for<br />
the entire program. Yet an attendee also has the option<br />
of selecting a diversity of sessions and networking with an<br />
expanded group of individuals. The Fraud and <strong>Compliance</strong><br />
Forum has the benefit of combining the quality of HCCA<br />
and AHLA sessions with the expanded networking power<br />
of a combined program.<br />
Learn more and register<br />
at www.hcca-info.org<br />
Physician<br />
Practice<br />
<strong>Compliance</strong><br />
Conference<br />
OCtOber 17–19, 2010<br />
Doubletree Hotel Philadelphia<br />
Philadelphia, PA<br />
Why yOu ShOuld Attend<br />
Physicians, compliance officers, coders, and<br />
managers will learn to manage an effective<br />
compliance program. Designed with networking in<br />
mind, the conference provides many opportunities<br />
for choosing breakout sessions covering<br />
topics of interest for all. Participants will learn<br />
about compliance program development and<br />
management as it relates to physician practices;<br />
current government initiatives in the field of<br />
health care compliance specific to physicians and<br />
their group practices; correct documentation,<br />
billing and coding practices for physicians; and<br />
best practices utilized in physician practices.<br />
learn more and register<br />
www.hcca-info.org<br />
July 2010<br />
28<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org
<strong>Health</strong> care<br />
compliance: Not<br />
ready for prime time<br />
By Raj Chaudhary, PE, CGEIT<br />
Editor’s note: Raj Chaudhary is a Principal The official responsible for security and privacy<br />
with Crowe Horwath LLP in the Oak Brook, (usually a chief security officer, chief risk officer<br />
Illinois office. He can be reached by telephone at or IT manager) at each of 77 U.S. health care<br />
630/586-5127 or by e-mail at raj.chaudhary@ organizations completed the survey. Most of<br />
crowehorwath.com.<br />
the executives were also contacted personally to<br />
verify and expand on their answers. Forty-two<br />
The U.S. health care industry is risking<br />
heavy fines, federal enforcement ties,” that is, public and private hospitals, doc-<br />
of the respondents were from “covered enti-<br />
action, and potentially serious civil tors, and insurance companies. The remaining<br />
and monetary penalties, because it is not 35 were from data processors, pharmacies,<br />
protecting the security and privacy of patient public health care vendors, and others classified<br />
electronic health records as required by law. under the law as “business associates.” Business<br />
The industry also risks an erosion of public associates, which provide services on behalf of<br />
confidence as the public becomes more aware a covered entity, are responsible for properly<br />
of the lack of industry action to prevent identity<br />
theft; unauthorized disclosure of health (PHI) to which they have access. The survey<br />
managing any protected health information<br />
information; stolen, lost, corrupted and respondents were primarily from larger organizations,<br />
those that could be expected to have<br />
hacked data; and other serious breaches of<br />
security and privacy. As a result, patients and more financial and human resources working<br />
their doctors may be less willing to put their on compliance. More than a third (37%)<br />
health records in any electronic database. of the respondents’ organizations had up to<br />
1,000 full-time employees, 35% had 1,001 to<br />
In a recent survey 1 of a broad spectrum of 10,000, and another 28% reported more than<br />
health care organizations, “Benchmark Study 10,000 full-time employees.<br />
of <strong>Health</strong>care Covered Entities and Business<br />
Associates,” 94% of the respondents admitted<br />
they were not in compliance with the was published in November 2009, just a few<br />
The study “Are You Ready for HITECH?”<br />
privacy and security provisions of the <strong>Health</strong> months before a February 2010 deadline for<br />
Insurance Portability and Accountability Act compliance with new and expanded security<br />
of 1996 (HIPAA) and its recently enacted and privacy standards. The full survey report<br />
complement and expansion, the <strong>Health</strong> can be downloaded at www.crowerhorwath.<br />
Information Technology for Economic and com/benchmark.<br />
Clinical <strong>Health</strong> Act of 2009 (HITECH).<br />
The study found a disturbing lack of Expanded law, higher penalties<br />
compliance with the federal laws as well as These new and expanded federal laws require<br />
inadequate planning, training, and preparing extensive electronic, physical and administrative<br />
programs, thorough staff training for compliance.<br />
and<br />
management to heighten security and protect<br />
patient privacy. They require periodic auditing<br />
and independent testing to help ensure that<br />
federal standards are met and that the privacy<br />
and security measures in place work as designed.<br />
HITECH has expanded and tightened the<br />
provisions of HIPAA so that they now apply<br />
to business associates as well as covered<br />
entities. Contracts between covered entities<br />
and their business associates must now specify<br />
how PHI is handled and used. Under the<br />
more recent legislation, moreover, all covered<br />
entities and business associates now must<br />
notify each individual affected when there is a<br />
security breach. When more than 500 records<br />
are breached, reporting to the media and to<br />
the U.S. Department of <strong>Health</strong> and Human<br />
Services within 60 days is mandatory.<br />
Penalties have increased sharply under<br />
HITECH, from $100 per violation (with a<br />
cap of $25,000 for multiple violations) to<br />
$1,000 per violation with a maximum of penalty<br />
of $100,000 for a violation resulting from<br />
“reasonable cause and no willful neglect.”<br />
In cases of neglect, the fine is now $10,000<br />
per violation (maximum of $250,000) if the<br />
violation is cured in 30 days and $50,000<br />
(maximum of $1.5 million per calendar year)<br />
if no timely corrective action is taken.<br />
The industry has been working under HIPAA<br />
privacy and security standards for at least four<br />
to six years. The three-part law was passed in<br />
1996, but the privacy sections became effective<br />
in 2003 and the security sections took<br />
effect in 2005. It has had a year to comply<br />
with the HITECH law that became effective<br />
Feb. 18, 2009.<br />
Surprisingly low compliance rates<br />
At the time of the survey, slightly more than<br />
1% of the respondents said their organization<br />
changes in IT procedures and information<br />
Continued on page 30<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
29<br />
July 2010
<strong>Health</strong> compliance: Not ready for prime time ...continued from page 29<br />
July 2010<br />
30<br />
had “achieved compliance already.” Close<br />
to 5% said their organization’s compliance<br />
program was “almost complete for near-term<br />
effective dates.” That left fully 94% unable<br />
to say their organization would meet the<br />
compliance deadline.<br />
Nearly 60% of the respondents admitted<br />
that they were not even fully aware of what<br />
they needed to do to comply. This<br />
included some 27% of respondents<br />
who said they were “barely aware of<br />
compliance actions needed.”<br />
There was some difference in<br />
readiness and awareness between<br />
those at the covered entities,<br />
which have had at least four to six<br />
years of experience with HIPAA<br />
privacy and security regulations,<br />
and respondents from the business associates,<br />
which have had less than a year to digest and<br />
comply with the new HITECH standards.<br />
The business associates also tend to be<br />
smaller firms with fewer financial and human<br />
resources to use for compliance programs.<br />
For example, nearly 30% of those at covered<br />
entities said they had “actions under way” to<br />
comply, while just 11% of the respondents<br />
from business associates gave that response.<br />
But the somewhat higher compliance rates<br />
claimed by officials at the covered entities<br />
were hardly reassuring, given their assumed<br />
familiarity with the 14-year-old HIPAA<br />
program. On one hand, more than 98% said<br />
they had a HIPAA Privacy Rule compliance<br />
program already in place, and 86% said their<br />
HIPAA Security Rule compliance program<br />
was in place. On the other hand, the survey<br />
revealed disturbingly low rates of updating<br />
and the required independent adequacy and<br />
quality testing for these programs. Some 80%<br />
said their programs had not been tested independently<br />
annually, or even every two years.<br />
Ten percent said they had never tested their<br />
privacy program, and nearly 20% admitted<br />
they had never independently audited their<br />
security system. Another 22% said only the<br />
in-house person responsible for the program<br />
had evaluated their privacy system. About one<br />
third (32%) said only the person responsible<br />
for the security system had tested that system.<br />
Significant percentages<br />
of respondents “seem to<br />
be uncertain about what<br />
they need to do in order<br />
to achieve substantial<br />
compliance.”<br />
As for updating, just 23% said they had<br />
modernized their privacy program and 32%<br />
said they had upgraded their security system<br />
since HIPAA went into effect in 1996. This<br />
left about 77% and 68%, respectively, with<br />
privacy and security systems that did not<br />
meet the standards for updating.<br />
Known deficiencies and lack of<br />
management support<br />
It is little wonder then that 54% of the<br />
respondents said they already knew of<br />
deficiencies in their privacy programs, and<br />
58% said they knew their security system had<br />
specific deficiencies. One significant cause of<br />
this problem, the privacy and security officers<br />
said, was the lack of support from management.<br />
Almost half (45%) said they did not<br />
have “management buy-in” for compliance<br />
with HITECH, and 53% said they did not<br />
“have sufficient resources” to comply fully.<br />
The study showed, for instance, that “despite<br />
the importance of compliance in the health<br />
care industries,” notably small proportions of<br />
the organizations’ compliance budgets – an<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
average of no more than 12.5% – were earmarked<br />
for information privacy and security.<br />
Again, the respondents’ experience with<br />
implementing the older and more familiar<br />
HIPAA program offers little confidence that<br />
their HITECH compliance will be very<br />
impressive. They were asked about ten different<br />
crucial privacy and security requirements.<br />
The highest compliance rate was just<br />
58%, and that was for one of the most<br />
basic requirements: procedures in<br />
place for fielding privacy and security<br />
complaints. Nearly half said they do<br />
not perform comprehensive, risk-based<br />
assessments of their handling of PHI.<br />
Nearly the same percentage of respondents<br />
conceded that their organizations<br />
have inadequate programs for storing<br />
and protecting electronic records. About<br />
half (47%) said their training is inadequate<br />
and does not meet federal standards, and<br />
44% said their incident response, business<br />
recovery, and disaster recovery programs were<br />
inadequate. Some 21% of the respondents<br />
said that even after 14 years, their organizations<br />
do not have an effective privacy policy<br />
that clearly describes the appropriate use and<br />
sharing of PHI.<br />
The picture that emerges from the survey<br />
is discouraging and disappointing. It does<br />
not show an aggressive, consistent, or<br />
well-executed approach to data management<br />
and protection and other key areas of<br />
privacy and security. It seems clear that most<br />
organizations are not ready for HITECH –<br />
apparently because they are still struggling<br />
with compliance issues within their existing<br />
HIPAA programs.<br />
The result: Data breaches<br />
The result for patient privacy and security<br />
is poor. Fully 91% of respondents admitted
State attorney general oversight of financial practices of<br />
nonprofit corporations ...continued from page 27<br />
they had experienced data breaches in the two<br />
years previous to the survey. More than half<br />
(55%) said that fewer than 10 patient records<br />
had been breached, but another 20% said<br />
their organization had experienced breaches<br />
containing between 10 and 500 patient<br />
records, and 15% reported breaches of 500<br />
to more than 10,000 records. Bear in mind<br />
that these figures are all self-reported and<br />
are probably best guesses for the most part,<br />
because accurate reporting systems required<br />
by the new law are not yet in place.<br />
The estimated cost of these violations of security<br />
and privacy systems, although they varied<br />
by the size of the organization involved, were<br />
significant. According to the respondents,<br />
average costs ranged from $130,000 for<br />
organizations with fewer than 100 employees,<br />
to $4.1 million for those with more than<br />
25,000 employees.<br />
Not surprisingly, a healthy percentage of the<br />
respondents said they could not close these<br />
compliance gaps and resolve crucial privacy<br />
and security issues without expert and experienced<br />
outside help. Nearly half, for example,<br />
said they would need outside help, such as a<br />
consultant or auditor to design and conduct<br />
a comprehensive risk analysis. Almost half<br />
(45%) said they would need external support<br />
to set up and perform effective staff training<br />
programs to make sure their privacy and<br />
security programs are implemented and work<br />
correctly. Between 36% and 42% said they<br />
would be looking for outside assistance to help<br />
ensure the compliance of marketing activities,<br />
improve complaint procedures, upgrade physical<br />
safeguards for electronic data protection,<br />
and manage their privacy programs.<br />
Even though most respondents acknowledged<br />
