JO - Health Care Compliance Association
JO - Health Care Compliance Association
JO - Health Care Compliance Association
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Volume Eight<br />
Number Nine<br />
September 2006<br />
Published Monthly<br />
Save the Date!<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
Meet Lea Cobb<br />
Director of <strong>Compliance</strong> and Policy, HIPAA Privacy Officer<br />
Erickson Retirement Communities<br />
September 2006
The <strong>Health</strong> <strong>Care</strong><br />
<strong>Compliance</strong> <strong>Association</strong><br />
has moved to its new<br />
headquarters, located<br />
at:<br />
6500 Barrie Road,<br />
Suite 250<br />
Minneapolis, MN 55435<br />
Our address has changed,<br />
our telephone<br />
and fax numbers remain<br />
the same:<br />
Toll-free phone:<br />
888/580-8373<br />
Local phone:<br />
952/988-0141<br />
Fax:<br />
952/988-0146<br />
And you can always<br />
reach us via e-mail at<br />
info@hcca-info.org<br />
or on our Web site at<br />
www.hcca-info.org<br />
<strong>Health</strong> <strong>Care</strong><br />
Auditing &<br />
Monitoring<br />
Tools<br />
Buy Now and<br />
Receive One<br />
Year of Updates<br />
Free!<br />
The <strong>Health</strong> <strong>Care</strong> Auditing & Monitoring<br />
Tools manual is a compilation of<br />
excellent resources donated by HCCA<br />
members to help others with their<br />
compliance programs. This valuable<br />
resource assists health care compliance<br />
professionals who want to save time and<br />
money by offering examples of what<br />
their colleagues are doing to address<br />
similar auditing and monitoring issues.<br />
Just as auditing and monitoring are<br />
ongoing activities, this manual is an<br />
evolving resource that will be updated<br />
twice a year to reflect new regulations<br />
and additional compliance concerns.<br />
Subscribers to updates will receive more<br />
auditing and monitoring tools, policies,<br />
and advice.<br />
The original purchase of <strong>Health</strong> <strong>Care</strong> Auditing &<br />
Monitoring Tools is $395, which includes the first two<br />
updates free. Afterwards, HCCA members can subscribe<br />
to annual updates for $195.<br />
6500 Barrie Road, Suite 250<br />
Minneapolis, MN 55435<br />
Phone 888-580-8373<br />
FAX 952-988-0146<br />
September 2006<br />
<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
ASK<br />
John asks the leadership<br />
your questions<br />
Editors note: John Falcetano is<br />
Chief Audit/<strong>Compliance</strong> Officer for<br />
University <strong>Health</strong> Systems of Eastern<br />
Carolina and a long-time member of<br />
HCCA. This column has been created<br />
to give members the opportunity to submit their questions by e-mail<br />
to Jfalcetano@cox.net and have John contact members of HCCA<br />
leadership for their response.<br />
L E A D E R S H I P<br />
John Falcetano<br />
Is it okay for a health care facility to leave a message for a patient<br />
on the answering machine at their home or with a family member to<br />
remind them of an appointment, or would that be a violation of HIPAA?<br />
The Answer was provided by Marti Arvin, JD, CHC, CIPP/G CPC<br />
Privacy Officer, University of Louisville:<br />
As a general rule, calling a patient to leave an appointment reminder is<br />
not a violation of HIPAA. An appointment reminder can be left on an<br />
answering machine, with a family member, or with another person who<br />
answers the phone. When these types of calls are made, the concept of<br />
minimum necessary should always be kept in mind. The Office of Civil<br />
Rights addressed this issue in its Frequently Asked Questions which<br />
can be found at http://www.hhs.gov/ocr/hipaa/. The FAQ answer #198<br />
indicated that “... a covered entity might want to consider leaving only<br />
its name and number and other information necessary to confirm an<br />
appointment, or ask the individual to call back.”<br />
HIPAA does require the covered entity to put the patient on notice that<br />
protected health information might be disclosed for this purpose. See<br />
45 CFR 164.520(b)(1)(iii)(A). This means the covered entity’s notice<br />
of privacy practices must specifically state this as a potential disclosure.<br />
It would be a HIPAA violation to leave this type of message on the<br />
patient’s answering machine if the covered entity’s notice of privacy<br />
practices did not specifically address this situation.<br />
Finally, if a patient has made a reasonable request for a confidential<br />
communication, a message may not be left on the individual’s answering<br />
machine if this would violate the confidential communication<br />
request. For example, if the patient has asked that all communications<br />
be done through a cell phone number, then leaving a message on the<br />
home answering machine would be a violation of the confidential communication<br />
request. See 45 CFR 164.522(b). n<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong><br />
2006 Conferences (by state):<br />
San Francisco, CA<br />
■ Physician Practice <strong>Compliance</strong><br />
Conference<br />
October 1-3<br />
Orlando, FL<br />
■ Audit & <strong>Compliance</strong> Committee<br />
Academy<br />
September 20-22<br />
■ <strong>Compliance</strong> Academy<br />
November 6-9<br />
Honolulu, HI<br />
■ Hawaii Area Meeting<br />
October 19-20<br />
Chicago, IL<br />
■ North Central Area Meeting<br />
October 6<br />
Louisville, KY<br />
■ Tri-State Area <strong>Compliance</strong><br />
Conference<br />
November 3<br />
Baltimore, MD<br />
■ Medicare Part D<br />
September 10-12<br />
ON<br />
■ Fraud & <strong>Compliance</strong> Forum<br />
September 25-27<br />
Boston, MA<br />
■ New England Area Meeting<br />
September 8<br />
Minneapolis, MN<br />
■ Upper Midwest Area Meeting<br />
September 15<br />
T H E<br />
C A L E N D A R<br />
Las Vegas, NV<br />
■ 3rd Annual Research Conference<br />
September 17-19<br />
■ Advanced Academy<br />
October 23-26<br />
Pittsburgh, PA<br />
■ Mid Atlantic Area Meeting<br />
September 29<br />
Nashville, TN<br />
■ South Central Area Meeting<br />
November 10<br />
2007<br />
Chicago, IL<br />
■ <strong>Compliance</strong> Institute<br />
April 22-25<br />
■ National Corporate<br />
<strong>Compliance</strong> Week<br />
May 20-26<br />
INSIDE<br />
3 Ask leadership<br />
4 HIPAA compliance recipe<br />
5 Go local<br />
10 Corporate Integrity<br />
Agreement<br />
14 Meet Lea Cobb<br />
18 President & CEO letter<br />
20 Medical marketing<br />
compliance <br />
22 FYI<br />
24 New Medicare enrollment<br />
regulations<br />
32 Using mental health<br />
records for research<br />
36 <strong>Compliance</strong> investigations<br />
44 New members<br />
888-580-8373 • www.hcca-info.org<br />
September 2006
By Kathleen Street, JD, LLM<br />
Editor’s note: Kathleen Street is Director Perform a HIPAA walk-through audit—<br />
of Corporate <strong>Compliance</strong> and HIPAA First, poll your staff for areas of HIPAA risk,<br />
Privacy at Children’s <strong>Health</strong> System and then review the HIPAA Privacy and<br />
in Birmingham Alabama. She may be Security Rules (which can be found at U.S.<br />
reached by telephone at 205/939-5959. Department of <strong>Health</strong> and Human Services<br />
Administrative Simplification Web site<br />
From a HIPAA standpoint, health http://aspe.hhs.gov/admnsimp/ ) in light of<br />
care compliance professionals have those risk areas.<br />
similar items in their covered entity’s<br />
compliance cupboard: (1) auditing and monitoring<br />
privacy and security compliance, and (2) other organizations. There are helpful HIPAA<br />
Next, study the main HIPAA issues affecting<br />
implementing a workable plan to comply with Web site reference links and community<br />
HIPAA’s National Provider Identifier (NPI) Rule. discussion groups, which address areas for<br />
privacy and security controls. These Web<br />
This discussion will offer a few simple ingredients<br />
to use in your organization’s HIPAA <strong>Association</strong> (http://www.hcca-info.org) and<br />
sites include the <strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong><br />
compliance strategy to keep these HIPAA the Southern <strong>Health</strong>care Administrative<br />
issues from growing stale.<br />
Regional Process Workgroup (http://www.<br />
sharpworkgroup.com).<br />
Auditing and monitoring privacy and<br />
security compliance<br />
Additionally, you can also review the HIPAA<br />
Naturally, there is a significant difference audit plans academically available on consulting<br />
group Web sites, such as Audit Net<br />
between privacy and security. Privacy is the right<br />
of individuals to keep their individual health (http://www.auditnet.org), the Phoenix<br />
information from being disclosed, and security <strong>Health</strong> System HIPAA advisory site (http://<br />
is the mechanism in place in protect the privacy www.hipaadvisory.com), or the HIPAA 101<br />
of that health information. The Privacy Rule sets site (http://www.hipaa-101.com).<br />
the standards of how protected health information<br />
(PHI) should be controlled by covered entities.<br />
The Security Rule sets the standards which fingertips, you can develop a HIPAA walk-<br />
With all these valuable resources at your<br />
require covered entities to implement reasonable through audit to serve as a checklist for the<br />
safeguards to protect the confidentiality, integrity, main HIPAA issues at your organization.<br />
and availability of Electronic Protected <strong>Health</strong> Whether it is ensuring PHI is shredded when<br />
Information (EPHI). In sum, security is a basic obsolete, or that computers are logged out<br />
food group in the privacy compliance pyramid. after each use, in no time flat you will have a<br />
useful HIPAA auditing tool.<br />
As a practical matter, privacy and security<br />
areas can be combined for auditing and monitoring<br />
purposes to yield the most effective audits—Your organization will likely have<br />
Utilize feedback from other departmental<br />
compliance results for your organization: audit or review results from other departments<br />
which can be beneficial in your<br />
privacy and security monitoring. Check<br />
with your Performance Improvement, Joint<br />
Commission on Accreditation of <strong>Health</strong>care<br />
Organizations (JCAHO), Risk Management,<br />
Internal Audit, Information Technology, and/<br />
or Medical Information Services departments<br />
for any audit or review findings or observations.<br />
And, be sure to include representation<br />
from these areas when you perform your own<br />
HIPAA walk-throughs to add depth to your<br />
analysis. Be comfortable with the standards<br />
of these areas and how they can add variety<br />
to your compliance auditing and monitoring.<br />
For instance, JCAHO Standard RI.2.20<br />
addresses a patient’s right to privacy and<br />
states that the patient has the right to<br />
access his or her own health information<br />
and request changes to this information.<br />
The patient also has the right to receive<br />
information regarding who has been given<br />
his or her information. JCAHO Standard<br />
RI.2.1.30 requires hospitals to respect the<br />
needs of patients for confidentiality, privacy,<br />
and security. In addition, Standard IM 2.20<br />
requires that information security, including<br />
data integrity, is maintained. See Joint<br />
Commission Resource’s 2005 Hospital<br />
Accreditation Standards (HAS).<br />
Monitor your HIPAA walk-through<br />
audit—Periodically review your HIPAA<br />
Privacy and Security auditing with your<br />
organization’s employees. Set the “tone at<br />
the top,” by sharing key monitoring results<br />
within the top levels of your organization to<br />
flavor the HIPAA planning.<br />
Provide HIPAA educational materials and<br />
tools—Shop for new HIPAA educational<br />
materials and tools to match your organization’s<br />
HIPAA compliance interests. Ask your<br />
organization’s supervisors and management<br />
what’s on their HIPAA compliance “wish<br />
lists” for use at their staff meetings. Refer to<br />
September 2006<br />
<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
the <strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> as<br />
well as other resources that you find helpful.<br />
Do not forget the value of your nurse educators<br />
in the training process, and the needs<br />
they are voicing for HIPAA education. Get<br />
involved with nursing departmental meetings,<br />
whether it be presenting at a nurse leadership<br />
meeting, providing a departmentallevel<br />
in-service, purchasing and distributing<br />
pamphlets of interest, or inventing your own<br />
training tools, such as flyers, posters, videos,<br />
games, or quizzes.<br />
Promote a HIPAA awareness day—<br />
No matter what date your privacy and security<br />
auditing and monitoring strategy was<br />
implemented, a HIPAA Awareness Day will<br />
never expire. Explore the possibilities of the<br />
day, and how you can best tailor it for your<br />
organization. Some ideas include:<br />
n Invite a special HIPAA speaker,<br />
n Distribute a HIPAA privacy or security<br />
quiz for all -employees with a chance to<br />
win prizes,<br />
n Recognize the year’s HIPAA high-achievers,<br />
featuring a press release on your<br />
organizational Web site, or ask your<br />
HIPAA team members to designate one<br />
of their employees to perform HIPAA<br />
walk-throughs and provide a small token<br />
of appreciation.<br />
The <strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong><br />
and other organizations, such as the<br />
American <strong>Health</strong> Information Management<br />
<strong>Association</strong>, have information to help you<br />
promote and celebrate your HIPAA Privacy<br />
and Security Program.<br />
Implementing a national provider identifier plan<br />
The HIPAA National Provider Identifier<br />
(NPI) Rule establishes health care providers<br />
and organizations, as covered entities,<br />
will have a unique 10-digit numeric identifier<br />
which will be a permanent identifier to<br />
replace all other provider identifiers previously<br />
used by the health care providers (i.e., Unique<br />
Physician Identification Number (UPIN),<br />
Medicare/Medicaid numbers). The objective<br />
is to establish a national standard and<br />
unique identifier for all health care providers<br />
and simplify the administration of the health<br />
care system, while encouraging the electronic<br />
transmission of health care information.<br />
The Centers for Medicaid and Medicare<br />
Services Web site (http://www.cms.hhs.<br />
gov/NationalProvIdentStand/) contains critical<br />
information on the NPI Rule and how<br />
to obtain an NPI through the National Plan<br />
and Provider Enumeration System. There<br />
are also helpful white papers on NPI topics<br />
on the Workgroup for Electronic Data<br />
Interchange Web site (http://www.wedi.org).<br />
As your organization’s NPI planning becomes<br />
more firm, consider these tips while going<br />
through the process:<br />
n Form a HIPAA NPI team. The HIPAA<br />
NPI rule is a regulation whose make-up<br />
calls for a committee-based approach,<br />
just like HIPAA privacy and HIPAA<br />
security. Your organization should assign a<br />
leader for this committee, likely a finance<br />
representative, because of NPI’s operational<br />
impact. As the NPI team assembles,<br />
it should include representation from<br />
Finance, Billing Office, Corporate <strong>Compliance</strong>,<br />
Information Technology, Medical<br />
Information Services, Corporate Communications,<br />
Medical Staff Services, and<br />
any of your organization’s off-site practice<br />
locations in order to evaluate the business<br />
and system process.<br />
n Develop NPI strategy and formulate<br />
timeline. To ensure compliance objectives<br />
are met as your organization develops and<br />
implements its NPI strategy, the following<br />
dates must be factored into the planning<br />
process. First, as of May 23, 2005, health<br />
care providers can apply for an NPI.<br />
Second, by May 23, 2007 all health care<br />
providers who utilize HIPAA standard<br />
electronic transactions must have a NPI to<br />
identify themselves. Additionally, applying<br />
for a NPI does not replace any enrollment<br />
or credentialing process with any health<br />
plan, including Medicare.<br />
n Develop a strategic NPI communication<br />
plan. Assist with setting forth an NPI<br />
Readiness Statement for your organization<br />
and obtain compliance assurances from<br />
your billing office, medical staff, information<br />
technology vendors, and health plans.<br />
Your organization should coordinate with<br />
its health plans on when it can submit its<br />
NPI on standard electronic transactions.<br />
This could occur prior to the May 23,<br />
2007 compliance date as part of a transition<br />
period. This transition period can<br />
serve as a testing function to ensure that<br />
your organization’s transactions will not be<br />
adversely impacted.<br />
In the end, if you include all these ingredients<br />
in your compliance cupboard, you will<br />
have a recipe for compliance success as you<br />
develop your HIPAA <strong>Compliance</strong> Program<br />
for 2006. n<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
September 2006
HCCA’S New England Conference , September 8, 2006, Hilton Boston<br />
North, Woburn, MA (Boston)<br />
This year’s New England Local Annual Conference on September 8,<br />
2006 will explore a number of “Hot Issues” including:<br />
n Voluntary disclosures and repayments<br />
n Internal inquiries and investigations<br />
n CMS Program Integrity<br />
n HCCA Update, Hot Topics, and Current Events<br />
n Corporate governance, measuring compliance effectiveness, and<br />
creating an ethical culture<br />
n The relationship among the compliance department, the law<br />
department, and outside counsel<br />
The conference features regional regulatory and enforcement representatives:<br />
n Jim Bryant, Associate Regional Administrator, Division of Financial<br />
Management, US. Department of <strong>Health</strong> & Human Service, CMS<br />
Region 1<br />
n Luis Matos, Chief Civil Division, Assistant U.S. Attorney, Rhode Island<br />
And includes an expert faculty:<br />
n Rick King, CHC, Program Co-Chair, Privacy & Security Officer,<br />
Fresenius Medical <strong>Care</strong> North America<br />
n Frank Byrne, <strong>Compliance</strong> Officer, Southcoast <strong>Health</strong> System<br />
n Eileen McCarthy, <strong>Compliance</strong> Officer, Partners <strong>Health</strong>care System, Inc.<br />
n Stephen Morreale, Principal, <strong>Compliance</strong> & Risk Dynamics, HHS-<br />
ICG Assistant Special Agent in Charge (Ret.)<br />
n Karen Murphy, Associate General Counsel and <strong>Compliance</strong> Officer,<br />
Boston Medical Center<br />
n Charles Normand, Normand Law LTD<br />
n Elizabeth O’Keefe, Assistant General Counsel, Fresenius Medical<br />
<strong>Care</strong> North America<br />
n Jordan Perlin, Manager, Business Ethics and Conduct, Becton,<br />
Dickinson and Company<br />
n Roy Snell, CEO, HCCA<br />
n Marty Taylor, VP, Organizational Services, Institute for Global Ethics<br />
n Lawrence Vernaglia, Program Co-Chair, Partner, <strong>Health</strong> Law Practice<br />
Group, Hinckley, Allen & Snyder, LLP<br />
GO LOCAL<br />
Inexpensive Local<br />
Education and<br />
Networking Events<br />
Continued on page <br />
<strong>Compliance</strong> 101:<br />
The Second Edition<br />
Is Here!<br />
The new edition of this essential guide to<br />
health care compliance is now available<br />
Author Debbie Troklus has<br />
revised and updated<br />
<strong>Compliance</strong> 101 to reflect<br />
recent developments in<br />
compliance.<br />
The second<br />
edition includes:<br />
• Up-to-date compliance information<br />
• A brand-new chapter dedicated to HIPAA<br />
regulations<br />
• An expanded glossary with additional new<br />
terms and definitions<br />
• Expanded appendixes, including a<br />
selection of additional new and userfriendly<br />
sample documents<br />
If you’re planning to become Certified in<br />
<strong>Health</strong>care <strong>Compliance</strong>, <strong>Compliance</strong> 101 is an<br />
invaluable study aid for the CHC examination.<br />
Debbie Troklus<br />
Greg Warner<br />
To order, visit the HCCA Web site at<br />
www.hcca-info.org.<br />
September 2006<br />
<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
September 2006
Go Local ...continued from page <br />
n Michelle Wolf, Office of the General<br />
Counsel, Partners <strong>Health</strong>care System, Inc.<br />
Program sponsors: Fresenius, HCCS,<br />
MediRegs, MediTract<br />
Co-Sponsors: Atlantic Information Services’<br />
AIS’s Report on Patient Privacy, Guide to<br />
Audit <strong>Health</strong> <strong>Care</strong> Billing Practices, Report<br />
on Medicare <strong>Compliance</strong>, and HIPAA<br />
Guide on Patient Privacy; and HCPro’s<br />
<strong>Health</strong> <strong>Care</strong> Auditing Strategies and Strategies<br />
for <strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong><br />
Continuing Education Credit: ACHE,<br />
HCCB (6.6 Credits), NASBA-CPE, AAPC n<br />
Upper Midwest Local Conference,<br />
September 15, 2006, Sheraton Bloomington,<br />
Minneapolis, MN<br />