that their organizations’ HIPAA compliance<br />
programs are deficient, the survey found that<br />
implementing necessary controls or securing<br />
third-party assistance to help ensure compliance<br />
may be limited by budgetary constraints.<br />
This survey reveals the significant gaps in<br />
compliance with the federal security and<br />
privacy laws and reinforces the dire need for<br />
effective programs in the health care industry.<br />
The impact on patients can be enormous. The<br />
protection of patient information is a first<br />
line of defense against identity theft, which<br />
increased by 22% in 2008 and affected nearly<br />
10 million Americans by most estimates.<br />
Beyond that, the lack of proper controls of<br />
PHI can affect a patient’s reputation, family,<br />
and the ability to get and hold a job.<br />
The study concludes that “both covered<br />
entities and business associates face serious<br />
challenges in achieving substantial compliance<br />
with privacy rule and security rule<br />
requirements.” It emphasizes that leaders<br />
in both privacy and security “need to do a<br />
better job in making senior management<br />
aware of their organization’s current program<br />
deficiencies.” Just as troubling, it shows that<br />
significant percentages of respondents “seem<br />
to be uncertain about what they need to do in<br />
order to achieve substantial compliance.”<br />
“It is disappointing, though not surprising,<br />
to learn that a majority of companies do<br />
not believe they are prepared for the latest<br />
in health care information security regulations,”<br />
said Dr. Larry Ponemon, Chairman<br />
and founder of the Ponemon Institute. “Our<br />
research consistently finds that a lack of<br />
budgetary and moral support from the executive<br />
suite is a common barrier to proper data<br />
security and management programs, even<br />
with the specter of regulatory enforcement<br />
looming.” n<br />
1 The study was conducted by Ponemon Institute LLC, which researches<br />
and audits privacy management practices for business and government,<br />
and co-sponsored by Crowe Horwath LLP.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
donations and endowments, including<br />
conducting periodic audits.<br />
n Consider adopting a donor bill of rights<br />
and a gift acceptance policy.<br />
n To the extent necessary, modify or add<br />
policies and procedures to: (1) confirm,<br />
on a periodic basis, that executive compensation<br />
packages are appropriate; and<br />
(2) ensure there are clear and restrictive<br />
guidelines regarding loans to officers.<br />
n Consider engaging independent outside<br />
consultants to assist in the review, development,<br />
and ongoing implementation of<br />
various financial management, accounting,<br />
and corporate governance practices.<br />
n Review the powers of the entire board<br />
and of specific committees. The fact that<br />
a small group of individuals (whether of<br />
the board or of an executive committee<br />
or the like) are making all the decisions is<br />
likely to be of concern to a state attorney<br />
general.<br />
n Clearly delineate board committees and<br />
their respective powers, including adopting<br />
specific charters or mission statements for<br />
each committee.<br />
n Consider imposing term limits on board<br />
trustees.<br />
n Ensure transparency by making certain of<br />
the organization’s financial and governance<br />
practices publicly available. n<br />
The authors would like to thank Matthew<br />
McKennan, a law clerk with the firm, for<br />
his assistance with this article. The views and<br />
opinions expressed in this article are those of the<br />
authors and do not necessarily reflect those of<br />
Sills Cummis & Gross PC.<br />
1 For more on the State of New Jersey v. The Stephens Institute of Technology,<br />
see http://hoboken411.com/archives/27611<br />
31<br />
July 2010
July 2010<br />
32<br />
The Six Sigma<br />
compliance screening<br />
process: An engineer’s<br />
Editor’s note: Brady Ballman is a Senior Project<br />
Manager for John Sterling Associates LLC, a<br />
national compliance screening firm located in<br />
Cincinnati, OH. In his previous 15-year career<br />
as an engineer, he was involved in streamlining<br />
industrial processes and was awarded several<br />
patents for his unique ideas. He may be contacted<br />
at 800/909-5763 or by e-mail at<br />
BPB@sterlingresults.com.<br />
Engineers have a deeply-felt belief<br />
that nearly any problem can be<br />
solved through methodical analysis.<br />
Breaking down a problem into its fundamental<br />
components is, therefore, the first step in<br />
its solution. Then a process can be developed<br />
to yield the optimum outcome in the most<br />
efficient and effective manner.<br />
But how does this apply to compliance<br />
screening in your hospital? Well, many of the<br />
engineering concepts applied in manufacturing<br />
automobiles and televisions can also be useful<br />
in compliance screening your employees,<br />
physicians, and vendors. This article will<br />
systematically analyze your screening tasks<br />
and perils and will lay out a comprehensive<br />
process to make your compliance screening<br />
program robust and complete.<br />
The problem<br />
A typical hospital receives large amounts<br />
of federal dollars for services it renders to<br />
patients covered by Medicare, Medicaid, Tri-<br />
<strong>Care</strong>, and other federally purposed health care<br />
perspective<br />
By Brady Ballman, MBA<br />
programs. This benefit, however, comes with<br />
many strings attached. Much of your hospital’s<br />
compliance program flows from the need<br />
to maintain this funding stream by adhering<br />
to a wide range of federal requirements.<br />
<strong>Compliance</strong> screening is one of those requirements.<br />
In the first instance, the Office of the<br />
Inspector General (OIG) expects the hospital<br />
to check that a prospective new employee<br />
or newly accredited staff physician has not<br />
already been found to be excluded from federal<br />
health care programs. The OIG <strong>Compliance</strong><br />
Program Guidance for Hospitals 1 clearly<br />
states you need to “…prohibit the employment<br />
of individuals who have been recently<br />
convicted of a criminal offense related to<br />
health care or who are listed as debarred,<br />
excluded or otherwise ineligible for participation<br />
in Federal health care programs.”<br />
This is done by examining two federal compilations,<br />
the OIG’s List of Excluded Individuals/Entities<br />
(LEIE) and the General Services<br />
Administration’s (GSA) Excluded Party List<br />
System (EPLS). The former is concerned only<br />
with health care exclusions, while the latter<br />
also adds exclusions for reasons unrelated to<br />
health care.<br />
But why should exclusions for reasons<br />
unrelated to health care concern the hospital?<br />
It is because even non-health care fraud can<br />
disqualify a person from working in a hospital.<br />
The Federal Acquisition Streamlining<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
Act of 1994 states that parties barred or<br />
suspended from any federal program cannot<br />
participate in any other federally funded<br />
program.<br />
OIG, in its OIG Exclusion Authorities,<br />
claims a permissive authority to exclude,<br />
based on a prior conviction for “...Fraud,<br />
theft, embezzlement, breach of fiduciary<br />
responsibility, or other financial misconduct<br />
with respect to any act or omission in a<br />
program, other than a health care program,<br />
operated in whole or in part by any Federal,<br />
State, or local government agency.” This<br />
means that a given listing on the GSA EPLS<br />
can be sufficient to exclude a person for nonhealth<br />
care fraud convictions.<br />
New vendors, likewise, need to be checked<br />
against the two compilations before buying<br />
goods or services from them. OIG’s position<br />
is that providers cannot request reimbursement<br />
for any goods or services provided by an<br />
excluded business entity.<br />
Periodic re-screening of your current employees,<br />
physicians, and vendors is another express<br />
requirement to stay in OIG’s good graces. In<br />
the OIG Supplemental <strong>Compliance</strong> Guidance<br />
for Hospitals, 2 OIG states “...employees,<br />
contractors and medical staff [should be]<br />
checked routinely (e.g., at least annually).”<br />
In January 2009, another requirement was<br />
put in place by CMS when it issued a letter<br />
to state Medicaid directors advising that<br />
“States should require providers to search the<br />
HHS-OIG website monthly to capture exclusions<br />
and reinstatements that have occurred<br />
since the last search.” Furthermore, there is<br />
evidence that OIG now may be more likely<br />
to invoke the “knew or should have known”<br />
criterion when an exclusion is not promptly<br />
self-reported by a provider. The indication is<br />
that a civil monetary penalty (CMP) is more
likely if the provider failed to perform monthly<br />
rechecks. So, what was once an annual<br />
rechecking requirement now seems to have<br />
morphed into de facto monthly rechecking.<br />
Another part of the compliance screening<br />
problem is the imprecision of exact matching<br />
of first name and last name pairs when searching<br />
federal lists. As an example, your employee<br />
“Dick Smith” will not show a match to the five<br />
persons currently excluded as “Richard Smith”<br />
yet, he actually could be one of them. In more<br />
technical terms, this method of comparing<br />
names can result in “false negatives.” If his<br />
exclusion were found in the future, a repayment<br />
and possible CMP could be significant.<br />
There are hundreds of shortened or alternative<br />
spellings of common first names which can<br />
result in a false negative.<br />
Dick could be Richard.<br />
Bill could be William.<br />
Becky could be Rebecca.<br />
(And each could be excluded)<br />
Any input error can also result in a false<br />
negative. If you accidentally screen “Richard<br />
Smiht” but meant “Richard Smith”, you will<br />
miss a match and a possible exclusion. The<br />
expression “garbage in-garbage out” certainly<br />
applies to compliance screening.<br />
Grant once was Lee.<br />
Brown once was Green.<br />
Likewise, if you are screening “Roberta<br />
Grant-Lee” or “Roberta Grant Lee” an exclusion<br />
may be missed without checking both<br />
her name variants, Grant and Lee. Changing<br />
surnames is probably the most common<br />
method used by an excluded person to<br />
circumvent detection as a hospital new-hire.<br />
Six Sigma solution<br />
Six Sigma teaches engineers to improve the<br />
quality of process outputs by identifying and<br />
removing the causes of defects (errors) and variability<br />
in manufacturing and business processes.<br />
This is achieved by isolating the components<br />
of a problem, brainstorming and developing<br />
possible fixes, evaluating each potential solution,<br />
and then melding them into the best overall<br />
solution. Here are six recommended steps to<br />
create a thorough screening process.<br />
Step 1. Get good data— “Garbage in,<br />
garbage out”<br />
Whether you are screening persons or<br />
businesses for the first time or rescreening<br />
them every month, data quality is very<br />
important for good results. This information<br />
has to be accurate and free of typos. Also,<br />
it’s a good idea to make sure there are no<br />
duplicate entries to further add to your work.<br />
Invest the time to ensure quality data, or the<br />
remaining steps will become meaningless<br />
while costing you time and possibly money.<br />
Step 2. Expand the data— “Use a shotgun<br />
instead of a rifle”<br />
The best practice is to check a name and all<br />
its possible alternatives to be screened against<br />
the databases.<br />
Watch for shortened first names. For the<br />
most accurate results, Ed <strong>Johnson</strong> can be<br />
crosswalked as “Edwin <strong>Johnson</strong>”, “Edmund<br />
<strong>Johnson</strong>”, “Edmond <strong>Johnson</strong>”, “Edward<br />
<strong>Johnson</strong>”, “Edison <strong>Johnson</strong>”, “Edgar <strong>Johnson</strong>”<br />
and any other possible variant (see figure 1).<br />
Watch for hyphenated and compounded surnames<br />
as well. Bonnie Bell could marry and<br />
chose to be called Bonnie Bell, Bonnie Brown,<br />
Bonnie Bell-Brown or Bonnie Bell Brown.<br />
An employee with a middle name that could<br />
Continued on page 34<br />
Watch out for extra spaces in names or<br />
misplaced commas, because the federal<br />
database search engines are set up for exact<br />
character matching, and a typo can give you a<br />
false negative result. You could be mistakenly<br />
giving an excluded party the “all clear.”<br />
A related problem is last name changes from<br />
marriage or divorce. If an excluded Betty<br />
Brown remarries and now is Betty Green, a<br />
simple search of her current name will not Figure 1<br />
find her exclusion.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
33<br />
July 2010
The Six Sigma compliance screening process: An engineer’s perspective ...continued from page 33<br />
be a former last name, such as Susan Smith<br />
Jones, needs to be checked under both names,<br />
Susan Smith and Susan Jones. This is necessary<br />
because she may have been excluded<br />
under a maiden name or resumed a prior<br />
name after a divorce.<br />
Your employment application form should<br />
require the applicant to divulge any other<br />
surname they have ever used. These other<br />
surnames should be checked at time of hire<br />
and then with every subsequent rescreening.<br />
It is possible to perform a correlation analysis<br />
that can identify a person excluded under a<br />
former surname who omitted that on their<br />
application form. However, the level of<br />
expertise required for this analysis is normally<br />
only done by professionals.<br />
the federal data you used so you can prove later<br />
that the failure to match was not your fault.<br />
Step 4. Collect potential matches for<br />
further scrutiny— “Pull in the nets”<br />