Hot issues to be addressed:<br />
n QIO: The Intersection between Quality<br />
and <strong>Compliance</strong><br />
n Enforcement Trends in <strong>Health</strong><strong>Care</strong><br />
n Self Disclosure/Overpayments<br />
n The Wave of Change in Government<br />
Enforcement: The DRA and Beyond<br />
n Case Study;: Working Collaboratively<br />
within an Organization to Identify, Investigate,<br />
Analyze, Audit, and Respond to a<br />
Complex Billing Issue<br />
n Electronic Medical Record<br />
Expert faculty includes:<br />
n Julene Brown, CHC, Billing <strong>Compliance</strong><br />
Manager, Merit<strong>Care</strong> <strong>Health</strong> System,<br />
Fargo, ND<br />
n Shawn DeGroot, CHC, VP, Corporate <strong>Compliance</strong>,<br />
Regional <strong>Health</strong>, Rapid City, SD<br />
n Mary Jo Flynn, VP Audit Services (Interim),<br />
Allina Hospitals & Clinics<br />
n Keith Halleland, Program Chair, Shareholder,<br />
Halleland Lewis Niland &<br />
Johnson, PA<br />
n Betsy Jeppesen, Vice President of Program<br />
Integrity, Stratis <strong>Health</strong><br />
n Jane McGrath, Program Integrity Analyst,<br />
Stratis <strong>Health</strong><br />
n Ron McKinnon, Security Officer, St.<br />
Mary’s/Duluth Clinic <strong>Health</strong> System<br />
n Kelley Nueske, Director, Regulatory and<br />
Risk Excellian Project, Allina Hospitals<br />
and Clinics<br />
n Jenny O’Brien, <strong>Compliance</strong> Officer-VP<br />
<strong>Compliance</strong> and Regulatory Affairs, Allina<br />
Hospitals and Clinics<br />
n Jerry Wilhelm, Assistant United States Attorney,<br />
District of Minnesota<br />
Program Sponsors: Halleland Lewis Nilan<br />
& Johnson, HCCS, MediRegs, MediTract<br />
Co-Sponsors: Atlantic Information Services’<br />
AIS’s Report on Patient Privacy, Guide to<br />
Audit <strong>Health</strong> <strong>Care</strong> Billing Practices, Report<br />
on Medicare <strong>Compliance</strong>, and HIPAA<br />
Guide on Patient Privacy; and HCPro’s<br />
<strong>Health</strong> <strong>Care</strong> Auditing Strategies and Strategies<br />
for <strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong><br />
Continuing Education Credit: ACHE,<br />
HCCB (7.2 Credits), NASBA-CPE, AAPC,<br />
MCLE (MN) n<br />
Northeast Local Conference, September<br />
29, 2006, Hospital Council of Western<br />
Pennsylvania Conference Center,<br />
Warrendale, PA (Pittsburg)<br />
Hot issues to be addressed:<br />
n Perspectives and Insights from the U.S.<br />
Department of Justice<br />
n Pennsylvania’s Response to the Deficit<br />
Reduction Act<br />
n OIG’s Open Letter to <strong>Health</strong> <strong>Care</strong> Providers:<br />
Still the Best Open Door for Your<br />
Organization?<br />
n The Future of <strong>Compliance</strong> Investigations:<br />
Spider Analysis of DR Reimbursed<br />
Inpatient Claims<br />
n Report on a New CMS IT Initiative to<br />
Improve Doctor’s Office Quality – Including<br />
Its Implications for <strong>Compliance</strong> and<br />
Emerging Public <strong>Health</strong> Threats<br />
n <strong>Compliance</strong> Challenges: A Panel Discussion<br />
Expert faculty Includes:<br />
n Eric Balm, Attorney, Sonnenschein Nath<br />
& Rosenthal LLP<br />
n John Beattie, Principal, Director of <strong>Health</strong>care<br />
Operational and <strong>Compliance</strong> Services,<br />
Parent Randolph, LLC<br />
n Norris Benns, Director, Bureau of Program<br />
Integrity, PA Dept. of Public Welfare<br />
n Deborah Hinton, <strong>Health</strong>care Consultant,<br />
Parente Randolph<br />
n Daniel Jones, Chief Operation Officer,<br />
Quality Insights of Pennsylvania, The<br />
Medicare Quality Im Darice McNelis,<br />
Buchanon Ingersoll & Rooney provement<br />
Organization of PA<br />
n Keith Robbins, Trial Attorney, U.S. Department<br />
of Justice, Washington DC<br />
Program sponsors: MediRegs and Parente<br />
Randolph<br />
Co-Sponsors: Atlantic Information Services’<br />
AIS’s Report on Patient Privacy, Guide to<br />
Audit <strong>Health</strong> <strong>Care</strong> Billing Practices, Report<br />
on Medicare <strong>Compliance</strong>, and HIPAA<br />
Guide on Patient Privacy; and HCPro’s<br />
<strong>Health</strong> <strong>Care</strong> Auditing Strategies and Strategies<br />
for <strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong><br />
Continuing Education Credit: ACHE,<br />
HCCB (7.2 Credits), NASBA-CPE, AAPC,<br />
MCLE (PA) n<br />
This is a new monthly feature added to<br />
<strong>Compliance</strong> Today. If you have any questions<br />
about any of the programs or would like<br />
to participate in planning future programs,<br />
please contact Beckie Smith at 888/580-8373<br />
or by e-mail at beckie.smith@hcca-info.org<br />
or info@hcca-info.org. n<br />
September 2006<br />
<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
September 2006
Editor’s note: Mike Walker, PhD, MA,<br />
MS, CHC is Chief Audit and <strong>Compliance</strong><br />
Officer for the University of Connecticut<br />
and University of Connecticut <strong>Health</strong><br />
Center. He may be reached by telephone at<br />
860/486-0031.<br />
What is a CIA? Two fruits growing from the<br />
same tree<br />
Federal agencies, such as the <strong>Health</strong> and<br />
Human Services Office of Inspector General<br />
(OIG), negotiate compliance obligations with<br />
organizations or individuals as a result of an<br />
investigation. The OIG has exclusion authority<br />
based on 42 U.S.C 1320a-7(b) (7). What<br />
this means is the OIG has the authority to<br />
exclude the organization or individual from<br />
doing business with the federal government,<br />
thus the organization or individual loses all<br />
revenue from any federal program. This substantial<br />
“stick” provides a strong motivation<br />
for an organization to settle the allegations<br />
with the investigating agencies such as the<br />
Department of Justice (DOJ), U.S. Attorney,<br />
OIG, etc.<br />
The agreement, commonly called a Corporate<br />
Integrity Agreement (CIA), generally takes<br />
two forms: one is the actual “Settlement<br />
Agreement,” specifying the dollar amount<br />
and the other is the “<strong>Compliance</strong> Agreement,”<br />
which details the specifics relative to<br />
establishing a compliance program, auditing,<br />
annual reporting, etc. While certainly costly<br />
and significant, the former only hurts when<br />
writing the settlement check, but with the<br />
latter, pains of implementation are felt over<br />
multiple years. The overarching intent of the<br />
CIA is to bring the organization or individual<br />
By: Mike Walker, Ph.D., MA, MS, CHC<br />
into compliance with the applicable laws,<br />
regulations, etc.<br />
The OIG uses the CIA (a.k.a., Institutional<br />
Integrity Agreement) extensively in addressing<br />
allegations of health care fraud, particularly<br />
in cases involving Medicare and Medicaid<br />
dollars. As of this writing, there are more<br />
than 400 CIAs listed on the OIG Web site<br />
(http://oig.hhs.gov/fraud/cias.html). A small<br />
percentage of these are in academic medicine,<br />
more often related to improper billing or possible<br />
violation of the teaching physician rules.<br />
Similar lists may be found with other federal<br />
agencies related to research misconduct, for<br />
example, the National Institute of <strong>Health</strong>,<br />
Office of Research Integrity (http://silk.nih.<br />
gov/public/cbz1bje.@www.orlist.html).<br />
While some lists are predominantly institutional<br />
(e.g., CIAs and Excluded Party<br />
List System [EPLS]), others may contain<br />
individual names (e.g., List of Excluded<br />
Individuals/Entities [LEIE]). The latter lists<br />
are for debarment (exclusion from participation),<br />
while the OIG list specifically addresses<br />
settlement agreements that routinely allow<br />
the entity to continue to do business with the<br />
federal government. Institutional or entity<br />
debarment from receiving federal dollars is<br />
and can be the ultimate punishment imposed<br />
by a settlement action. The OIG and other<br />
federal agencies have used total debarment in<br />
a judicious and sparing manner.<br />
In the mid 1990s the OIG and other federal<br />
agencies launched a series of investigations<br />
called PATH audits (Physicians at Teaching<br />
Hospitals), and subsequently, a significant<br />
number of academic medical centers negotiated<br />
a CIA, which generally lasted five years,<br />
with the OIG. However, CIAs are not just<br />
The Announcement<br />
“While admitting no wrongdoing,<br />
(your organization) settled the case<br />
to avoid lengthy and costly litigation<br />
and to protect its ability to participate<br />
in Medicare, Medicaid, and federally<br />
funded grant programs. (Your organization)<br />
cooperated fully with the Federal<br />
Government to reach the settlement.”<br />
in health care or academic medicine. Like<br />
orange juice and breakfast, “CIAs are not just<br />
for health care anymore.” Other federal agencies,<br />
such as the Environmental Protection<br />
Agency (EPA), are using the CIA as a means<br />
of addressing violations as well. Copies of<br />
settlement agreements involving the EPA can<br />
be secured via their Freedom of Information<br />
Office at http://cfpub.epa.gov/compliane/<br />
foia/readingroom/. The general requirements<br />
of the CIA mirror the Federal Sentencing<br />
Guidelines (Chapter 8) for establishing<br />
a compliance program (http://www.ussc.<br />
Continued on page 12<br />
September 2006<br />
10<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
You’re a compliance professional, which means<br />
you can’t rest at simply knowing one or two<br />
key areas when it comes to compliance matters.<br />
With the CCH <strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Portfolio<br />
Deluxe you get the need-to-know information<br />
that affects every aspect of health care compliance.<br />
It comes as four resources (<strong>Health</strong> <strong>Care</strong><br />
<strong>Compliance</strong> Professional’s Manual, Journal of<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong>, <strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong><br />
Reporter, and the <strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Letter)<br />
that are designed to work seamlessly together.<br />
Visit health.cch.com or call 888-224-7377.<br />
When your company’s<br />
compliance steps rest<br />
on your decisions,<br />
look to Wolters Kluwer.<br />
Presenting the CCH <strong>Health</strong> <strong>Care</strong><br />
<strong>Compliance</strong> Portfolio Deluxe.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
September 2006<br />
11<br />
© 2006 Wolters Kluwer Law & Business. All rights reserved.
Corporate Integrity Agreement ...continued from page 10<br />
gov/guidelin.htm). The seven well-recognized<br />
elements (paraphrased) include:<br />
n Developing and distributing written standards<br />
(e.g., Code of Conduct)<br />
n Governing by a knowledgeable authority,<br />
appointing a high level official(s) (e.g.,<br />
compliance officer)<br />
n Exercising care in delegating authority<br />
(e.g., screened and restricted hiring of<br />
ineligible persons or entities)<br />
n Developing and implementing an education<br />
and training program<br />
n Using auditing and monitoring systems<br />
and a disclosure mechanism to detect<br />
criminal conduct<br />
n Establishing and maintain consistent<br />
enforcement and disciplinary procedures<br />
n Ensuring the institutional response is reasonable<br />
and appropriate to the offense<br />
CIAs come in two flavors: sweet and sour<br />
The sweet side first: If an organization has<br />
entered into a CIA agreement, it means the<br />
investigation stage, which could last several<br />
years, is finally over. Federal investigations are<br />
long and tiresome for both the investigator<br />
and those being investigated. The investigation/pre-investigation<br />
phase, often initiated<br />
by a subpoena for documents, is routinely followed<br />
by an interview process and culminates<br />
with findings and negotiation of the settlement<br />
agreement. During the course of the<br />
investigation and subsequent negotiations,<br />
tensions may be high, particularly if there<br />
are possible criminal violations (potential jail<br />
time) and significant fines at stake. Significant<br />
effort by senior administrators is required<br />
to facilitate the investigation, and this effort<br />
acts as a major distraction in terms of time,<br />
effort, etc. However, given the high stakes,<br />
particularly the potential loss of federal revenue,<br />
organizations should devote their best<br />
talented and most experienced staff members<br />
to represent them during this process. This is<br />
the time to have your “A” team on the field.<br />
Staff assigned to this process should possess<br />
strong negotiation skills, tact, and an indepth<br />
knowledge of the subject area.<br />
The DOJ, OIG, and other federal investigations<br />
are serious business. Criminal convictions,<br />
possible debarment, and multi-million<br />
dollar fines are not uncommon. From the<br />
mid-1990s to the present, fines have ranged<br />
from thousands to hundreds of millions of<br />
dollars. Common mistakes made by organizations<br />
during these investigations include<br />
not cooperating fully with the investigation<br />
(sometimes obstructing justice) and the<br />
destruction of documents. When this occurs,<br />
the organization’s culpability may rise and<br />
settlement fines may include double or treble<br />
damages. Damage calculations and culpability<br />
“scoring” are described in Chapter 8 of the<br />
Federal Sentencing Guidelines. The sweet side<br />
is the investigation is over and the organization<br />
can re-focus its efforts on its primary<br />
mission (e.g., patient care, research, education,<br />
etc.).<br />
Another upside is that a CIA can provide<br />
leverage for the board, senior administration,<br />
and the compliance officer to increase<br />
oversight, initiate a culture change, or implement<br />
new policy. The status quo must be<br />
abandoned: key members of senior management,<br />
the faculty, and staff must embrace the<br />
mandate for change. Often additional assets<br />
will be required to comply with the compliance<br />
agreement. In particular, there will likely<br />
be costs associated with establishing a disclosure<br />
process (commonly called a hotline):<br />
hiring appropriate staff for the conduct of<br />
education/training, space for new hires, costs<br />
associated with an external audit requirement,<br />
etc. The conclusion and final settlement<br />
also mark the beginning of rebuilding the<br />
organization’s external credibility and internal<br />
self-esteem. Recriminations on who was<br />
at fault should be cast aside. The survivors<br />
should focus as a team to set a new course of<br />
improvement and achievement. The signing<br />
of the compliance agreement marks the end<br />
of one process and opens the door for the<br />
beginning of another, which can ultimately<br />
improve the organization as a whole.<br />
The sour side of a CIA: Change, individual<br />
and institutional stress, costs, and diversion<br />
of scarce resources, are examples of the sour<br />
side of a CIA. In addition to the general<br />
requirements outlined in the seven step process<br />
for establishing a compliance program,<br />
the CIA may include specific mandates<br />
unique to the organization receiving the CIA.<br />
For example:<br />
n Budget and Accounting Records.<br />
Enhance records maintenance to demonstrate<br />
compliance with the applicable<br />
regulations.<br />
n Internal Audits. Conduct an annual<br />
comprehensive audit of the organization’s<br />
compliance with applicable federal regulations.<br />
n External Audits. Retain an independent<br />
auditing firm to perform a comprehensive<br />
audit of internal controls.<br />
n Implement and Report Remedial<br />
Actions. Identify and report any material<br />
violations and remediation efforts within a<br />
specified time period.<br />
n Training/Education. Initiate or expand<br />
on-going training for each officer, faculty<br />
member, physician, or relevant employee.<br />
n Confidential Disclosure Program.<br />
Establish or expand a confidential disclosure<br />
mechanism.<br />
n Annual Reporting. Submit an annual<br />
report to the lead federal agency providing<br />
a comprehensive description of the status<br />
of organizational compliance.<br />
n Record Retention. Retain documents in<br />
accordance with FAR, OMB Circular<br />
September 2006<br />
12<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
A-110, or applicable regulation.<br />
n Debarred or Suspended Persons or Entities.<br />
Screen employees and applicants to<br />
avoid knowingly employing an individual<br />
or entity who is listed by a federal agency<br />
as debarred, suspended, or otherwise<br />
ineligible for federal programs.<br />
The Board, the Audit Committee, the<br />
President, and the Chief <strong>Compliance</strong> Officer:<br />
“A shotgun wedding of necessity”<br />
Board and Audit Committee Oversight.<br />
Boards and board members have been<br />
increasingly reviewing their responsibilities<br />
since the publication of the Sarbanes-Oxley<br />
Act of July 30, 2002. While mandated for<br />
publicly traded corporations, many nonprofit<br />
organizations have taken a “Best Practices”<br />
approach to comply with the spirit of the law.<br />
Subsequently, audit/compliance committees<br />
have taken an increasing interest and<br />
leadership role in regulatory oversight and<br />
external audit engagements. The CIA will undoubtedly<br />
be brought to the attention of an<br />
organization’s board and committee structure<br />
to provide understanding and future oversight<br />
of the CIA mandates. Most certainly, the<br />
chief compliance officer (CCO) or chief audit<br />
executive (CAE) will be directly interacting<br />
and providing mandated reporting to the<br />
board and the respective audit/compliance<br />
committee.<br />
The President’s (CEO) Role. Many CIAs<br />
require the president or chief executive officer<br />
(CEO) to certify to the lead federal agency<br />
that the organization has an adequate and appropriate<br />
comprehensive compliance program<br />
to prevent and detect fraud, abuse, and false<br />
billing for Medicare, Medicaid, federal grants,<br />
etc. The president will rely on the CCO for<br />
establishing the compliance program, reporting<br />
to the board, and providing the annual<br />
report to the federal agency with oversight<br />
responsibility. Visible leadership and resource<br />
support are key considerations. Ultimately,<br />
the president is responsible for all his or her<br />
organization does or fails to do.<br />
Chief <strong>Compliance</strong> Officer. The CCO is<br />
responsible for overall compliance operations,<br />
including billing processes, review of<br />
grants and contracts, development of training<br />
programs, and the submission of comprehensive<br />
reports at least annually to the board of<br />
trustees and the lead federal agency. He or<br />
she will chair an organizational compliance<br />
committee and coordinate enterprise-wide<br />
compliance operations. The CCO will be<br />
required to provide the comprehensive annual<br />
and institutional attestation report for the<br />
mandated period (usually five years). A team<br />
effort and a supporting institutional structure<br />
are requirements for success.<br />
Summary: Leadership obstacle or<br />
opportunity?<br />
The bottom line is that most organizations<br />
generally do not operate in reckless disregard<br />
of the law. As a former Inspector General and<br />
currently as a COO working with a university<br />
and academic medical center, I find the very<br />
opposite is true. Board members, particularly<br />
in nonprofit organizations, volunteer<br />
significant time without pay or benefits.<br />
Their intentions are focused on preserving the<br />
reputation, assets, and oversight of the administration<br />
to ensure appropriate stewardship of<br />
the organization. Additionally, presidents and<br />
CEOs, as a rule, do not intentionally guide<br />
their organizations down the unrighteous<br />
path of regulatory disregard. Senior leadership<br />
impacts the culture and the organizational<br />
culture influences attitudes relative to regulatory<br />
compliance.<br />
Inertia, lethargy, or the long-standing culture<br />
of an organization may be leadership challenges.<br />
Historical practices, coupled with a<br />
failure to stay abreast of change, is analogous<br />
to putting one’s head in the sand and waiting<br />
for the danger to go away. The reality is<br />
that regulations change daily, with new ones<br />
being published while older ones are thrown<br />
out or worse yet, retained to help preserve<br />
the arcane nature of the regulatory environment.<br />
<strong>Compliance</strong> programs and enhanced<br />
auditing activities are proactive tools that help<br />
organizations face regulatory obligations and<br />
decipher the secret code that enables progress<br />
without the fear of punishment. CIAs,<br />
although costly, can act as a change agent and<br />
are, figuratively, the sweet and sour fruit of<br />
the regulatory tree. n<br />
Errata<br />
We’d like to thank Gynelle Baccus, RN,<br />
PhD, <strong>Compliance</strong> Analyst Corporate<br />
<strong>Compliance</strong>, Southern Illinois<br />
<strong>Health</strong><strong>Care</strong>, and acknowledge her as the<br />
author of “First Year in <strong>Compliance</strong>-<br />
--A Survival Guide” published in the<br />
July 2006 <strong>Compliance</strong> Today, page 19.<br />
Thank you Gynelle Baccus, for your<br />
time and your talent.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
September 2006<br />
13
September 2006<br />
14<br />
feature<br />
Editor’s note: Lea Cobb, RN, MBA,<br />