A potential match occurs when one of your<br />
names has the same components as one (or<br />
more) of the federal or state data. If you are<br />
only checking a few names, your probability<br />
of getting a potential match is fairly low. But,<br />
if you have thousands of names to check, you<br />
will get numerous potential matches.<br />
Now it’s time to determine if any of those<br />
potential matches you’ve generated are<br />
genuinely positive exclusions. This is where<br />
you earn your stars as a compliance screener.<br />
Let’s say your employee Barbara Smith is<br />
a potential match to the Barbara J. Smith<br />
excluded by OIG. More information to<br />
compare your employee with the excluded<br />
person is a necessity at this point.<br />
Information such as the employee’s date of<br />
birth, middle name, Social Security number,<br />
July 2010<br />
34<br />
Step 3. Match your data against the<br />
databases—“Looking for trouble”<br />
Once your data has been prepared and<br />
expanded, it needs to be checked against the Figure 2<br />
federal databases; namely the OIG database<br />
online at http://exclusions.oig.hhs.gov/ and<br />
the GSA database at https://www.epls.gov/<br />
epls/search.do, plus any required state lists.<br />
Each website allows names to be entered oneby-one<br />
to find matches with excluded people<br />
and companies.<br />
A rule of thumb is that approximately<br />
5%–10% of your data will match at this stage<br />
(i.e., for every 1,000 employees checked,<br />
normally there are 50 to 100 potential<br />
matches to resolve). If you have significantly<br />
less, you may not be checking as thoroughly<br />
as you should (see figure 2).<br />
current address, taxonomy, licenses, prior<br />
residences, hire date, etc. can be extremely<br />
beneficial to determine whether your<br />
employee indeed is or is not the excluded<br />
party. Taxonomy refers to the employee’s<br />
professional classification. This can be<br />
referenced for medical providers by reviewing<br />
The more cumbersome type of checking is<br />
the periodic rescreening of all employees,<br />
physicians, and vendors. For this “global”<br />
A robust, thorough screening<br />
process will generally find<br />
their NPI data at websites such as https://<br />
nppes.cms.hhs.gov. Essentially, for reviewing<br />
potential matches, one can rule out a John<br />
rechecking, a more efficient approach is to<br />
Smith tentative match if your employee is a<br />
about 5%–10% of your data<br />
download the respective databases (per each<br />
chiropractor and is matched to a John Smith<br />
site’s instructions). With the downloaded to be potential matches! who is an excluded dentist. Their taxonomy<br />
files, you can then make comparisons to your<br />
data and identify potential matches.<br />
Most of these potential matches are false positives.<br />
Simply put, there are many people and<br />
differs (a chiropractor is not a dentist). 3<br />
This determination can take a fair amount<br />
of time to do, but it is absolutely critical in<br />
A note of caution—federal databases often<br />
retroactively add back-dated exclusion<br />
records. This can make it appear that you<br />
missed a valid match when it turns up in a<br />
future rescreening. Protect yourself by retaining<br />
businesses that share common names, but only<br />
a few of them are actually excluded parties.<br />
Step 5. Resolve potential matches—<br />
“Apples-to-apples or apples-to-oranges?”<br />
making an informed judgment. Be certain<br />
to keep copies of all your work in case<br />
you need to show how you arrived at your<br />
conclusions.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org
Should you find an excluded party, following<br />
these steps is recommended:<br />
1. Double check to make absolutely sure<br />
that you have an excluded party.<br />
2. Review your findings with your compliance<br />
officer and legal counsel. The likely<br />
result will be to immediately terminate<br />
the excluded party’s relationship with your<br />
hospital.<br />
3. Notify OIG and disclose all pertinent<br />
information.<br />
4. Plan on repaying affected federal funds.<br />
You might also be penalized, possibly including<br />
CMPs of up to $10,000 for each<br />
wrongful submission.<br />
Step 6. Repeat the process—“Repeat,<br />
repeat, repeat”<br />
Yes, that means you need to redo the whole<br />
global process periodically. This frequency<br />
once was defined as “at least annually” but<br />
now may become a monthly requirement.<br />
Part of the answer is to make your procedures<br />
more efficient. One example is mining your<br />
data from previous screenings. In most hospitals,<br />
the departure rate of employees (e.g.,<br />
quits, terminations, etc) is perhaps 20% each<br />
year. Of course, this means that a high percentage<br />
of the persons with potential matches<br />
this time also had the same potential matches<br />
in the previous screening. By accessing your<br />
historical records from previous screenings,<br />
you save yourself from needlessly reevaluating<br />
the potential matches that reappear<br />
each time. Just be sure to confirm that your<br />
person or entity and the potential matching<br />
record are completely identical in all data<br />
fields before dismissing it as a repeat. Also,<br />
keep in mind that records can be retroactively<br />
inserted and exclusions can take longer than a<br />
year to appear on the listed sites.<br />
In a broad sense, finding more efficient<br />
ways to tackle a recurring process is what we<br />
gearheads call “engineering the costs out.”<br />
This means making your product easier,<br />
cheaper, faster, and better with the resources<br />
at your disposal. By using a Six Sigma<br />
approach, a better compliance screening<br />
process can be designed to help you and your<br />
hospital save time and money. n<br />
1 Available at http://oig.hhs.gov/authorities/docs/cpghosp.pdf<br />
2 Available at http://ftp.resource.org/gpo.gov/register/2005/2005_4876.<br />
pdf<br />
3 Available at http://www.cms.hhs.gov/SMDL/downloads/SMD011609.<br />
pdf<br />
4 To see the matches for John Smith, see https://nppes.cms.hhs.gov/<br />
NPPES/DisplayProviderDetails.do?searchNpi=&city=&firstName=john<br />
&orgName=&searchType=ind&state=&npi=1497758122&orgDba=&l<br />
astName=smith&zip=<br />
Be Sure to Get<br />
Your <strong>CHC</strong> CEUs<br />
Articles related to the quiz in this issue<br />
of <strong>Compliance</strong> Today:<br />
n Opportunity knocks for hospital<br />
boards to impact clinical quality —<br />
By Janice A. Anderson and<br />
C. Jason Hannagan, page 6<br />
n Waived laboratory tests: Meeting<br />
regulatory requirements and<br />
implementing best practices —<br />
By Melissa Scott, page 12<br />
n Managing employee turnover in a<br />
shrinking workforce —<br />
By Joyce Freville, page 38<br />
To obtain one CEU per quiz, go to www.<br />
hcca-info.org/quiz and select a quiz.<br />
Fill in your contact information, read<br />
the articles, and take the quiz online. Or,<br />
print and fax the completed form to Liz<br />
Hergert at 952/988-0146, or mail it to<br />
Liz’s attention at HCCA, 6500 Barrie<br />
Road, Suite 250, Minneapolis, MN<br />
55435. Questions? Please call Liz Hergert<br />
at 888/580-8373.<br />
<strong>Compliance</strong> Today readers taking the<br />
CEU quiz have one year from the<br />
published date of the CEU article to<br />
submit their completed quiz.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
35<br />
July 2010
Privacy and security<br />
risk assessment based<br />
on GRC principles<br />
Editor’s note: Andy Reeder is Director,<br />
HIPAA Privacy and Security at Rush<br />
University Medical Center in Chicago.<br />
Andrew may be contacted by e-mail at<br />
andrew_reeder@rush.edu or by telephone<br />
at 312/942-2995<br />
Every health care organization is<br />
faced with conducting a privacy<br />
and security risk assessment at some<br />
point in time. This may be to address regulatory<br />
requirements found in HIPAA, or<br />
may simply be a proactive business need to<br />
identify gaps against best practices. With the<br />
advent of the <strong>Health</strong> Information Technology<br />
for Economic and Clinical <strong>Health</strong> Act<br />
(HITECH) and the various amendments<br />
to <strong>Health</strong> Insurance Portability and<br />
Accountability Act of 1996 (HIPAA) privacy<br />
and security requirements, now is a good<br />
time for health care organizations to consider<br />
dusting off older privacy and security assessments<br />
and re-considering how well they are<br />
complying with HIPAA. This can be done<br />
more effectively by applying the principles of<br />
Governance, Risk, and <strong>Compliance</strong> (GRC)<br />
to guide new risk assessment efforts.<br />
Year X RISK ASSESSMENT<br />
RISK ASSESSMENT<br />
By Andy Reeder, CISSP, CISA, CISM<br />
Deficiencies<br />
Reviewed<br />
Deficiencies<br />
Reviewed<br />
Gap<br />
Assessment<br />
Year Y RISK ASSESSMENT<br />
RISK ASSESSMENT<br />
Methodology<br />
A traditional approach toward the assessment<br />
of privacy and security risk is to compare<br />
an institution’s “current state” and industry<br />
best practices in order to produce a gap<br />
analysis. This method produces useful results,<br />
but often doesn’t consider compliance or<br />
governance issues that would add to a risk<br />
view that includes regulatory concerns and<br />
organizational effectiveness. By expanding the<br />
gap analysis criteria to include considerations<br />
of GRC, the institution can gain a better<br />
understanding of overall risk.<br />
GRC best practices have been part of a wave<br />
over the past several years to break down silos<br />
that have traditionally existed between areas<br />
of common interest, such as corporate compliance,<br />
risk management, internal audit, and<br />
legal affairs. There has been universal recognition<br />
that many of these corporate functions<br />
often work on similar interests and have a<br />
focus on similar federal and state regulations.<br />
The GRC filter adds a new dynamic to the<br />
privacy and security risk assessment:<br />
Deficiencies<br />
Reviewed<br />
Deficiencies<br />
Reviewed<br />
Year Z RISK ASSESSMENT<br />
RISK ASSESSMENT<br />
Deficiencies<br />
Reviewed<br />
Governance “G” – Is there senior management<br />
support for privacy and security efforts?<br />
Does the organization respond to regulatory<br />
concerns? The response effectiveness can<br />
often be shown by looking at what assessments<br />
have previously been done, which<br />
deficiencies were reported, and which were<br />
acted on over time (see figure 1). If many of<br />
the reported deficiencies have not been acted<br />
on, then the governance of the institution’s<br />
privacy and security efforts may not be as<br />
effective as it could be.<br />
Risk “R” – What are the operational risks to<br />
privacy and security? Where is PHI processed<br />
and stored, and how is it transmitted electronically?<br />
How is this information secured?<br />
Oftentimes, vulnerabilities associated with<br />
the use of PHI are assessed and compared to<br />
threats that exist – both internal and external.<br />
The summary of PHI information assets,<br />
vulnerabilities, and threats (see figure 2) will<br />
provide a depiction of operational risk.<br />
RISK<br />
V U LN E R A B ILIT IE S<br />
D<br />
ESTRUCTION<br />
S T O R A G E<br />
INFO<br />
ASSET<br />
(PHI)<br />
R E T E N T IO N<br />
T R A N S M IS S IO N<br />
T H R E A T S<br />
Figure 2<br />
<strong>Compliance</strong> “C” – What are the federal<br />
and state regulatory concerns for privacy and<br />
security? HIPAA is the most obvious, but<br />
other regulations must be considered. The<br />
compliance assessment determines what your<br />
organization has actually done to comply<br />
with requirements and where it may have<br />
fallen short (see figure 3).<br />
U SE<br />
July 2010<br />
36<br />
Figure 1<br />
Gap<br />
Assessment<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org
Privacy<br />
Regulation<br />
Requirements<br />
Security<br />
Regulation<br />
Requirements<br />
Figure 3<br />
Planning<br />
X<br />
X<br />
XXXX<br />
Implementation<br />
XXXX<br />
Implementation<br />
Planning for a GRC-focused risk assessment<br />
is not much different from more traditional<br />
assessment methods. A scope, project plan,<br />
schedule, resource assignments, and budget<br />
need to exist. The number and type of<br />
resources assigned obviously influences the<br />
schedule and time line for completing the<br />
project and often determines how best to<br />
gather and assess information. If resources<br />
are limited, then you must be innovative in<br />
how information is gathered and in what<br />
tools are used. Automated survey tools help<br />
immensely in gathering information from a<br />
wide array of individuals in a short amount<br />
of time. A multi-phased approach should be<br />
used to manage the assessment in distinct but<br />
interlocking phases (see figure 4):<br />
o Developing the assessment model and<br />
approach<br />
o Preparing the project plan<br />
o Developing the deliverable model<br />
o Determining guiding principles<br />
n Phase II – Assessment Kick-off: The<br />
kick-off brings together the resources<br />
to be used and sees the formation the<br />
project team. Presentations are made to<br />
key project stakeholders (e.g., <strong>Compliance</strong><br />
Committee) about the project during the<br />
kick-off.<br />
n Phase III – Information Gathering:<br />
Information about the institution’s current<br />
state is collected from various sources:<br />
o Past assessments/audits<br />
o Interviews with management and staff<br />
o Document review<br />
o Best practice collections<br />
o Consultation with subject matter experts<br />
o Observations<br />
o Systems audits<br />
n Phase IV – Risk Analysis: The aggregate<br />
privacy and security data that was collected<br />
about the current state is analyzed.<br />
From this, a consideration of risk is made<br />
to determine and prioritize risks as high,<br />
medium, or low.<br />
n Phase V – Roadmap/Budgeting: After<br />
the risk analysis, mitigation steps are<br />
n Phase VI – Reporting: A final report of<br />