CHC, CPHQ, CPHRM, CLNC; Director<br />
of <strong>Compliance</strong> and Policy, HIPAA<br />
Privacy Officer at Erickson Retirement<br />
Communities was interviewed in July by<br />
HCCA Board Member Jennifer O’Brien.<br />
Lea may be reached by telephone at<br />
443/883-4607.<br />
<strong>JO</strong>: Tell us about your background and<br />
the journey that brought you to your current<br />
role.<br />
LC: I have worked in health care for over<br />
20 years. I began my career and eventual<br />
track to compliance as a home health staff<br />
nurse working in the acute care hospital setting.<br />
After completing my MBA, I started<br />
my career in health care management with<br />
responsibilities for areas such as quality/peer<br />
review, utilization review/case management,<br />
patient safety, JCAHO 1 accreditation, and<br />
risk management in various health care settings.<br />
These settings included rural health<br />
clinics, physician practices, home health services,<br />
and hospitals.<br />
My first compliance position began in<br />
1998, when I became the corporate compliance<br />
officer for a hospital in West Virginia.<br />
In 2000, I moved from West Virginia to<br />
Maryland where I began working in a hospital<br />
as the director of risk management and<br />
performance improvement, and eventually<br />
obtained the corporate compliance officer<br />
responsibilities as well. I had the opportunity<br />
to begin working for Erickson Retirement<br />
Communities, LLC (a continuing care<br />
community management and development<br />
company) in the Risk Management department<br />
with responsibilities for risk management<br />
and compliance. This eventually led<br />
article<br />
Meet Lea Cobb<br />
Director of <strong>Compliance</strong> and Policy, HIPAA Privacy Officer<br />
Erickson Retirement Communities<br />
to my current position as the Director of<br />
<strong>Compliance</strong> and Policy and HIPAA Privacy<br />
Officer. I saw the career move to Erickson<br />
Retirement Communities as an exciting challenge,<br />
since I had many years of experience<br />
in a variety of other health care settings.<br />
<strong>JO</strong>: What are some of your responsibilities<br />
as Director of <strong>Compliance</strong> and Policy?<br />
LC: Simply stated, I oversee all on-going<br />
compliance and ethics activities throughout<br />
the organization. These activities are<br />
related to the development, implementation,<br />
maintenance of, and adherence to the organization’s<br />
policies and procedures governing<br />
compliance. The privacy of and access to<br />
protected health information and compliance<br />
with federal and state laws also falls<br />
within the scope of my responsibilities. This<br />
includes: conducting an organizational compliance<br />
risk assessment; ensuring on-going<br />
compliance monitoring activities; reporting<br />
compliance activities to the Erickson and<br />
community boards and <strong>Compliance</strong> and<br />
Ethics committee; ensuring compliance education<br />
and training for all employees, board<br />
members, management and professional<br />
staff; conducting compliance investigations;<br />
and maintaining the organization’s values<br />
line. I work closely with the HIPAA security<br />
officer to ensure alignment between security<br />
and privacy practices, policies and procedures.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
<strong>JO</strong>: What is your reporting structure?<br />
LC: The chief compliance officer reports<br />
to our four boards of directors. As the director<br />
of compliance and policy and HIPAA<br />
privacy officer, I report to the chief compliance<br />
officer. Each of the Continuing<br />
<strong>Care</strong> Retirement Communities (CCRCs)<br />
has a community compliance liaison who<br />
manages compliance responsibilities at the<br />
community level. Community management<br />
and corporate line of business management<br />
also play a roll in the reporting structure of<br />
compliance. There is also a HIPAA security<br />
officer in the Information Technology<br />
department with whom I work on HIPAA<br />
initiatives. The <strong>Compliance</strong> and Ethics committee<br />
consists of representatives from legal,<br />
health services, finance, compliance, senior<br />
campus physicians, information technol-
ogy, human resources, Erickson Advantage,<br />
and operations. The Corporate <strong>Compliance</strong><br />
department consists of four staff members:<br />
the chief compliance officer; the director of<br />
compliance and policy (a HIPAA privacy<br />
officer); the assistant director of coding and<br />
compliance; and a project manager.<br />
<strong>JO</strong>: Tell us about Erickson Retirement<br />
Communities and the services it provides?<br />
LC: Erickson Retirement Communities<br />
(www.EricksonCommunities.com) is a<br />
development/management company based in<br />
Baltimore County, Maryland, since 1983. For<br />
middle-income people, the Erickson lifestyle<br />
offers unparalleled opportunities and is the<br />
best financial and health decision people can<br />
make. Our mission is to create communities<br />
that celebrate life.<br />
The Erickson network currently<br />
comprises 18 Continuing <strong>Care</strong> Retirement<br />
Communities (CCRCs). Thirteen campuses<br />
in Illinois, Maryland, Massachusetts,<br />
Michigan, New Jersey, Pennsylvania, Texas,<br />
and Virginia, are home to 17,000 people.<br />
New developments in the Chicago, Dallas,<br />
and Philadelphia areas will open in 2006,<br />
and new sites in the Denver and Kansas City<br />
areas are scheduled to open in the coming<br />
years. The company is currently pursuing site<br />
acquisition opportunities across the U.S. and,<br />
by 2025, expects to bring together 750,000<br />
people as residents, customers, and colleagues.<br />
Each Erickson CCRC is supported by<br />
Erickson <strong>Health</strong>SM, the nation’s largest and<br />
most completely integrated wellness and<br />
health care system for people older than 62<br />
years of age.<br />
Nationwide, 2,320 people across the<br />
country moved to Erickson CCRC in 2005,<br />
and the company added 1,433 new employees,<br />
bringing the total to more than 12,000<br />
employees. The company is on pace to reach<br />
nearly 20,000 residents by the end of 2006.<br />
Comprehensive health services are provided<br />
based on the maturity of the CCRC<br />
including: certified home health; emergency<br />
medical services (emergency response); rehabilitation;<br />
assisted living, skilled nursing,<br />
long-term care services; and a resident health<br />
benefit plan. Each community houses a medical<br />
center staffed by primary care physicians<br />
who specialize in geriatrics and practice only<br />
at Erickson CCRCs. In addition, hospice services<br />
will soon be added to the wide array of<br />
services available for our residents.<br />
<strong>JO</strong>: What are unique compliance challenges<br />
you face working in a CCRC?<br />
LC: <strong>Compliance</strong> risk areas and challenges<br />
are similar for most health care facilities. The<br />
major challenge for a CCRC is maintaining<br />
compliance with regulations in the current<br />
atmosphere where CCRCs are not specifically<br />
addressed in guidelines or rules and regulations<br />
as a single entity. CCRCs are made up<br />
of many different health services, all of which<br />
need to comply with specific regulations and<br />
requirements.<br />
Erickson is unique in that we currently<br />
have 18 communities spanning 10<br />
states; therefore, communication and follow<br />
through are essential. This is where our annual<br />
risk assessment becomes a vital tool. Faced<br />
with continuous legislative changes, we must<br />
be diligent regarding all compliance activities<br />
and ensure that our risk assessment process is<br />
on-going, not periodic.<br />
<strong>JO</strong>: What are the biggest compliance risk<br />
areas for the CCRC?<br />
LC: In light of the continuing focus on<br />
regulatory compliance, we are committed to<br />
ensuring compliance with our requirements<br />
under state and federal regulations relating<br />
to business ethics, Medicare, HIPAA privacy<br />
and security, employment law, and Sarbanes<br />
Oxley as it may apply to not-for-profit<br />
CCRC’s.<br />
<strong>Compliance</strong> risk is the possibility that<br />
an employee will fail to follow an internal<br />
policy or procedure or an external law, rule,<br />
or regulation that applies to the activity in<br />
which they are engaged. It is important that<br />
CCRCs have processes, methods and tools in<br />
place to deal with the consequences of events<br />
that have been identified as significant threats<br />
related to fraud, waste, and abuse.<br />
Other areas of compliance risk include<br />
document management, research, contract<br />
management, Medicare D, and the Deficit<br />
Reduction Act of 2005.<br />
<strong>JO</strong>: You are also the HIPAA privacy<br />
officer. What are some of the most common<br />
HIPAA issues you respond to for your organization?<br />
LC: The most common HIPAA questions<br />
that I have encountered concern uses and<br />
disclosures of protected health information.<br />
Also, because we are unique and have communities<br />
in multiple states, state preemption<br />
analyses become a concern and driving force<br />
for HIPAA compliance.<br />
<strong>JO</strong>: Where are you in the development of<br />
your compliance program?<br />
LC: We have a fully developed and comprehensive<br />
compliance and ethics program<br />
at Erickson. PREVENT is an acronym we<br />
use for the seven elements of a compliance<br />
program (P = Policies and procedures, R =<br />
Responsible person, E = Education and training,<br />
V = Venting complaints,<br />
E = Enforcement of standards, N = Need<br />
for internal audits, T = Taking corrective<br />
action) as outlined in the United States<br />
Sentencing Guidelines and the Office of<br />
Inspector General <strong>Compliance</strong> Guidances.<br />
We want to PREVENT fraud, waste, and<br />
abuse. Our program spans all of the health<br />
services provided at the CCRCs in addition<br />
to incorporating human resources and inter-<br />
Continued on page 16<br />
September 2006<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org 15
Meet Lea Cobb ...continued from page 15<br />
nal audit functions. HIPAA privacy, security,<br />
and Transaction Code Set requirements have<br />
all been addressed and implemented. We<br />
are currently working on National Provider<br />
Identifier (NPI) compliance.<br />
<strong>JO</strong>: Does your compliance program play a<br />
role in quality-of-care issues, and if so, how?<br />
LC: We have a comprehensive compliance<br />
program process that integrates compliance,<br />
risk management, and quality. These<br />
functions work in tandem. Quality-of-care<br />
reporting is part of the compliance auditing<br />
and monitoring program. Quality-of-care<br />
issues are managed at the CCRC through the<br />
Community Performance Improvement/Risk<br />
Management/Safety Committee with compliance<br />
as part of the structure.<br />
<strong>JO</strong>: How do you go about getting<br />
employee and staff support for your compliance<br />
efforts?<br />