the risk assessment results must be produced<br />
and presented to stakeholders.<br />
Analysis<br />
The GRC assessment approach is different<br />
from other, more traditional methods of<br />
assessing privacy and security, in that it<br />
achieves a more integrated view of risk—one<br />
that considers privacy and security from<br />
several functional viewpoints rather than<br />
being more technically focused. The GRC<br />
approach goes beyond just performing a<br />
technical gap analysis against best practices.<br />
It also considers what may cause the gaps:<br />
What is management’s view of operations? Is<br />
there something missing from the regulatory<br />
compliance program?<br />
A risk assessment has many benefits but, of<br />
course, none of these will be realized without<br />
finishing the effort with a complete risk<br />
analysis and mitigation plan. The data gathered<br />
must be critically evaluated to identify<br />
prioritized organizational risks. Given limited<br />
resources, your institution will want to<br />
concentrate on those considered most critical.<br />
The risk mitigation plan must consider what<br />
steps need to be taken that make sense from a<br />
cost-benefit perspective.<br />
Planning<br />
Figure 4<br />
Assessment<br />
Kick-Off<br />
Information<br />
Gathering<br />
n Phase I - Planning: The steps needed<br />
to lay out the schedule and to identify<br />
objectives and tasks for the risk assessment<br />
include:<br />
o Determining scope/objectives<br />
o Identifying the sponsor and resources<br />
to be used<br />
Risk<br />
Analysis<br />
Roadmap<br />
Budgeting<br />
Reporting<br />
determined that will lower risk. There<br />
will likely be a number of recommendations,<br />
so, these will be brought together<br />
into a roadmap of future efforts. These<br />
efforts need to be reflected in the annual<br />
<strong>Compliance</strong> Plan for Privacy and Security<br />
and, at an appropriate time, the projects<br />
recommended for implementation need to<br />
be considered for budgeting.<br />
In the end, the privacy and security risk<br />
mitigation plan should be blended into the<br />
overall multi-year compliance plan to achieve<br />
continuous improvement in privacy and<br />
security efforts. This shows any outside auditor<br />
that the institution has taken the proactive<br />
steps toward achieving regulatory compliance.<br />
The GRC approach to the privacy and<br />
security risk assessment contributes toward<br />
the overall compliance program goals of not<br />
only identifying and responding to risk issues,<br />
but also of preventing them as well.n<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
37<br />
July 2010
July 2010<br />
38<br />
Managing employee<br />
turnover in a<br />
shrinking workforce<br />
Editor’s Note: Joyce Freville is the Vice President<br />
and Chief <strong>Compliance</strong> Officer for Trilogy <strong>Health</strong><br />
Services, LLC in Louisville, Kentucky. Joyce may<br />
be contacted by telephone at (502) 213-1725 or<br />
by e-email at jfreville@trilogyhs.com.<br />
The present long-term care landscape is<br />
full of opportunities to both succeed<br />
and to fail. One of the best methods<br />
to increase the chances of success, both in<br />
quality and financial terms, is to monitor and<br />
manage employee retention. Over the next<br />
half century, the number of individuals who<br />
use long-term care facilities (e.g., nursing<br />
facilities, alternative residential care, or home<br />
care services) will increase, while the number<br />
of qualified staff will decrease.<br />
Let’s look at the landscape we presently face.<br />
Although the future demand for long-term<br />
care (LTC) cannot be precisely predicted, in<br />
2002, the U.S. Government Accountability<br />
Office estimated that spending on LTC will<br />
increase two-and-a-half to four times over the<br />
next 40 to 50 years, reaching $379 million<br />
per year. Furthermore, according to the US<br />
Bureau of Census, the number of Americans<br />
over age 65 will increase by approximately<br />
36.4 million by the year 2030. That equates to<br />
approximately 71.4 million people age 65 and<br />
older, an increase of 104.2%, and they will be<br />
approximately 20% of the US population. 1<br />
The Baby Boomer generation is the fastest<br />
growing segment of the population in the<br />
United States, and encompasses individuals<br />
born between 1946 and 1964. During<br />
this period, the U.S. saw an explosion in<br />
By Joyce Freville, PhD, <strong>CHC</strong><br />
birthrates never seen before and not seen<br />
since. The increased longevity of the Baby<br />
Boomer generation will cause a substantial<br />
increase in the size of the elderly population<br />
in the coming decades, and will increase the<br />
demand for long-term care services.<br />
In fact, about 44% of the current population<br />
over 65 will use a nursing home at some<br />
point. By 2050, the nursing home population<br />
is expected to increase to 5.4 million, about<br />
260% greater than in 2000, and the number<br />
of those using home health care to 2.3 million,<br />
about 156% greater than in 2000. 2 Furthermore,<br />
with the increase in Americans over<br />
age 65, there will be a greater need for clinical<br />
workers; however, a nation-wide shortage of<br />
nurses is predicted. The combination of the<br />
personnel shortage, increase in senior citizens,<br />
and the current turnover trend poses a significant<br />
problem to the US health care system.<br />
As Baby Boomers retire, more health care<br />
workers will leave the workforce. Because<br />
Baby Boomers make up such a large part<br />
of the current nursing workforce, this will<br />
create a severe shortage. Furthermore, because<br />
Baby Boomers will make up 20% of the US<br />
population, they will require more health care<br />
as a part of the aging process. 1 Essentially,<br />
the providers will become the recipients of<br />
health care services. With advancement in<br />
medical technology, people are living longer.<br />
With seniors occupying such a large segment<br />
of the population, it is predicted that there<br />
will be a major financial strain on the health<br />
care industry as a whole when they retire; not<br />
only because they will require health care, but<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
also because they will no longer contribute as<br />
much to the tax base that funds the Medicare<br />
and Medicaid Programs.<br />
<strong>Health</strong> care cost<br />
The U.S. spent $2.3 trillion on health care in<br />
2008, or $7,681 per person. This amounted<br />
to 16.2% of the nation’s gross domestic product<br />
(GDP). <strong>Health</strong> care is predicted to rise<br />
to 25% of GDP in 2025 and 49% in 2082. 3<br />
More than a fifth of health care spending<br />
is on Medicare. Moreover, this represents<br />
about 16.2% of the federal budget and 3.5%<br />
of the GDP. Medicare is funded through a<br />
combination of payroll taxes (41%), general<br />
tax revenues (39%), premiums paid by the<br />
elderly (12%), and other sources, such as<br />
interest earned on a trust fund established for<br />
the program. 4 Conversely, Medicaid makes<br />
up approximately 2.6% of the GDP and<br />
represents about one fourth of state expenditures<br />
and approximately 50% of incremental<br />
spending. Over the past five years, Medicaid<br />
enrollment has increased by 40% and will<br />
continue to grow as Baby Boomers age. 4<br />
Long-term care<br />
Based on a study by the Department of <strong>Health</strong><br />
and Human Services in 2005, it is estimated<br />
that by 2050, the total number of individuals<br />
who will need LTC services will increase to<br />
approximately 27 million. The aging of the<br />
Baby Boomer generation is the most significant<br />
factor contributing to the demand. The number<br />
of elderly people is expected to more than<br />
double over the next 50 years, increasing from<br />
approximately 8 million to 19 million. The<br />
trends in the size of demand for LTC will follow<br />
trends of the aging Baby Boomer generation.<br />
When Baby Boomers start to reach age 75 in<br />
2021, the use of institutional and home care will<br />
increase significantly. The demand will increase<br />
even more sharply around 2040, when the<br />
majority of Baby Boomers are in their eighties.
Although the demand for skilled nursing facilities<br />
will increase, based on the estimated size of<br />
the US population over age 65, trends suggest<br />
that the majority of the increased growth in<br />
LTC will be in assisted living/residential care<br />
and in-home and community-based services. 5<br />
Shortage of health care workers<br />
Because of the increased demand for health<br />
care services, coupled with the on-going<br />
nursing shortage, the supply of registered<br />
nurses (RN), licensed practical nurses (LPN)<br />
and certified nurse aides (CNA) needs to be<br />
increased. Earlier studies show a slow but<br />
steady decrease in the total number of skilled<br />
beds, but it is predicted that there will still be<br />
a significant gap in the supply and demand for<br />
health care workers. 6,7 This prediction is based<br />
on the influx of the aging population and<br />
their increased life expectancy after retirement.<br />
Currently, qualified health care workers are<br />
in short supply. A study by the American<br />
<strong>Health</strong>care Association in 2008 shows a gap<br />
of approximately 109,000 workers. This gap is<br />
likely to increase, partly because of the need to<br />
replace the retiring Baby Boomers. 7<br />
In the 2007 study conducted by the<br />
American <strong>Health</strong> <strong>Care</strong> Association (AHCA),<br />
nursing vacancy and employee turnover rates<br />
at nursing homes were examined to assess<br />
their ability to recruit new staff. AHCA sent<br />
the survey to 15,558 eligible nursing facilities<br />
in the U.S., and management from 25%<br />
of the facilities completed and returned the<br />
survey questionnaire. The survey instrument<br />
collected information about six nursing staff<br />
positions, specifically the:<br />
n number of established and vacant positions<br />
as of June 30, 2007,<br />
n number of employees who left the facility<br />
during the six-month period from January 1<br />
through June 30, 2007, and<br />
n relative difficulty the nursing home experienced<br />
in recruiting key nursing staff.<br />
Data were collected in the following six<br />
nursing staff categories: Director of Nurses<br />
(DON), RNs with administrative responsibilities<br />
(Administrative RNs), staff RNs, LPNs,<br />
CNAs, and non-certified nursing aides. Data<br />
for the five main nursing staff categories were<br />
reported, but data on non-certified aides were<br />
insufficient for meaningful analysis and were,<br />
therefore, not included in this report.<br />
The study found that in 2007, nearly 109,900<br />
full-time equivalent health care professionals<br />
were needed to fill vacant nursing positions at<br />
nursing homes across the United States. It was<br />
estimated that close to 60,300 vacancies were<br />
for CNA positions, 19,400 were for staff RN<br />
positions, and 24,200 were for LPN positions.<br />
Overall, nursing position vacancies increased<br />
14.7% from 2002 to 2007, from about 95,800<br />
vacancies in 2002 to about 109,900 in 2007. 6, 7<br />
This gap will widen as more Baby Boomers<br />
leave the workforce. Not only is the shortage<br />
of workers a challenge, employee retention<br />
in LTC is a major issue, especially in the days<br />
ahead, due to Baby Boomers retiring and the<br />
current economic recession.<br />
Staffing and turnover<br />
Given the preceding evidence indicating a<br />
drastic shift in LTC market demographics<br />
and staffing requirements, maintaining low<br />
employee turnover rates appears essential to<br />
meeting future demand for quality nursing<br />
home care. High employee turnover rates effect<br />
quality of care and have financial consequences<br />
for the federal and state governments that<br />
collectively pay for most of the care provided<br />
in nursing homes. When employee turnover<br />
increases, the workload for the staff that remains<br />
in place also increases. This in turn causes stress<br />
levels to climb, overtime pay becomes routine,<br />
and consequently, more nurses and nurse aides<br />
leave because they are over-burdened and may<br />
not be able to meet the needs of their residents.<br />
Continued on page 40<br />
Author Debbie<br />
Troklus has revised<br />
and updated<br />
<strong>Compliance</strong> 101<br />
to reflect recent<br />
developments in<br />
compliance.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
<strong>Compliance</strong><br />
101<br />
Second Edition<br />
This essential guide to<br />
health care compliance<br />
will help you build a<br />
compliance program<br />
The second edition includes:<br />
• Up-to-date compliance<br />
information<br />
• A brand-new chapter dedicated<br />
to HIPAA regulations<br />
• An expanded glossary with<br />
additional new terms and<br />
definitions<br />
• Expanded appendixes,<br />
including a selection of<br />
additional new and userfriendly<br />
sample documents<br />
If you’re planning to<br />
become Certified in<br />
<strong>Health</strong>care <strong>Compliance</strong>,<br />
<strong>Compliance</strong> 101 is an<br />
invaluable study aid for the<br />
<strong>CHC</strong> examination.<br />
To order, visit the<br />
HCCA Web site<br />
at www.hcca-info.org.<br />
39<br />
July 2010
HCCA’s 2010<br />
RegionAl<br />
ConfeRenCes<br />
HCCA’s regional one‐day conferences<br />
provide high‐quality, convenient,<br />
inexpensive education and networking<br />
opportunities. don’t miss the<br />
opportunity to attend one in 2010!<br />
new englAnd<br />
September 13, 2010 | Boston, MA<br />
UppeR Midwest<br />
September 16, 2010 | Minneapolis, MN<br />
Managing employee turnover in a shrinking workforce<br />
...continued from page 39<br />
Furthermore, high rates of employee turnover can lead to chronic low<br />
staffing levels that can result in declines in the quality and continuity of<br />
care for residents, more adverse events for patients (e.g., medical errors),<br />