LC: <strong>Compliance</strong> is an integral part of the<br />
everyday work of all employees, staff, and<br />
management members. <strong>Compliance</strong> is woven<br />
into the everyday job duties, “Erickson Way<br />
Values,” and responsibilities of the employees.<br />
Management plays a key role in employee<br />
and staff buy-in and continued compliance<br />
support. The “Erickson Way Values” are our<br />
organization’s approach to creating an atmosphere<br />
of accountability for ethical employee<br />
behavior.<br />
<strong>JO</strong>: How do you keep education and<br />
training interesting and effective?<br />
LC: We are constantly looking for new<br />
and innovative ways to conduct education<br />
and training to keep it humorous, interesting,<br />
and interactive. We employ a variety<br />
of venues to reach our widespread and<br />
diverse employee workforce. We use faceto-face<br />
training provided at the CCRC by<br />
the compliance liaison and at Erickson by<br />
corporate human resources. Additionally,<br />
we have established an Internet compliance<br />
site specifically for staff to have access<br />
to new or revised policies, education and<br />
training materials, and to alert them to new<br />
information. We send information through<br />
published compliance articles in newsletters<br />
or via e-mail. <strong>Compliance</strong> updates are<br />
provided at the CCRC by the compliance<br />
liaison and at Erickson by the compliance<br />
department through executive leadership<br />
team meetings, departmental meetings, and<br />
staff meetings. The director of compliance<br />
and policy/HIPAA privacy officer and the<br />
assistant director of coding and compliance<br />
also provide face-to-face education and training<br />
by traveling to the CCRC’s. <strong>Compliance</strong><br />
training is also provided through the use of<br />
Web-based training sessions. We are beginning<br />
to embark on an interactive, comprehensive,<br />
on-line compliance education and<br />
training program. We use posters, keycards,<br />
brochures, and magnets to provide awareness<br />
training to all staff on the Code of Conduct,<br />
PREVENT program, and Values Line reporting.<br />
I also look to the <strong>Compliance</strong> and Ethics<br />
committee and executive leadership team to<br />
generate ideas for training. It is very important<br />
to consistently evaluate the compliance<br />
education and training program from the<br />
view point of a staff member. This allows<br />
us to make changes when necessary to keep<br />
the training as interesting and interactive as<br />
possible.<br />
<strong>JO</strong>: What do you see as the greatest compliance<br />
challenges for the CCRC industry in<br />
the next three years?<br />
LC: I see many challenges in the next<br />
three years, including recruitment and retention<br />
of high quality staff, escalating insurance<br />
costs, and regulatory compliance coupled<br />
with uncertain financial markets and increasing<br />
consumer demand for cutting-edge aging<br />
services.<br />
Other challenges include: CCAC/<br />
CARF 2 accreditation standards and compliance;<br />
keeping current with emerging technology,<br />
such as the electronic health record;<br />
government initiatives related to health and<br />
technology; and HIPAA enforcement.<br />
Living in times of constant change, we<br />
never truly know what to expect as there will<br />
always be regulatory and legislative initiatives<br />
and enforcement practices for which a<br />
CCRC will have to be prepared.<br />
<strong>JO</strong>: You attended the HCCA <strong>Compliance</strong><br />
Academy and are certified in healthcare<br />
compliance (CHC). Why did you decide to<br />
attend the academy and has it helped you in<br />
your role?<br />
LC: I decided to attend the academy due<br />
to its reputation, industry knowledge of key<br />
constituents, resources available, educational<br />
and networking opportunities, and national<br />
organizational notoriety. The CHC designation<br />
has given me creditability among my<br />
peers and colleagues as well as professional<br />
recognition in the area of health care compliance.<br />
<strong>JO</strong>: HCCA offers a number of educational<br />
opportunities. Which most closely match<br />
your needs?<br />
LC: I received great value from my<br />
attendance at the Fraud and <strong>Compliance</strong><br />
Conference which is conducted in conjunction<br />
with the American <strong>Health</strong> Lawyers<br />
<strong>Association</strong>. Additionally, I found the<br />
<strong>Compliance</strong> and Ethics Institute and<br />
Medicare D <strong>Compliance</strong> Institute to be most<br />
useful. The <strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Manual<br />
is a must for all compliance professionals.<br />
<strong>JO</strong>: What advice would you give to someone<br />
who is just starting out in compliance<br />
and setting up a program?<br />
LC: Keep it simple, make it fun, and<br />
know the regulations affecting the compli-<br />
Continued on page 19<br />
September 2006<br />
16<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
September 2006<br />
17
Roy Snell and Dan Roach<br />
As part of our efforts to improve member services, the HCCA leadership<br />
has reviewed all of the evaluations submitted by participants at<br />
the Annual Institute in Las Vegas in April. Over the coming weeks,<br />
we will be responding to some of the more common questions/concerns<br />
raised in your comments. These questions include:<br />
1. How do you pick the city in which to hold the Institute?<br />
Picking the location for an Institute is a difficult and risky proposition,<br />
made more difficult as we grow. In making the decision, the<br />
management and board are weighing three important factors—cost,<br />
ease of travel, and the ability to accommodate the meeting. The cost<br />
analysis includes the cost of getting to and from the conference, hotel<br />
room cost, and the cost of staging the conference. The ease of travel<br />
analysis includes the time needed to travel to and from the venue and<br />
takes into account both flight length and the number of flights in and<br />
out of the city to dozens of destinations. The ability to accommodate<br />
the number of registrants is also an important consideration.<br />
Unfortunately, when all these factors are considered, there are relatively<br />
few cities that work. While New York and San Francisco are<br />
easy to get to, they are both prohibitively expensive (close to $300<br />
per night for hotel rooms). Other cities have inexpensive rooms, but<br />
are more costly to fly to, and may not have hotels large enough to<br />
accommodate our meeting. Other cities are more difficult to get to<br />
for a large segment of our members (Orlando and San Diego). While<br />
not complaining about our growth, the reality is that there are fewer<br />
than 10 cities that have hotels with adequate space (unless we want to<br />
move to a convention center). In short, there are less than a handful of<br />
cities that have the right mix of cost, accessibility, and space.<br />
Both the staff and the board work hard to chose a location and<br />
deliver a conference that enables us to cater to a very diverse group<br />
of members. Because our conferences are booked at least two and a<br />
half years in advance, it is a difficult and somewhat risky proposition.<br />
Unfortunately, we will never be able to address the needs of all prospective<br />
participants with respect to cost and location. However, we<br />
will continue to work diligently to do the very best we can with the<br />
constraints and options available.<br />
2. What can we do about the size and weight of the conference<br />
materials?<br />
We received a significant number of complaints about the size and<br />
weight of materials. In fact, we printed millions of pages of handouts<br />
for the last Institute, and the HCCA management would love to figure<br />
out a way to reduce the volume of materials. Consequently, you will<br />
soon be receiving an invitation to participate in an Internet survey<br />
that, among other questions, seeks your input on how to most effectively<br />
distribute conference materials to the participants.<br />
3. Caesar’s Palace ran out of rooms very early last year. What can<br />
be done to ensure that more participants get rooms in the conference<br />
hotel?<br />
Our 2006 Institute included 400 more participants than in previous<br />
years and 800 more participants than we anticipated when we initially<br />
booked Caesar’s Palace. When we sign a contract with a hotel, we<br />
need to agree on a “room block.” This means that the HCCA needs to<br />
guarantee between 4,000 and 5,000 room nights. If we fail to deliver<br />
attendees to fill those rooms, we will be stuck paying the hotel for the<br />
value of the unused rooms. Particularly in a post-9/11 era, we have<br />
tried to mange this risk by agreeing to room blocks that accommodate<br />
approximately 80% of our expected attendance. Unfortunately, when<br />
we signed the contract with Caesar’s Palace, we did not anticipate<br />
the 70% increase in attendance over 3 years.<br />
As soon as it appears that we will have a room shortage, we move<br />
rapidly to obtain additional rooms in the conference hotel or<br />
adjacent hotels. Depending on what other events are happening in the<br />
city and adjacent hotels, this may or may not be possible. One thing<br />
you can do to help the HCCA manage this problem more effectively<br />
September 2006<br />
18<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
is to make your hotel reservations as soon as<br />
possible. Part of the analysis that goes in to<br />
selecting a hotel includes the availability of<br />
the right room block and the potential availability<br />
of additional rooms in adjacent hotels, if<br />
we run out of space in the conference hotel.<br />
4. Some of the breakout sessions were very crowded last year.<br />
What can we do to accommodate larger breakout sessions?<br />
As noted above, the attendance at the Institute last year was<br />
substantially more than we anticipated. While we are pleased<br />
with the increased attendance, we concede it causes logistics issues.<br />
We are working to increase the size of some of the breakout<br />
rooms and to more effectively predict turnout at the sessions.<br />
Members can help us by giving us an idea, when registering,<br />
which sessions they anticipate attending (you will not be held to<br />
your choice, however). n<br />
Meet Lea Cobb ...continued from page 19<br />
ance areas required by your organization. Find ways to gain<br />
buy-in and maintain synergy and support from upper management.<br />
Integrate compliance into the employee’s everyday<br />
job duties, so compliance is not seen as yet another “thing<br />
to do.” Always look for new and interesting ways to make<br />
compliance fun and interesting. Network with your colleagues.<br />
Continually increase your knowledge of compliance<br />
by staying current with news and events. Become certified<br />
in compliance to increase your professionalism. And<br />
by all means, have fun, have fun, have fun! n<br />
1 JCAHO is the Joint Commission on Accreditation of <strong>Health</strong> <strong>Care</strong> Organizations<br />