higher patient mortality rates, and the need to close beds or defer<br />
patients to other facilities. 8 Moreover, the cost related to high turnover<br />
can affect the financial performance of organizations.<br />
Cost of turnover<br />
Staff turnover within the LTC industry continues to increase at a significant<br />
rate. 6,7 National averages show the overall turnover rate ranges from<br />
38% to 50% for LPNs, RNs, and administrators, and 66% for CNAs. 7<br />
Turnover increases costs associated with recruitment and training as well<br />
as affecting quality of care and customer satisfaction. For example, a<br />
turnover rate of 45% among 2.6 million LTC workers costs about $4.1<br />
billion per year. Furthermore, it can lead to inadequate staffing levels<br />
which results in decreased continuity of care. 9,10,11<br />
July 2010<br />
40<br />
Midwest<br />
September 24, 2010 | Overland Park, KS<br />
noRtH CentRAl<br />
October 1, 2010 | Indianapolis, IN<br />
eAst CentRAl<br />
October 8, 2010 | Pittsburgh, PA<br />
HAwAii<br />
October 15, 2010 | Honolulu, HI<br />
MoUntAin<br />
October 22, 2010 | Denver, CO<br />
Mid CentRAl<br />
November 5, 2010 | Louisville, KY<br />
soUtH CentRAl<br />
November 12, 2010 | Nashville, TN<br />
deseRt soUtHwest<br />
November 19, 2010 | Scottsdale, AZ<br />
leARn MoRe<br />
And RegisteR<br />
www.HCCA‐info.oRg<br />
In addition to influencing the financial health of providers and quality<br />
of care that LTC residents receive, turnover affects the efficiency of<br />
resource allocation within the Medicare and Medicaid programs.<br />
Inadequate staffing levels are the primary reason for poor quality of care<br />
in nursing homes. 9<br />
Although many turnover costs are borne by providers, others are borne<br />
directly or indirectly by direct care workers themselves, by consumers<br />
and their families, and by the public sector. The exact costs are difficult<br />
to measure, but the evidence suggests that the price paid by government<br />
payers for turnover in LTC is approximately $2.5 billion. 10<br />
How employee turnover impacts quality<br />
In a qualitative study conducted by Mascio, 12 data from 251 caregivers<br />
(i.e., RN, LPN, and nurse aides) were used to examine job satisfaction<br />
scores of these caregivers and what characteristics of these caregivers are<br />
associated with job satisfaction. The data were collected from two nursing<br />
homes over a two-and-a-half year period with five periods of data<br />
collection at six-month intervals. The Job Description Index was used to<br />
collect job satisfaction data. Mascio concluded that there is a consistent<br />
association between job satisfaction and the quality of resident care, even<br />
affecting the mortality rate of the elder person. Furthermore, employees<br />
who experience a higher job satisfaction proved to be better caregivers.<br />
In this study, the residents felt well-cared for when employees had higher<br />
job satisfaction. Based on these results, nursing home management<br />
should take measures to improve employee satisfaction that will improve<br />
the quality of care and help create a warm and loving environment for<br />
residents. 12<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org
A subsequent study by Kash and Naufal 13<br />
linked the level of quality provided by skilled<br />
nursing facilities to employee turnover. Findings<br />
by Kash and Naufal suggest that high<br />
quality nursing homes have higher employee<br />
satisfaction, and have a better chance or<br />
retaining RNs. Therefore, they have lower<br />
turnover than facilities that have lower<br />
standards of care. The reason for the study<br />
was to test the association between RN job<br />
satisfaction, intent to leave, level of quality<br />
of care at the facility, and RN turnover rates.<br />
A sample of 626 observations was selected<br />
from 1,017 facilities after incorporating<br />
data from a 2003 survey of registered nurses<br />
in Texas nursing homes, Medicaid Cost<br />
Reports, the Texas Quality Reporting System<br />
(QRS), and the Area Resource File (ARF).<br />
Results showed that quality of care was a<br />
useful and significant predictor of an RN’s<br />
intention to leave; it also affects actual RN<br />
turnover rates. There was a negative relationship<br />
between the level of job satisfaction and<br />
empowerment, and the RN’s intent to leave<br />
the workplace in the next 9 to 12 months.<br />
Nonetheless, job satisfaction and empowerment<br />
were not significant predictors of<br />
intent to leave in the models that included<br />
three alternative measures of quality of care<br />
provided at the facility. Hence, facilities<br />
providing higher quality of care have lower<br />
recruitment and staffing costs that are related<br />
to RN turnover. 14<br />
Nursing home value-based purchasing<br />
demonstration<br />
Evidence shows that low staffing levels and<br />
high staff turnover compromise the quality<br />
of care of nursing home residents. Consequently,<br />
staffing and turnover are coming<br />
under scrutiny. In the summer of 2009,<br />
Centers for Medicare and Medicaid Services<br />
(CMS) began a three-year demonstration<br />
known as the Nursing Home Value-Based<br />
Purchasing (NHVBP) Demonstration.<br />
The NHVBP Demonstration is part of a<br />
CMS initiative to improve the quality and<br />
efficiency of care furnished to Medicare<br />
beneficiaries. Under NHVBP, CMS will<br />
offer financial incentives to nursing homes<br />
that meet certain conditions for providing<br />
high quality care. The demonstration<br />
includes freestanding and hospital-based<br />
facilities and beneficiaries who are on a Part<br />
A stay as well as those with Part B coverage<br />
only. The demonstration is budget neutral<br />
to Medicare because it is assumed that<br />
quality of care will improve, thus reducing<br />
potentially avoidable hospitalizations. 15<br />
The demonstration measures performance<br />
using nurse staffing, rates of potential avoidable<br />
hospitalizations, outcome on selected<br />
Minimum Data Set-based quality measures,<br />
and results from state surveys. The staffing<br />
measures comprise RN/DON hours per resident<br />
day; total LPN/RN/DON nursing hours<br />
per resident day; CNA hours per resident,<br />
and nursing staff (RN/LPN/CNA) turnover<br />
rate. Staffing measures will be adjusted for<br />
case mix differences. In addition, staffing<br />
measures will be calculated from payroll data<br />
submitted by nursing homes.<br />
Steps to control turnover<br />
Understanding the cost and issues surrounding<br />
employee turnover is the first<br />
step to developing a comprehensive retention<br />
plan. The Society of Human Resource<br />
Management 16 suggests the following steps to<br />
help control turnover:<br />
1. Set up a retention committee that<br />
includes members from all levels of the<br />
organization;<br />
2. Establish measurements and incentive<br />
programs to ensure focus on the issue;<br />
3. Redesign ineffective applicant testing,<br />
interviewing, and selection processes to<br />
prevent hiring people who are higher<br />
turnover risks;<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
4. Look carefully at the way employees are<br />
treated (e.g., respect, communication,<br />
work/life balance); and<br />
5. Evaluate opportunities for learning<br />
and growth (e.g., training, position,<br />
pay, benefits).<br />
Conclusion<br />
To meet the increased demand for skilled<br />
nursing care, more qualified skilled nursing<br />
facilities with lower employee turnover<br />
are needed. In this respect, high employee<br />
turnover rates in skilled nursing facilities have<br />
financial consequences for federal and state<br />
governments as well as health care providers.<br />
Turnover increases costs associated with<br />
recruitment and training as well as affecting<br />
quality of care and customer satisfaction.<br />
Furthermore, it can lead to inadequate staffing<br />
levels which results in decreased continuity<br />
of care. n<br />
1. U.S. Census Bureau Population Division: Interim State Population<br />
Projections. April 21, 2005. Available at http://www.census.gov/population/projections<br />
/PressTab4.xls<br />
2. Melnyk, A: Long-Term <strong>Care</strong> Insurance or Medicaid: Who Will Pay for<br />
Baby Boomers’ Long-Term <strong>Care</strong>? American Council of Life Insurers Research<br />
Findings 2005. Available at http://www.acli.com/NR/rdonlyres/<br />
FEB87D8A-9E2F-45B6-B08A-CBED882A66C6/0/LTCBabyBoomers05.pdf<br />
3. Centers for Medicare and Medicaid Services: Medicare: National<br />
<strong>Health</strong> Expenditure Data, 2008. Available at http://www.cms.hhs.gov/<br />
National<strong>Health</strong> ExpendData/25_NHE_Fact_Sheet.asp<br />
4. Center for <strong>Health</strong> Transformation: Making Medicaid work: A practical<br />
guide for transforming Medicaid. 2007. Available at http://www.shps.<br />
com /medicaid/book/SHPS_Making_Medicaid_Work.pdf<br />
5. University of California: An aging US population and the workforce:<br />
Factors affecting the need for geriatric care workers. 2006. Available at<br />
http://futurehealth.ucsf.edu/geria/062404-Geria%20Final.pdf<br />
6. American <strong>Health</strong> <strong>Care</strong> Association: Results of the 2002 AHCA Survey of<br />
Nursing Staff Vacancy and Turnover in Nursing Homes. February 12, 2003.<br />
7. My Daily Record: Nursing turnover impacts nursing homes.<br />
2005. Available at http://www.dunndailyrecord.com/main.<br />
asp?SectionID=1&SubSectionID =1&ArticleID=70686&TM=32281.77<br />
8. American <strong>Health</strong> <strong>Care</strong> Association: Report of Findings 2007 AHCA Survey<br />
Nursing Staff Vacancy and Turnover in Nursing Facilities. July 21, 2008.<br />
9. Castle, NG; Degenholtz, H; and Rosen, J: Determinants of staff job<br />
satisfaction of caregivers in two nursing homes in Pennsylvania. BMC<br />
<strong>Health</strong> Research, 2006.<br />
11. Seavey, D: The cost of frontline turnover in long-term care: Better jobs<br />
better care. 2004. Available at http://www.bjbc.org/content/docs/TO-<br />
CostReport.pdf<br />
12. Mascio, B: Staffing health and elder care industry, High turnover diminishes<br />
quality of life. 2007. Available at http://www.americanchronicle.<br />
com/articles/viewArticle.asp?articleID=23082<br />
13. Kash, B and Naufal, G: The impact of quality on intent to leave and<br />
actual Registered Nurse turnover in nursing homes. 2008, The Gerontologist,<br />
48, 738 at ProQuest Medical Library database. (Document<br />
ID: 1647961231).<br />
14. Long Term <strong>Care</strong> Community Coalition (LTCCC): Protecting current<br />
and future nursing home residents: Government action is needed to<br />
mandate minimum safe staffing levels. 2008. Available at http://www.<br />
nursinghome411.org/documents/nhstaffingbrief1.pdf<br />
15. Centers for Medicare and Medicaid Services. Demonstration Projects.<br />
Available at www.nhvbp.com<br />
16. Galbreath, R: Employee turnover hurts small and large company profitability.<br />
SHRM White Paper. 2000.<br />
41<br />
July 2010
July 2010<br />
42<br />
The ten compliance<br />
commandments<br />
for medical device<br />
manufacturers<br />
By Jennifer E. Williams<br />
Editor’s Note: Jennifer E. Williams is an attorney Obama administration has “zero tolerance” for<br />
with the law firm of Mintz, Levin, Cohn, Ferris, health care fraud and stated that fighting and<br />
Glovsky and Popeo, PC in Washington, DC. Ms. preventing fraud “is a personal priority of the<br />
Williams can be contacted by telephone at 202/585- President’s and a personal priority of mine.”<br />
3542 or by e-mail at jewilliams@mintz.com.<br />
In his address, Attorney General Eric Holder<br />
<strong>Health</strong> care fraud prevention, detection,<br />
and enforcement efforts have accomplishments, which included a record<br />
highlighted the Department of Justice’s 2009<br />
never been stronger. Several recent number of health care fraud defendants<br />
fraud-fighting initiatives—and the increasing charged (more than 800), more than 580<br />
resources dedicated to them—have raised the convictions, and civil health care fraud recoveries<br />
of $2.2 billion under the False Claims<br />
stakes for compliance officers, who are tasked<br />
with establishing and maintaining a culture Act. He then outlined a five-point strategy<br />
that promotes the prevention, detection, for continuing the fight against fraud that<br />
and resolution of unlawful or undesirable included:<br />
conduct. In the first quarter of 2010 alone, n strengthening the <strong>Health</strong> <strong>Care</strong> Fraud<br />
the Obama administration held a national Prevention and Enforcement Action Team<br />
summit addressing health care fraud and proposed<br />
that an unprecedented $1.7 billion be n supporting and expanding the Medicare<br />
(HEAT);<br />
allocated to the Department of <strong>Health</strong> and Fraud Strike Forces;<br />
Human Services (HHS) for fraud-fighting n continuing to push for funding for fraud<br />
activities in the fiscal year 2011 budget. prevention and enforcement efforts;<br />
And, of course, Congress passed comprehensive<br />
health care reform legislation that pursue legislative and regulatory reforms<br />
n working with Congress to identify and<br />
includes new and strengthened mechanisms to prevent, deter, and prosecute fraud; and<br />
for combating fraud, waste, and abuse in the n engaging the private sector in anti-fraud<br />
state and federal health care programs.<br />
efforts.<br />
The National Summit on <strong>Health</strong> <strong>Care</strong> Fraud, On February 1, President Obama unveiled<br />
held on January 28, 2010, marked the first the fiscal year 2011 budget. The $3.83 trillion<br />
time the public and private sectors have come budget, which dedicates an unprecedented<br />
together to share ideas on how to eliminate $1.7 billion to HHS for fraud-fighting activities,<br />
includes $561 million in <strong>Health</strong> <strong>Care</strong><br />
fraud and abuse in the nation’s health care<br />
system. In her opening address, HHS Fraud and Abuse Control Program discretionary<br />
funding (an increase of $250 million Secretary Kathleen Sebelius declared that the<br />