2 CCAC/CARF is the Continuing <strong>Care</strong> Accreditation Committee/Commission on Accreditation of<br />
Rehabilitation Facilities<br />
CHC<br />
The <strong>Health</strong>care <strong>Compliance</strong><br />
Certification Board (HCCB)<br />
compliance certification<br />
examination is available in all 50 states.<br />
Join your peers and become Certified<br />
in <strong>Health</strong>care <strong>Compliance</strong> (CHC).<br />
certified in<br />
healthcare<br />
compliance<br />
The <strong>Compliance</strong><br />
Professional’s Certification<br />
Congratulations on achieving<br />
CHC status! The <strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong><br />
Certification Board announces that the following<br />
individuals have recently successfully<br />
completed the Certified in <strong>Health</strong>care <strong>Compliance</strong><br />
(CHC) examination, earning CHC<br />
designation:<br />
CHC certification benefits:<br />
■ Enhances the credibility of the<br />
compliance practitioner<br />
■ Enhances the credibility of the<br />
compliance programs staffed by<br />
these certified professionals<br />
■ Assures that each certified compliance<br />
practitioner has the broad<br />
knowledge base necessary to<br />
perform the compliance function<br />
■ Establishes professional standards<br />
and status for compliance<br />
professionals<br />
■ Facilitates compliance work for compliance practitioners in dealing<br />
with other professionals in the industry, such as physicians and attorneys<br />
■ Demonstrates the hard work and dedication necessary to perform the<br />
compliance task<br />
Catherine Lynn Gibson<br />
Nancy Sheftel<br />
Nancy R. Vasto<br />
Kurt William Wood<br />
Rebecca A. Buegel<br />
Danny Vaughn Harrison<br />
CHC certification, developed and managed by HCCB, became available June<br />
26, 2000. Since that time, hundreds of your colleagues have become Certified<br />
in <strong>Health</strong>care <strong>Compliance</strong>. Linda Wolverton, CHC, says that she sought CHC<br />
certification because “many knowledgeable people work in compliance, and I<br />
wanted my peers to recognize me as ‘one of their own’.” With certification she<br />
is “recognized as having taken the profession seriously, having met the national<br />
professional standard.”<br />
For more information on how you can become CHC Certified,<br />
please call 888/580-8373, e-mail hccb@hcca-info.org, or visit the<br />
HCCA Web site at www.hcca-info.org and click on the HCCB Certification<br />
button on the left.<br />
September 2006<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> 888-580-8373 • www.hcca-info.org 19
Pros<br />
n Single point of data entry<br />
n No data duplication<br />
n Entrenched in-house process<br />
By Matt Dowell<br />
Editor’s Note: Matt Dowell is the President following states: Alaska (HB454), California<br />
of Collaborative Reporting, Inc. He may be (AB45), Colorado (SB 1), Hawaii (HB 32),<br />
reached by e-mail at http://www.collabreports.cosetts<br />
(HB 2659), Michigan (HB 5706), New<br />
Illinois (HB 656), Iowa (HB 503), Massachu-<br />
Hampshire (HB 703), New York (AB 2160),<br />
Many states have recently passed Oklahoma (HB 1542), Pennsylvania (SB<br />
laws calling for the reporting of 320), Rhode Island (HB 6141), Tennessee<br />
medical marketing data. A larger (SB 1441), and Washington (SB 5149).<br />
number of states and districts are currently<br />
considering similar laws. This article will The data required for reporting in each state<br />
briefly touch on some of the newer reporting includes, but is not limited to:<br />
requirements and a few technical and business<br />
solutions that can reduce the time spent Who: Name, credentials, and “type” of recipient<br />
gathering and reporting on your sales events What: Gifts, with quantity and cost, and<br />
and keep your company compliant, without where given<br />
fines, and out of the news.<br />
Where: What clinic, hospital, or conference<br />
When: Date gift was given<br />
The medical marketing laws vary in their<br />
requirements, for example:<br />
Reporting this data poses several challenges.<br />
For a significant portion of pharmaceutical<br />
Minnesota<br />
and medical device manufacturers this requires<br />
A company cannot spend more than $50 per a new business process. This process requires<br />
practitioner, and must file annual reports with gathering the necessary information from each<br />
the Board of Pharmacy.<br />
field sales representative after each marketing<br />
event. Your solution will need to conform to<br />
Vermont<br />
your current and future compliance needs or<br />
Annual reporting of all marketing activities you risk being caught in a constantly changing<br />
is required through the state’s Web site or a business process cycle. The following section<br />
custom batch process.<br />
will summarize a few current options along<br />
with their pros and cons.<br />
Maine<br />
Reporting of all pharmaceutical marketing Using and customizing current tools<br />
activities greater than $25 is required, starting Your current in-house financial reporting or<br />
in July 2007.<br />
customer relationship management (CRM)<br />
tool might have customization options that<br />
Marketing disclosure laws have also been would be beneficial in your annual reporting.<br />
enacted in California, Washington D.C., Check with your sales operations team to see<br />
and West Virginia. Very similar laws, with if you can generate reports based upon dollar<br />
reporting requirements, are pending in the spent per client and location.<br />
Cons<br />
n Not flexible<br />
n Most likely not accessible for remote sales<br />
team<br />
n Can be expensive to customize<br />
Manually gathering the data<br />
If your sales team is small enough, the gathering<br />
of data could be maintained by a single<br />
person who creates a spreadsheet or small<br />
database to maintain the data. Currently, a<br />
handful of states accept data in spreadsheet<br />
format. The sales team members could use<br />
e-mail to send the data to the person who<br />
maintains the spreadsheet.<br />
Pros<br />
n Quickly implemented<br />
n No new business process to integrate<br />
n Flexible<br />
Cons<br />
n Resource intensive<br />
n Low quality<br />
n High risk<br />
n Can easily fall behind new regulations<br />
The new breed of marketing compliance<br />
tools<br />
New to the market are a handful of companies<br />
and legal firms that specialize in medical<br />
marketing compliance. Some offer services<br />
and software built specifically to help companies<br />
compile, search, and report their state<br />
marketing information.<br />
Pros<br />
n Integrate with many CRM applications<br />
n Web enabled<br />
Continued on page 22<br />
September 2006<br />
20<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
September 2006<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org 21
Medical marketing compliance ...continued from page 20<br />
FYI FOR YOUR<br />
INFORMATION<br />
n Hosted by a vendor for easy updates<br />
n Full web-services integration [MS Office]<br />
n High quality of data and reporting<br />
n Additional features include inventory management<br />
Cons<br />
n Cost<br />
n Potential for duplicate data entry<br />
n New process requirement for field sales people ·<br />
Summary<br />
Your solution needs to be comprehensive and flexible enough so each<br />
new state regulation does not disrupt your sales process. Each company<br />
has specific needs based upon size, market, and resource availability.<br />
The solution your company implements should take all of those factors<br />
into consideration.<br />
The state medical marketing regulations are as varied as they are<br />
confusing. As a person responsible for helping your company stay<br />
compliant, your solution must become a seamless part of your business<br />
process and yet be flexible enough to handle the myriad of current and<br />
future state laws. n<br />
Aimset Corporation<br />
New <strong>Compliance</strong> Software<br />
Guaranteed Productivity<br />
Free trial period<br />
Let’s face it…saving the world is not<br />
an easy job. It requires you to do a<br />
million things at once with pinpoint<br />
precision.<br />
Rule #1: Don’t make your job harder<br />
than it needs to be.<br />
It’s time to manage your work more<br />
efficiently and go home on time.<br />
Make this your reality today.<br />
Owners of Defunct Nurse Staffing Company Indicted<br />
U.S. Attorney for Colorado Bill Leone announced on July 27 that<br />
William C. Crabbe and James S. Rowan, owners of Columbine<br />
<strong>Health</strong> <strong>Care</strong> Systems, Inc. of Greeley, Colorado, were indicted by a<br />
federal grand jury in Denver on Tuesday, July 25, 2006, for failure<br />
to pay federal payroll taxes, failure to pay taxes, and tax evasion.<br />
Crabbe was also charged with filing false tax returns. Both defendants<br />
received summons to appear in U.S. District Court in Denver<br />
on August 10, 2006 at 2:00 pm, where they will be advised of the<br />
charges against them. Columbine <strong>Health</strong> <strong>Care</strong> Systems went out of<br />
business in June 2003.<br />
According to the indictment, Crabbe and Rowan were the owners<br />
and principal officers of Columbine <strong>Health</strong> <strong>Care</strong> Systems, a<br />
national nurse-staffing agency. Columbine would charge its clients<br />
a fee for placing nurses in such places as hospitals, healthcare facilities,<br />
and doctor’s offices. Columbine would then pay wages to the<br />
nurses. The company’s corporate offices were located in Greeley,<br />
Colorado, with a few small sales offices located in other states.<br />
For more: http://www.usdoj.gov/usao/co/press_releases/2006/<br />
July06/7_27_06.html<br />
UMDNJ Remains in the News<br />
On July 26, The Star-Ledger reported that “New Jersey’s troubled<br />
medical university and its major teaching hospital swallowed a<br />
tough pill yesterday in addressing mounting financial problems:<br />
more than 100 layoffs, program cutbacks, and an indefinite delay in<br />
the opening of a new $110 million cancer center in Newark.<br />
“The cuts at the University of Medicine and Dentistry of New<br />
Jersey come in the wake of the state’s own budget woes, which led<br />
to cuts of millions of dollars for charity care and higher education. “<br />
For more: http://www.nj.com/news/ledger/jersey/index.ssf?/base/<br />
news-4/1153892605261510.xml&coll=1<br />
UMDNJ Trustee Steps Down<br />
On July 29, Newsday reported that “Another trustee at the<br />
embattled University of Medicine and Dentistry of New Jersey is<br />
stepping down.<br />
September 2006<br />
22<br />
Contact us today for a Free Demo<br />
www.aimset.com<br />
650-281-7997<br />
info@aimset.com<br />
Special Code: HCCA<br />
Frederic C. Sterritt is leaving UMDNJ’s board, about a week after<br />
the state started an ethics probe into how he helped his brother get<br />
a job.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
Continued on page 43
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
September 2006<br />
23
By John J. Eller, Esq, and Donna J. Senft, Esq.<br />
John J. Eller<br />
Editor’s Note: John J. Eller is a principal<br />