over<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
the FY 2010 enacted level) and $52 million<br />
in discretionary funding for the HHS Office<br />
of Inspector General (OIG) (an increase of<br />
$1.5 million over the FY 2010 enacted level).<br />
This $1.7 billion is expected to generate $9.9<br />
billion in savings from increased recoveries<br />
and prevention efforts.<br />
Finally, as most everyone knows by now, President<br />
Obama signed the Patient Protection<br />
and Affordable <strong>Care</strong> Act 1 (PPACA) on March<br />
23, 2010, and the <strong>Health</strong> <strong>Care</strong> and Education<br />
Affordability Reconciliation Act of 2010<br />
(HCEARA) 2 on March 30, 2010. These two<br />
Acts make it easier for enforcement authorities<br />
to prove health care fraud violations by,<br />
among other things, significantly expanding<br />
the reach of the Medicare and Medicaid<br />
Anti-kickback Statute (AKS) 3 and the civil<br />
False Claims Act (FCA). 4 They also advance<br />
the trend toward increased transparency by<br />
imposing various disclosure obligations on<br />
certain manufacturers, including medical<br />
device manufacturers. Importantly, PPACA<br />
also makes the establishment of a compliance<br />
program a condition of enrollment under the<br />
Medicare, Medicaid, and SCHIP programs.<br />
Of course, these new laws and initiatives<br />
supplement the already stepped-up enforcement<br />
efforts seen in 2009, including, among<br />
many others, the provision of an additional<br />
$48 million in funding to the HHS OIG by<br />
the American Recovery and Reinvestment<br />
Act of 2009, and the sweeping changes to the<br />
FCA enacted as part of the Fraud Enforcement<br />
and Recovery Act of 2009 (FERA). FERA significantly<br />
broadened liability under the FCA,<br />
made liability easier to prove, and strengthened<br />
protections for relators (a/k/a whistleblowers),<br />
who are eligible to receive between 15-30% of<br />
the government’s recovery. Many in the health<br />
care industry believe that FERA’s amendments<br />
to the FCA will lead to an increase in<br />
whistleblower suits, known as qui tam actions,
from which the vast majority of health carerelated<br />
FCA recoveries result. PPACA’s changes<br />
to the Anti-kickback Statute and FCA will also<br />
undoubtedly result in more qui tam actions<br />
and government-initiated investigations. The<br />
sanctions for violating the FCA are treble<br />
damages and mandatory penalties of between<br />
$5,500 and $11,000 per false claim filed. In<br />
addition, the HHS Secretary and OIG may<br />
exclude from the federal health care programs<br />
any person or entity who submits a false claim.<br />
Because the sanctions are so severe, many qui<br />
tam cases settle to avoid litigation risk.<br />
Medical device manufacturers have been a<br />
particular focus of fraud and abuse enforcement<br />
efforts and qui tam actions in recent<br />
years. One especially popular whistleblower<br />
strategy (to which medical device manufacturers<br />
have not been immune) has been to<br />
assert that violations of laws that prohibit<br />
inducements and other marketing misconduct,<br />
govern pricing and reimbursement, and<br />
relate to quality and transparency, “caused”<br />
the claims submitted to the government in<br />
connection with such violations to be “false”<br />
under the FCA. Quest Diagnostics Incorporated’s<br />
April 2009 settlement of an FCA case<br />
initiated by a qui tam relator followed this<br />
pattern. The relator and the United States<br />
alleged that Nichols Institute Diagnostics<br />
(NID), a Quest Diagnostics subsidiary,<br />
manufactured and sold in vitro diagnostic kits<br />
for testing parathyroid hormone levels that<br />
produced unreliable test results and that the<br />
unreliable results produced using these kits<br />
“caused” NID’s laboratory customers to file<br />
false claims. 5 Quest Diagnostics and NID<br />
expressly denied FCA liability, but settled the<br />
case to put the matter behind them.<br />
As part of that settlement—one of the largest<br />
ever involving a medical device manufacturer—Quest<br />
Diagnostics agreed to pay $262<br />
million to resolve the FCA allegations and<br />
entered into a Non-Prosecution Agreement<br />
with the United States Attorney’s Office for<br />
the Eastern District of New York. NID, which<br />
Quest Diagnostics voluntarily closed in April<br />
2006, pled guilty to a misbranding violation<br />
arising from certain performance claims about<br />
the kits at issue and paid a fine of $40 million.<br />
Quest Diagnostics also entered into a novel<br />
Corporate Integrity Agreement (CIA) that<br />
focuses on compliance with certain identified<br />
portions of the Food and Drug Administration’s<br />
Quality System Regulations (QSRs).<br />
The relator, who was the founder and owner<br />
of a competing California laboratory, received<br />
approximately $45 million.<br />
The renewed vigor with which both government<br />
agencies and individuals have begun<br />
to prosecute fraud leaves compliance officers<br />
with little room for error. <strong>Compliance</strong> officers<br />
should ensure not only that their companies<br />
have written policies and procedures<br />
in place, but also that those policies and<br />
procedures are understood by the companies’<br />
employees, reflect the companies’ practices,<br />
and are consistently enforced. Because<br />
several recent CIAs have required the chief<br />
compliance officer to report directly to the<br />
chief executive officer, 6 compliance officers<br />
should also ensure that their companies’<br />
reporting structures are appropriate to the<br />
companies’ size and that the companies’<br />
policies and procedures have been reviewed<br />
and understood by top management and the<br />
board of directors. Finally, compliance officers<br />
should review relevant compliance guidance,<br />
including the OIG <strong>Compliance</strong> Program<br />
Guidance for the Durable Medical Equipment,<br />
Prosthetics, Orthotics and Supply<br />
Industry, 7 and the AdvaMed Code of Ethics<br />
on Interactions with <strong>Health</strong> <strong>Care</strong> Professionals,<br />
and incorporate relevant provisions<br />
from these guidance documents into their<br />
compliance policies.<br />
Continued on page 44<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
False Claims<br />
Act Training<br />
Doesn’t Have<br />
To Be Hard<br />
A Supplement to Your<br />
Deficit Reduction Act<br />
<strong>Compliance</strong> Training<br />
Program offers a clear,<br />
concise review of the<br />
False Claims Act and<br />
its impact on federal<br />
health care programs.<br />
Bulk pricing available for<br />
HCCA members.<br />
To order, visit<br />
www.hcca-info.org,<br />
or call 888-580-8373.<br />
43<br />
July 2010
The ten compliance commandments for medical device manufacturers<br />
...continued from page 43<br />
The Ten “<strong>Compliance</strong> Commandments” listed below will assist the compliance<br />
officers of medical device manufacturers in their efforts to maximize<br />
compliance and minimize the likelihood of an FCA suit or government<br />
investigation.<br />
1. Thou shalt incorporate all seven elements identified by the OIG as<br />
“fundamental” into the compliance program.<br />
Every compliance program should be appropriately tailored to the company<br />
it is intended to govern and protect. However, no company is too small or<br />
close-knit to justify the absence of any of the seven elements the OIG has<br />
identified as “fundamental.” Those seven elements, which are based on the<br />
seven steps of the Federal Sentencing Guidelines, are:<br />
1. Developing and distributing written policies, procedures, and standards<br />
of conduct<br />
2. Designating a compliance officer and compliance committee<br />
3. Conducting regular, effective training and education<br />
4. Developing effective lines of communication between the compliance<br />
officer and all employees<br />
5. Enforcing standards through well-publicized disciplinary guidelines<br />
6. Conducting internal monitoring and auditing<br />
7. Responding promptly to detected offenses and developing corrective action<br />
2. Thou shalt not copy the AdvaMed Code of Ethics on Interactions with<br />
<strong>Health</strong> <strong>Care</strong> Professionals, paste it into an internal document, and identify<br />
that document as the company’s compliance program.<br />
As noted in <strong>Compliance</strong> Commandment 1, every compliance program should<br />
be appropriately tailored to reflect the individual needs and circumstances<br />
of the company to which it applies. The AdvaMed Code of Ethics is an<br />
excellent resource and sets forth informative policies and principles, but it<br />
is not intended to take the place of an individualized compliance program.<br />
<strong>Compliance</strong> officers who simply adopt the AdvaMed Code of Ethics, rather<br />
than developing an individualized compliance program, not only do their<br />
company a disservice by failing to consider their company’s individual compliance<br />
needs, but they also increase the risk that the compliance program will<br />
not reflect their company’s actual practices. This risk is particularly troubling<br />
because having a written compliance program that is not followed is viewed by<br />
many as worse than not having a written compliance program at all.<br />
July 2010<br />
44<br />
3. Thou shalt review the compliance program frequently and update it<br />
as necessary to reflect current practices and industry developments.<br />
Even the best, most appropriately tailored, compliance programs can become stale<br />
in a rapidly changing industry. An acquisition or merger, a new product line or<br />
other type of expansion, and new industry-specific laws or guidance all merit a<br />
fresh look at the compliance program. <strong>Compliance</strong> officers should also monitor<br />
and review OIG pronouncements, especially fraud alerts and other relevant<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org
developments, such as medical device settlement<br />
agreements and CIAs, and update policies and<br />
procedures accordingly.<br />
the company’s devices is accurate and<br />
objective.<br />
As medical technologies become increasingly<br />
complex, physicians and other providers and<br />
The allegedly improper payments included free<br />
boxes of disposable biosensors used with the<br />
device. NeuroMetrix agreed to pay a criminal<br />
fine of $1.2 million and civil damages and<br />
4. Thou shalt monitor thy company’s sales<br />
representatives and ensure that they are<br />
appropriately trained.<br />
Sales representatives, particularly those who<br />
work on commission, have one primary goal:<br />
to close the sale. Most sales representatives<br />
try to do so lawfully and honorably; however,<br />
financial pressures or greed may cloud the<br />
judgment of some. Others may not understand<br />
the prohibitions established by law,<br />
causing them to offer unlawful inducements<br />
or to market their products for uses beyond<br />
those approved or cleared by the FDA. To<br />
minimize these risks, compliance programs<br />
should ensure that sales representatives receive<br />
frequent training. Attendance at training sessions<br />
should be mandatory and documented<br />
in the company’s files. Many compliance<br />
officers find that including “quizzes” in the<br />
training sessions results in a higher level of<br />
trainee involvement and retention.<br />
suppliers look to medical device manufacturers<br />
for guidance on reimbursement. Providers<br />
and suppliers seeking reimbursement<br />
from the federal health care programs for a<br />
medical device must ensure that the device<br />
is both reasonable and necessary and billed<br />
using the correct code. Violations of the<br />
federal health care programs’ reasonable and<br />
necessary requirement and the prohibition on<br />
upcoding (i.e., using a code that one knows<br />
or should know will result in a payment that<br />
is greater than the payment associated with<br />
the appropriate code applicable to the item or<br />
service provided) are often alleged together in<br />
FCA suits. 8 Thus, the compliance program<br />
for any medical device manufacturer that<br />
provides guidance with respect to coding<br />
and reimbursement should include policies<br />
and procedures that ensure the accuracy and<br />
objectivity of such advice.<br />
6. Thou shalt proceed with caution when<br />
penalties of $2.5 million, change its business<br />
practices to prevent future kickbacks through<br />
marketing programs, and sign a CIA with the<br />
OIG to settle the allegations.<br />
To minimize the risk of claims such as those<br />
brought against NeuroMetrix, medical device<br />
manufacturers’ compliance programs should<br />
include policies addressing the provision of<br />
items of value to referral sources. Generally,<br />
the provision of items of value should be<br />
prohibited, with certain de minimis exceptions<br />
such as certain educational items and<br />
occasional, modest meals offered in conjunction<br />
with business presentations. When<br />
evaluating whether the provision of an item<br />
of value to a physician or other health care<br />
professional is appropriate, the manufacturer<br />
should examine whether it is providing the<br />
benefit with the intent to induce or reward<br />
referrals. If so, the item of value should not<br />
be provided, because it has the potential to<br />
Allegations of off-label marketing have resulted<br />
in some of the health care industry’s biggest<br />
fraud settlements, including the September<br />
2009 settlement in which Pfizer, Inc. agreed<br />
to pay $2.3 billion to settle allegations that<br />
it fraudulently marketed certain drugs. Sales<br />
representatives should, therefore, be fully<br />
informed of the uses for which the company’s<br />
products have been approved or cleared so<br />
that they may avoid promoting the products<br />
for unapproved or “off-label” uses. Finally,<br />
“red flags” such as a dramatic increase in the<br />
number or dollar amount of sales by a particular<br />
sales representative should be reviewed and,<br />
if necessary, addressed in accordance with the<br />
compliance plan’s disciplinary guidelines.<br />
offering anything for free or providing<br />
something of value to referrers, recommenders,<br />
arrangers, or purchasers.<br />
Medical device manufacturers can run afoul<br />
of the Anti-kickback Statute and other laws<br />
prohibiting inducements by giving something of<br />
value to physicians or other referral sources. The<br />
Anti-kickback Statute’s prohibitions apply to<br />
both the person offering or paying for the item<br />
of value and the person soliciting or receiving<br />
it, and potentially subject them to criminal<br />
penalties, civil monetary penalties, and exclusion<br />
from the Medicare and Medicaid programs. For<br />
example, in one recent case, the government<br />
alleged that device manufacturer NeuroMetrix,<br />
Inc. marketed its medical device through illegal<br />
referral programs pursuant to which it paid<br />
implicate the Anti-kickback Statute, unless<br />
it meets the terms of an applicable safe<br />
harbor. 9 Whenever possible, arrangements<br />
with referrers, recommenders, arrangers, and<br />
purchasers should be structured to fit within<br />
a safe harbor, because safe-harbored transactions<br />
and arrangements are not subject to<br />
prosecution under the Anti-kickback Statute<br />
and are unlikely to successfully be asserted as<br />
a predicate to an FCA action. A transaction<br />
or arrangement must satisfy each and every<br />
element of a safe harbor to be immunized.<br />
7. Thou shalt carefully structure and<br />
review all payments to providers.<br />
Payment arrangements with providers are<br />
sometimes desirable and may even be necessary.<br />
5. Thou shalt ensure that guidance physicians to recommend its device to their col-<br />
This is especially true in the medical<br />
provided on how to code and bill for leagues for use in federally-reimbursable studies.<br />
Continued on page 47<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
45<br />
July 2010
July 2010<br />
46<br />
HCCA would like to thank Our Corporate Members<br />
Baker & Daniels LLP<br />
Bass, Berry & Sims PLC<br />
BlickenWolf, LLC<br />
Broad and Cassel<br />
<strong>Compliance</strong> 360, Inc<br />
<strong>Compliance</strong> Concepts, Inc<br />
Epstein Becker & Green PC<br />
Foley & Lardner LLP<br />
Fresenius Medical <strong>Care</strong> NA<br />
Global <strong>Compliance</strong> Services<br />
Hayes Management Consulting<br />
HCA, Inc.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Strategies (HCCS)<br />
Holland and Hart LLP<br />
Huron Consulting Group<br />
Indiana <strong>Health</strong> Centers Inc<br />
KPMG LLP<br />
Liberty Medical<br />
Meade & Roach, LLP<br />
MediTract, Inc<br />
Miller, Canfield ,Paddock & Stone PLC<br />
PricewaterhouseCoopers<br />
Reimbursement Management Consultants, Inc<br />
Sidley Austin LLP<br />
Sinaiko <strong>Health</strong>care Consulting, Inc<br />
TMDG LLC<br />
TMF <strong>Health</strong> Quality Institute<br />
T-System , Inc<br />
VA Premier <strong>Health</strong> Plan Inc<br />
Wolters Kluwer Law & Business<br />
Zix Corporation<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org
The ten compliance commandments for medical device manufacturers ...continued from page 45<br />
device industry, where consulting services and<br />
royalty arrangements play vital roles. However,<br />
such payment arrangements may potentially<br />
implicate the Anti-kickback Statute and other<br />
laws that prohibit inducements. Furthermore,<br />
some states have enacted laws that require<br />
certain manufacturers, including medical<br />
device manufacturers, to disclose payments<br />
to physicians and other providers and are<br />
investigating and prosecuting manufacturers<br />
who fail to disclose such relationships. The<br />
PPACA continues the trend toward increased<br />
transparency by requiring medical device<br />
manufacturers to report annually to the HHS<br />
Secretary, beginning in 2013, certain information<br />
on payments and other transfers of value<br />
to physicians and teaching hospitals.<br />
Given the scrutiny surrounding payment<br />
arrangements with providers, compliance<br />
programs should set forth the parameters for<br />
entering into such arrangements and require<br />
legal review of any such arrangement prior to<br />
execution. Like the arrangements discussed<br />
in <strong>Compliance</strong> Commandment 6, payment<br />
arrangements with providers should be structured<br />
to fit within a safe harbor whenever<br />
possible. <strong>Compliance</strong> programs should also<br />
require the periodic review of consulting<br />
and advisory arrangements to ensure that<br />
the company continues to have a need for<br />
the services, the services are being provided,<br />
and compensation for the services is set at<br />
fair market value. Royalty arrangements with<br />
physicians or other health care professionals<br />
in a position to refer or prescribe devices,<br />
while not uncommon in the industry, may be<br />
particularly susceptible to abuse and therefore<br />
should be carefully considered, appropriately<br />
structured, and periodically reviewed.<br />
8. Thou shalt require legal review of all<br />
contracts.<br />
The health care regulatory environment is<br />
complex and constantly evolving. Many<br />
arrangements that are common and even<br />
encouraged in other industries, such as discounting,<br />
present legal and compliance hurdles<br />
to health care companies. Consequently,<br />
compliance programs should require that the<br />
company’s legal counsel review and approve<br />
all contracts that deviate from pre-approved<br />
templates or include pricing or other terms<br />
that depart from the norm. Uncommon or<br />
potentially suspect arrangements, such as consulting<br />
payments, should always be reviewed<br />
by legal counsel prior to execution. If possible,<br />
such agreements should be structured to meet<br />
an applicable safe harbor.<br />
9. Thou shalt ensure that an appropriate<br />
method has been implemented for capturing<br />
and reporting adverse events and noncompliance<br />
with QSR requirements.<br />
The failure to report adverse events can trigger<br />
a U.S. Department of Justice investigation<br />
and can serve as the underlying violation in a<br />
number of civil fraud enforcement actions. 10<br />
Serious violations can also lead to criminal<br />
prosecutions. Similarly, a device manufacturer’s<br />
failure to comply with QSR requirements<br />
can cause its products to become adulterated<br />
and subject it to liability. 11 Violations of<br />
these requirements could also potentially<br />
serve as predicate violations for FCA claims.<br />
<strong>Compliance</strong> programs should therefore<br />
include policies and procedures designed to<br />
capture and report adverse events and noncompliance<br />
with QSR requirements.<br />
10. Thou shalt take the complaints of<br />
employees and competitors seriously.<br />
Whistleblowers are often unhappy competitors<br />
or current or former employees whose<br />
complaints were dismissed or ignored by<br />
management. Most employees want to<br />
comply with the law, want their companies<br />
to comply with the law, and may become<br />
angry or resentful if they feel that their<br />
legitimate complaints have been dismissed<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
by management. Thus, one of the best ways<br />
a company can minimize its exposure to qui<br />
tam suits is to listen to its employees and<br />
address their concerns. Even if a company<br />
believes that an employee’s concerns are<br />
without merit, an explanation as to how the<br />
employee’s concern was handled, and why,<br />
may diffuse what otherwise might become a<br />
volatile situation. Often, such explanations are<br />
best handled verbally. Any written responses<br />
should be reviewed by the company’s legal<br />
counsel before they are sent to the employee.<br />
Complaints brought to the company’s attention<br />
by competitors, including complaints<br />
about allegedly unlawful marketing practices<br />
or inflated or inaccurate performance claims,<br />
should be reviewed and evaluated by the<br />
company’s legal counsel to determine what<br />
response, if any, is appropriate.<br />
Medical device manufacturers are unlikely<br />
to avoid the escalating enforcement of laws<br />
prohibiting fraud and abuse. However, a<br />
strong and functional compliance program<br />
that complies with the Ten <strong>Compliance</strong><br />
Commandments will reduce a company’s<br />
potential exposure to FCA suits and government<br />
investigations in this environment of<br />
increased enforcement. n<br />
The author would like to thank Hope Foster, who<br />
is a member of Mintz Levin’s <strong>Health</strong> Section, for<br />
her valuable contributions to this article.<br />
1 Pub. L. No. 111-148<br />
2 Pub. L. No. 111-152<br />
3 42 U.S.C. § 1320a-7b<br />
4 31 U.S.C. § 3729 et seq.<br />
5 United States ex rel. Cantor v. Quest Diagnostics Incorporated and Nichols<br />
Institute Diagnostics (EDNY). The author’s law firm, with others,<br />
represented Quest Diagnostics and NID in this matter.<br />
6 See, e.g., Pfizer Inc. 8/31/2009 Corporate Integrity Agreement, available<br />
at http://www.oig.hhs.gov/fraud/cia/cia_list.asp#p<br />
7 64 Fed. Reg. 36,368 (July 6, 1999).<br />
8 See, e.g., Complaint, United States ex rel. Bates and Patrick v. Kyphon,<br />
Inc. et al. (W.D.N.Y. 2005) (No. 05-CV-6568) (where two former<br />
employees alleged that Kyphon’s sales campaign to induce hospitals to<br />
admit patients for overnight hospital stays for a procedure involving<br />
Kyphon’s device caused the submission of false claims because the<br />
procedure could have been safely performed on an outpatient basis).<br />
9 The safe harbors can be found at 42 C.F.R. § 1001.952.<br />
10 21 C.F.R. § 803.3 (setting forth the FDA’s requirements for medical device<br />
manufacturers to report adverse events connected to their devices).<br />
11 21 U.S.C. § 360j(f)(1). The Qualty System Regulations requirements<br />
are set forth at 21 C.F.R. Part 820.<br />
47<br />
July 2010
A snapshot of<br />
training at the HCCA<br />
<strong>Compliance</strong> Academy<br />
By Sheryl Vacca, CCEP, <strong>CHC</strong>-F, CHRC<br />
July 2010<br />
48<br />
Editor’s note: Sheryl Vacca is Senior Vice President/Chief<br />
<strong>Compliance</strong> and Audit Officer at the<br />
University of California in Oakland, California,<br />
Past President of HCCA, and current<br />
HCCA Board Member and a member of the<br />
SCCE Advisory Board. She may be contacted<br />
via e-mail at sheryl.vacca@ucop.edu.<br />
HCCA Basic Academies are one of<br />
the best ways for new and experienced<br />
compliance professionals<br />
to come together to network, learn new<br />
knowledge, or reinforce current knowledge<br />
on the elements of effective compliance<br />
programs and related subject matter (e.g.,<br />
HIPAA, investigations, etc.) which we all<br />
generally apply in our compliance programs.<br />
Debbie Troklus, President of the <strong>Health</strong> <strong>Care</strong><br />
Certification Board (the certification arm of<br />
HCCA) and Dean of the HCCA Academies,<br />
feels that one of the most important elements<br />
of an effective compliance program is education<br />
and training, which she also teaches at<br />
the Academies.<br />
In this class, the adult education principles are<br />
discussed as well as curriculum and classroom<br />
design for the adult learner. “The four critical<br />
elements of learning are reinforcement, retention,<br />
transference, and motivation,” according<br />
to Debbie. Real-life examples of each of these<br />
are discussed and brought to practical application<br />
as Debbie teaches this class. Throughout<br />
the lecture, the learner is reminded to also<br />
consider and integrate into their education<br />
and training plan the cultural variables,<br />
desirable teaching characteristics, audiences,<br />
scheduling, and challenges, particularly when<br />
faced with training physicians. Additionally,<br />
general training components, such as content<br />
for a general audience, are also reviewed and<br />
discussed interactively with the class.<br />
Systems around tracking, certifications,<br />
and training approaches are also part of the<br />
education and training content. “Interactive,<br />
face-to-face training is one of the best<br />
approaches for learning,” says Debbie.<br />
Evaluation of the education and training<br />
program should<br />
also be done to help<br />
students identify their<br />
pre/post knowledge,<br />
the instructor´s effectiveness,<br />
and whether<br />
you have “obtained<br />
the desired results.”<br />
During the class, case<br />
examples (one of the<br />
best ways for learners<br />
to retain information)<br />
are used to apply the<br />
content presented in<br />
this class.<br />
One of the teaching elements that Debbie<br />
uses is to break the class into groups and ask<br />
them to develop a poster which markets a<br />
“theme” developed for their group’s compliance<br />
program. Poster materials such as<br />
pens, pencils, letters, numbers, markers, and<br />
poster board are all part of getting the class<br />
to participate in this exercise. It is amazing<br />
to see the energy and fun generated, first<br />
by challenging each other to be creative to<br />
Sheryl Vacca<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
develop the theme, and then by applying that<br />
theme to a colorful, creative rendition on<br />
their 11x18 poster board. Most people believe<br />
they don’t have any creative capabilities, but<br />
it is amazing to watch the transformation of<br />
these themes. Peer pressure really energizes<br />
the group, because they know the class will<br />
vote on the top three themes and everyone<br />
wants to win! You can see from the pictures<br />
below how engaged the participants were in<br />
completing this exercise.<br />
Debbie emphasizes that this activity is a great<br />
way to get your organization involved in the<br />
compliance program and to get them to “own”<br />
the theme that will permeate your branding<br />
and marketing of the compliance program.
Overall, the education and training class at an<br />
HCCA Academy is fun to participate in and<br />
has specific content to “educate” the participants<br />
on this topic. The class also engages in<br />
activities which students can immediately<br />
transfer to their own environments. Themes<br />
were developed that any one of us would bring<br />
back home to try out! It is amazing how our<br />
concrete, black-and-white words turn into<br />
colorful displays of themes and branding for an<br />
organization, and as one participant said, “You<br />
don’t have to be an artist to make it happen!”<br />
Bottom line....an HCCA Academy is filled<br />
with great ideas and FUN! n<br />
Tariq Abdullah<br />
Victoria Abril<br />
Niurka I. Adorno Gonzalez<br />
Darcy L. Alatalo<br />
Laura I. Asbury<br />
Pamela J. Bankowski-Petz<br />
Paula Jene Barton<br />
Nancye Loren Beard<br />
Regina A. Beck<br />
Cathy Blackstone<br />
Susan C. Blair<br />
Stuart R. Bless<br />
Larry L. Boyles<br />
Eileen Kelly Breslin<br />
Sandra C. Brown<br />
Renee Bullard<br />
Michelle Carpenter<br />
Alysha M. Cartman<br />
Sharmini Kandasamy Cassady<br />
Pamela S. Catlett<br />
Felicia Chao<br />
Brian P. Chew<br />
Kim Lynn Christensen<br />
Connie J. Cline<br />
Jo Ann M. Davis<br />
Grace De Vault<br />
Juan Deleon<br />
Lori Dempsey<br />
Nancy J. Digiacomo<br />
Mary Elizabeth Donnelly<br />
James T. Downes<br />
Catherine Dubinsky<br />
Leslie A. Duncan<br />
Don Dunlop<br />
Andrea L. Eklund<br />
Matthew E. Elder<br />
Rebekah Elkins<br />
Chris Finch<br />
Diane Ford<br />
Heathyr A. Ford<br />
Matt Frederiksen<br />
William D. Gallaway<br />
The CCB<br />
<strong>Compliance</strong><br />
Professional’s<br />
Certification<br />
The <strong>Compliance</strong> Certification Board (CCB) compliance<br />
certification examinations are available in all 50 states. Join<br />
your peers and demonstrate your compliance knowledge by<br />
becoming certified today.<br />
Congratulations!! The following individuals have recently successfully completed<br />
the <strong>CHC</strong> certification exam, earning their certification:<br />
Eileen Mary Gibbons<br />
Angelle Breaux Granier<br />
Janet R. Grant<br />
Faye E. Griffin<br />
William E. Griffin<br />
Laura T. Grover<br />
April S. Haag<br />
Cindy L. Hahn<br />
Marie A. Hall<br />
Kerri L. Hall<br />
Jeffrey A. Hayes<br />
Etta I. Henderson<br />
Kathleen A. Henehan<br />
Catherine L. Hicks<br />
Robyn M. Hoffmann<br />
Rhonda M. Hudson<br />
Angela Jacobs<br />
Aaron C. Jensen<br />
Frank S. Jensen<br />
Joya A. Jett<br />
Jennifer <strong>Johnson</strong><br />
Latonya B. <strong>Johnson</strong><br />
Tryone P. <strong>Johnson</strong><br />
Holly H. Kazan<br />
Paul Keoppel<br />
James R. Kirkland<br />
Hubert L. Koehn<br />
Katy H. Labauve<br />
Susan D. Lansdon<br />
Lisa Carolyn Lauffer<br />
Carolyn A. Launer<br />
Karen M. Lee<br />
Stacy D. Lentz<br />
Dana L. Lesley<br />
Kathleen P. Maine<br />
Vivian Marquez<br />
Marsha A. Martin<br />
Michelle Mayes<br />
Christopher L. Mcadam<br />
Debbie C. Meade<br />
Angela S. Miller<br />
Iris M. Monrouzeau<br />
Marie Moseley<br />
Victoria A. Murray<br />
Bonnie M. Nance<br />
Sarah Anne Neal-Fujimoto<br />
Rick W. Neeck<br />
Jayshree M Negandhi<br />
Mary A. Nester<br />
Cynthia G. Nicholas<br />
Jane A. Obert<br />
Marc O’Gwynn<br />
Charlie Oltman<br />
Ryan James Oster<br />
Laurie J. Pagnac<br />
Karen Lynn Parton<br />
Katherine E. Penchansky<br />
James A. Perkins<br />
Matthew C. Pezzulich<br />
Jonathan S. Quigley<br />
Marilyn Marie Rasmussen<br />
Debra Jo Ronaldo<br />
Mark P. Ruppert<br />
Dorothy A. Sample<br />
Eleace E. Sawyers<br />
Kristin C. Scarcella<br />
Kenneth H. Schell<br />
Donna A. Schneider<br />
Kathleen F. Schofield<br />
Nicholas A. Sciortino<br />
Eileen M. Scott<br />
Claire M. Seguin<br />
Robert D. Sevell<br />
Lauren Shellenberger<br />
Ria K. Story<br />
Timothy D. Sullivan<br />
Jason Tankel<br />
Dawn Trout<br />
Sheila Lyons Wallace<br />
Susan T. Wallis<br />
Alan L. Weldy<br />
Steven D. Westberg<br />
Shannon K. Wilks<br />
Debra L. Woods<br />
Congratulations!! The following individuals have recently successfully completed the<br />
CHRC certification exam, earning their certification:<br />
Pippa J. Amick<br />
Jane K. Bernheim<br />
Judith A. Blacklidge<br />
Margie I. Brackeen<br />
Jodie H. Brokowski<br />
Theresa F. Burke<br />
Kita D. Cathey<br />
Stacy-Ann Nicola Christian<br />
Sherry A. Conner<br />
Rhonda L. Dash<br />
Robert John Divito<br />
Brenda R. Flam<br />
Joanna R. Gerry<br />
Amanda G. Holloway<br />
Leigh O. Lamonica<br />
Angela M. Melillo<br />
Mikki R. O’Neal<br />
Denise A. Quint<br />
Barry Jay Rosen<br />
Michael J. Rugani<br />
Gerald E. Salamone<br />
Cindy K. Shifflett<br />
Sandra J. Stoflet<br />
Ryon C. Terry<br />
Emily Vandermolen<br />
Adele Vogel<br />
Elizabeth R. White<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
49<br />
July 2010
July 2010<br />
50<br />
New HCCA Members<br />
Alabama<br />
Illinois<br />
n Sheila Limmroth, DCH <strong>Health</strong> System<br />
n Shelly Carling<br />
n Paula Carney, Northwestern University<br />
Arizona<br />
n Amanda Fiedler, Deloitte<br />
n Michael Downs, Little Colorado Behavioral<br />
n Deborah Hoffmann<br />
<strong>Health</strong> Centers<br />
n Janice <strong>Johnson</strong>, Rush University<br />
n Bonnie Edelblute, Mohave Mental <strong>Health</strong> Clinic<br />
n Carmela Manarang, Rush University<br />
n Chris L. Meyers, Cobius <strong>Health</strong>care Solutions<br />
n Jessica I. Morales, Deloitte<br />
Arkansas<br />
n Susan Slimack, Alexian Brothers <strong>Health</strong> System<br />
n Adam Lentz, Wal-Mart Stores Inc.<br />
n Doug Weinberg, Cobius <strong>Health</strong>care Solutions<br />
n Sandy Priebe, Baxter Regional Medical Center n Amelia Wray, Rush University<br />
California<br />
n Patricia Ashley, <strong>Health</strong> Information Partners<br />
n Patricia Bilman<br />
n Dorothy E. Blakeman, Salinas Valley Memorial<br />
Hospital<br />
n Melissa Borrelli<br />
n Janice Dreyer, Fresno Heart & Surgical Hospital<br />
n Rebecca L. Elithorp, Kaiser Permanente<br />
n Suzanne M. Forrest, University of CA<br />
n Joanna Gerry, Amgen<br />
n Jan Huckins, VNA & Hospice of Southern CA<br />
n Christiane Leichter, University of CA<br />
n Claudia P. Lewis, University of CA<br />
n Virgie Lluvido-Gowin, Caritas Business<br />
n Jessie Masek<br />
n Cheryl Nikas, UCSD <strong>Health</strong> Sciences<br />
n Sheryl Pessah, <strong>Health</strong> Net, Inc.<br />
n Shara Reed, CARES<br />
n Richard Skaff, K & M Consulting Services<br />
n Rosemary Sova<br />
n Mary Stumpf, NuFactor<br />
n Michelle C. Walker, Advanced Bionics<br />
n Gay Ann Williams, <strong>Health</strong> Net Inc<br />
Colorado<br />
n Georgeanna Bady, VA <strong>Health</strong> Admin Center<br />
n Kat V. Foo, State of Colorado<br />
n Lori J. Shine, Shine <strong>Health</strong>care Adv Svc<br />
n Kim Woodruff, Pinnacle III<br />
Florida<br />
n Lilli-Ann Cifarelli, Sheridan <strong>Health</strong>corp<br />
n William Dillon, Messer, Caparello & Self, PA<br />
n Bruce Hoffman, Universal <strong>Health</strong> <strong>Care</strong><br />
n Steven King, CCS Medical<br />
n Lilia Santiago, Universal America<br />
n Scott Zinna, Wellcare <strong>Health</strong> Plans<br />
Georgia<br />
n Yvette Benjamin, Kaiser Permanente<br />
n Daniel Sturtevant, Anesthesia <strong>Health</strong>care<br />
Partners<br />
Idaho<br />
n JoAnn Hayward, Portneuf Medical Center<br />
Indiana<br />
n Tammy Chadd, MDwise, Inc.<br />
Kentucky<br />
n Stacey Moore, Saint Joseph <strong>Health</strong> System, Inc.<br />
Louisiana<br />
n Keith McRee, Vantage <strong>Health</strong> Plan, Inc.<br />
n Alisha McVay, Richland Parish Hospital<br />
n Kathy Pratt, Parish Management Consultants<br />
Maine<br />
n Diane Hills, Martin’s Point <strong>Health</strong> <strong>Care</strong><br />
n Bernice A. Mills, University of New England<br />
Massachusetts<br />
n Rosland Fisher McLeod, Biogen<br />
n Robin N. Seidman, Simione Consultants, LLC<br />
n Randi E. Wasik, Univ MA Medical School<br />
n Stephen Wojcik, South Shore Mental <strong>Health</strong><br />
Michigan<br />
n Tamie K. Case, Barry CMH<br />
n Pamela Dietz, Alpena Regional Medical Center<br />
n Kathleen P. Maine, MMPC/Spectrun <strong>Health</strong><br />
Med Group<br />
n Kelly L. Partin, Botsford <strong>Health</strong> <strong>Care</strong> Continuum<br />
n April Streeter, Brian Kaser, PLC<br />
n Fred Taccolini, Pioneer Surgical<br />
Minnesota<br />
n Marta E. Kramer, <strong>Health</strong>East <strong>Care</strong> System<br />
Mississippi<br />
n Dena Boggan, St Dominic Jackson-Memorial<br />
Hospital<br />
Montana<br />
n Dawn Halver, Billings Area Indian <strong>Health</strong> Srvs<br />
New Jersey<br />
n Vishal Gandhi, Digital Medical Billing Inc<br />
n George Latyszonek, <strong>Johnson</strong> & <strong>Johnson</strong><br />
n Shawn Reardon, Brajak Consulting, LLC<br />
New York<br />
n Carolyn Angrisani<br />
n Louis DiGiovanni, North Shore LIJ <strong>Health</strong> System<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
n Paulina Ganem, NYC Dept of <strong>Health</strong><br />
n Patricia M. Gonzalez, O’Connor Hospital<br />
n Lisa Heine, NYC Dept of <strong>Health</strong><br />
n Luis A Jusino, Jr., <strong>Health</strong> Quest<br />
n Elisabeth Morgulas, AHRC NYC<br />
n Feisal Nanji, Techumen<br />
n Colette Pean, BMS Family <strong>Health</strong> Center<br />
n Lauren Pete, St. Joseph’s College<br />
n Leo Priola<br />
n Dmitry Shapsis, NYC Dept of <strong>Health</strong><br />
n Daniel Splitgerber, Cornell Medical<br />
n Sharon J. Thompson, The Center for<br />
Developmental Disabilities<br />
n Veronica Volpe, NYC Dept of <strong>Health</strong><br />
North Carolina<br />
n Juliana Fisher<br />
n Undi N. Hoffler, North Carolina Central Univ<br />
n Jessica P. Phillips, The Carolina’s Center for<br />
Medical Excellence<br />
n Donna Rooney, Center for Legal Consulting<br />
Ohio<br />
n Aja M. Brooks<br />
n Sally Jones-McNamara, Holzer Consolidated<br />
<strong>Health</strong> System Inc<br />
n Browne Lewis, Cleveland Marshall College of<br />
Law<br />
n Nike Otuyelu, Universal American<br />
Oklahoma<br />
n Kristie Foster, Surgical Specialists of Oklahoma<br />
n Steve W. Walls, Hire Right<br />
Oregon<br />
n Suzanne Laisner, The Oregon Clinic<br />
n Annmarie P. Rainford, Family<strong>Care</strong>, Inc<br />
n <strong>Kimberly</strong> Shaw, Acumentra <strong>Health</strong><br />
Pennsylvania<br />
n Elizabeth Barnett, BSN, JD, WellPoint<br />
n Marianne Bechtle<br />
n Michael Ginsberg, Korn/Ferry International<br />
n Elaine S. Nace, Esq, National Medical Reviews Inc<br />
n Stacey Smith, Chester County OB/GYN<br />
n Pamela B. Watkins, Pocono <strong>Health</strong> System<br />
n Cynthia Zaber, Community <strong>Care</strong> Behavioral<br />
<strong>Health</strong><br />
South Carolina<br />
n Patricia McFadyen, Tenet-Conifer<br />
Tennessee<br />
n Kevin Adcock, Cumberland River Hospital<br />
n Yarcheka Burns, St. Thomas Physician Services<br />
n David T. Lewis, Husch Blackwell Sanders<br />
n Stephen Mills, Smith & Nephew
Clientfocused<br />
solutions<br />
• Revenue Recovery<br />
• Denials Management<br />
• <strong>Compliance</strong> Consulting<br />
• Operations Enhancement<br />
McBee Associates, Inc. has provided financial and operational consulting exclusively to the health care industry for<br />
over 35 years. Our customized solutions and unparalleled reputation for results ensures institutions receives top quality<br />
services with a commitment to compliance. With both contingency and fee-based engagements, McBee Associates’<br />
in-house experts provide proven, technology-driven consulting that will significantly transform your institution’s<br />
performance. That’s why our 3,500 clients choose us repeatedly over other firms. Call us today!<br />
Performance. Profitability. Partnership.<br />
800.767.6203 • McBeeAssociates.com<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
51<br />
July 2010
<strong>Compliance</strong> in the<br />
Post-Reform World<br />
An HCCA Workshop<br />
Baltimore, MD | November 2010<br />
The <strong>Health</strong> <strong>Care</strong> Reform law brought many changes for health care<br />
providers and their compliance professionals. In this intensive two-day<br />
workshop, participants will learn about <strong>Health</strong> <strong>Care</strong> Reform from a<br />
compliance perspective. Nationally prominent speakers and high-ranking<br />
government officials have been invited to provide the latest and most<br />
insightful information to attendees. They will cover topics such as:<br />
• The Economics of <strong>Health</strong> <strong>Care</strong> Reform<br />
• Dealing with the Future: New Service Lines and Arrangements<br />
• New and Expanded Fraud and Abuse Provisions<br />
• What to Expect from Payers<br />
• The Expanded Implications of Quality<br />
• Transparency and Data Reporting<br />
• Mandatory <strong>Compliance</strong> Programs<br />
• OIG Enforcement<br />
Partipants will receive tools that they can take back to their senior<br />
leaders and Boards to help communicate the implications of these issues<br />
from a compliance perspective.<br />
<strong>Compliance</strong> professionals, in-house counsel, senior leaders,<br />
risk managers, financial officers and revenue cycle personnel<br />
should plan to attend.<br />
MORE DETAILS COMING SOON: VISIT<br />
www.healthcarereformcompliance.org<br />
July 2010<br />
52<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org