and Donna J. Senft is an associate at<br />
Ober Kaler, a Baltimore law firm serving<br />
business, commercial finance, construction,<br />
health, and litigation. Mr. Kaler can be<br />
reached at jjeller@ober.com or 410/347-<br />
7362; Ms. Senft can be reached at djsenft@<br />
ober.com or 410/347-7336.<br />
On April 21, 2006, the Centers for<br />
Medicare and Medicaid Services<br />
(CMS) published its final rule,<br />
“Medicare Program: Requirements for<br />
Providers and Suppliers to Establish and<br />
Maintain Medicare Enrollment,” which made<br />
changes to the existing Medicare rules that<br />
significantly affect existing providers and<br />
suppliers, as well as new enrollees. Although<br />
providers and suppliers have always been<br />
required to comply with the Medicare enrollment<br />
rules, both for initial enrollment and<br />
on a continuing basis thereafter, the new<br />
rules require that at some point in the near<br />
future, every provider or supplier will need to<br />
have a complete CMS 855 form on record.<br />
The new requirements contain procedural<br />
safeguards for CMS to verify that a provider<br />
or supplier is compliant with the enrollment<br />
requirements, and also contain significant<br />
sanctions for non-compliance. Understanding<br />
and adhering to the requirements is, therefore,<br />
not only important for a provider or<br />
supplier to ensure that initial enrollment is<br />
expeditiously obtained, but also critical to<br />
help ensure that its Medicare enrollment<br />
remains activated without interruption or the<br />
imposition of sanctions.<br />
The changes contained in the final rule, published<br />
just days before the end of the three-year<br />
time period to implement the proposed rule<br />
that was published on April 25, 2003, became<br />
effective June 20, 2006. They are the latest in a<br />
series of initiatives to strengthen the Medicare<br />
enrollment process to prevent initial or continued<br />
enrollment by unqualified or fraudulent<br />
providers or suppliers. Prior initiatives included<br />
contracting with the National Supplier Clearinghouse<br />
(NSC) regarding initial or continued<br />
enrollment of durable medical equipment,<br />
prosthetic, and orthotics suppliers (DMEPOS)<br />
and authorizing fiscal intermediaries and<br />
carriers to conduct site visits to verify if the<br />
provider or supplier was eligible to participate<br />
in the Medicare program.<br />
Just as providers and suppliers were learning<br />
about the new requirements contained in the<br />
final rule, on May 1, 2006, CMS released<br />
revised enrollment forms, (i.e., the CMS<br />
855 series) used by providers and suppliers<br />
to apply for initial enrollment and to request<br />
changes to the enrollment file. A one-month<br />
grace period was established, with providers<br />
and suppliers required to use the new forms<br />
for any submission after June 2, 2006. The<br />
following are direct Internet links to the all of<br />
the new enrollment forms:<br />
CMS 855A for Institutional Providers:<br />
www.cms.hhs.gov/cmsforms/downloads/<br />
cms855a.pdf<br />
CMS 855B for Clinics/Group Practices and<br />
Certain Other Suppliers:<br />
www.cms.hhs.gov/CMSforms/downloads/<br />
cms855b.pdf<br />
CMS 855I for Physicians and Non-Physician<br />
Practitioners:<br />
www.cms.hhs.gov/cmsforms/downloads/<br />
cms855i.pdf<br />
CMS 855R for Reassignment of Medicare<br />
Benefits:<br />
www.cms.hhs.gov/cmsforms/downloads/<br />
cms855r.pdf<br />
CMS 855S for DMEPOS Suppliers:<br />
www.cms.hhs.gov/cmsforms/downloads/<br />
cms855s.pdf<br />
Key provisions of the final rule<br />
New enrollment forms completion<br />
From the inception of the CMS 855 forms in<br />
1997, providers or suppliers who were already<br />
enrolled in the Medicare program did not<br />
have to complete and submit the entire CMS<br />
855 application form. With the release of the<br />
new versions of the CMS 855 forms, CMS<br />
will require all providers and suppliers--- even<br />
September 2006<br />
24<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
those that have already enrolled in the Medicare<br />
program and obtained billing numbers---<br />
to submit a completed enrollment application<br />
on the applicable new form.<br />
By requiring all providers and suppliers to<br />
complete a CMS 855 enrollment form, the<br />
Provider Enrollment, Chain, and Ownership<br />
System (“PECOS”) database will be more<br />
comprehensive. CMS developed PECOS following<br />
a policy decision to create a national,<br />
uniform electronic database for recording and<br />
retaining enrollment data to combat fraud<br />
and abuse. In July 2002, fiscal intermediaries<br />
began entering enrollment data for Medicare<br />
Part A providers into the system, with carriers<br />
following in November 2003, entering data<br />
on Part B providers and suppliers.<br />
The final rule did not indicate the timing or<br />
discuss the process that will be used to notify<br />
previously enrolled providers or suppliers<br />
that they will need to complete and submit<br />
a CMS 855 form. The Medicare enrollment<br />
contractors are suggesting the completion of<br />
the entire form when a provider or supplier<br />
needs to make changes to its provider or supplier<br />
file, even though this completion may be<br />
well in advance of the requirement to do so.<br />
Historically, Medicare enrollment contractors<br />
would often accept an enrollment application<br />
that was missing certain required information<br />
or documentation. The new procedures<br />
require the Medicare contractors to use an<br />
initial screening process which identifies<br />
omissions requiring an automatic rejection<br />
of the application. Any rejection and return<br />
of the application further delays an already<br />
lengthy time period to complete the initial<br />
enrollment process.<br />
Another new requirement is that any provider<br />
or supplier who submits new enrollment<br />
applications or enrollment forms to report<br />
changes will need to not only indicate its<br />
National Provider Identifier (NPI) number,<br />
but also provide verification of the NPI<br />
number in order for the enrollment or change<br />
forms to be processed. The <strong>Health</strong> Insurance<br />
Portability and Accountability Act (HIPAA)<br />
required the adoption of a standard unique<br />
health identifier for health care providers.<br />
CMS adopted the NPI number as this<br />
unique identifier but previously indicated<br />
that covered entities would not need to use<br />
this identifying number until May 23, 2007.<br />
As a result of the advanced notice and delayed<br />
implementation date, providers and suppliers<br />
may not previously have seen the need to<br />
obtain an NPI number as a priority.<br />
As of May 1, 2006, providers and suppliers<br />
are able to obtain an NPI number through an<br />
online process or the submission of a paper<br />
application. Either process is fairly efficient<br />
with a number assigned in just days. More<br />
information about obtaining an NPI number<br />
is available on the CMS website at: https://<br />
nppes.cms.hhs.gov/NPPES/StaticForward.<br />
do?forward=static.npistart.<br />
Although the prior version of the CMS 855<br />
forms could be completed electronically,<br />
CMS has not provided software to complete<br />
the new version of the CMS 855 forms<br />
electronically. CMS has indicated its intent<br />
to have a Web-based enrollment process<br />
operational in 2007.<br />
The new CMS 855 forms continue to be<br />
very far-reaching in the scope of information<br />
to be reported initially and to be updated<br />
in a timely fashion as changes occur. This is<br />
particularly true with respect to ownership<br />
and control information, which is relevant to<br />
CMS’ principal concern to protect Medicare<br />
beneficiaries from unqualified or fraudulent<br />
providers and suppliers. For example, providers<br />
and suppliers who enroll in the Medicare<br />
Donna J. Senft<br />
program are required to disclose information<br />
about individuals or entities that have<br />
either a five percent or more direct or indirect<br />
ownership interest or a controlling interest<br />
in the provider or supplier entity. Even a<br />
lending institution with a secured interest in<br />
the provider’s or supplier’s property or assets<br />
(e.g., with a mortgage, deed of trust or note)<br />
may be considered to have an “ownership or<br />
controlling interest” for these purposes. In the<br />
case of a corporation, officers and members of<br />
the governing board (e.g., the board of directors<br />
or board of trustees) are considered to be<br />
among those with a controlling interest. The<br />
officers include not only those listed in the<br />
articles of incorporation or corporate bylaws,<br />
but also officers named by the governing<br />
board. Therefore, within 30 days of a change<br />
in an officer or member of the governing<br />
board, updated forms must be submitted to<br />
report the officer or board member being removed<br />
and the officer or board member being<br />
added. Other frequent types of changes that<br />
require timely reporting include a change in<br />
legal or trade names, addition of practice locations,<br />
and changes in managing employees.<br />
Sanctions for failure to provide timely<br />
updates<br />
Included in the regulations are specific time<br />
frames for submitting updated enrollment<br />
Continued on page 27<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
September 2006<br />
25
Consult with our team<br />
of national experts on compliance issues.<br />
<strong>Compliance</strong> Effectiveness | Medicare & Medicaid Fraud Defense | Corporate Integrity Agreements<br />
Pharmaceutical Contracts | Research <strong>Compliance</strong> & Billing<br />
Revenue Cycle Analysis | Sarbanes Oxley & Internal Audit Services<br />
Coder Certification & Training | Charge Master Analysis & Implementation<br />
Serving clients in 45 states since 1985.<br />
For more information, contact our specialists:<br />
John Beattie, CPA, CFE Victor Blanchard, CISA James Cesare John Foley, CPA<br />
717.540.4709 215.972.2392 717.540.4702 570.820.0126<br />
jbeattie@parentenet.com vblanchard@parentenet.com jcesare@parentenet.com jfoley@parentenet.com<br />
September 2006<br />
26<br />
www.parentehealthcare.com<br />
An Independent Member of Baker Tilly International<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
New Medicare enrollment regulations ...continued from page 25<br />
forms. Within 30 days of any change in ownership<br />
or control for any provider or supplier, or<br />
any reportable change for a DMEPOS supplier,<br />
updated enrollment forms must be submitted.<br />
For all other reportable changes, updated enrollment<br />
forms must be submitted within 90 days<br />
following the effective date of the change.<br />
CMS has stated its intention to require<br />
deactivation for failure to report changes in a<br />
timely manner, which may even result in revocation<br />
of the provider’s or supplier’s billing<br />
privileges. Deactivation is the temporary suspension<br />
of billing privileges. Although billing<br />
is suspended, the deactivation does not have<br />
any effect on the provider or supplier agreement.<br />
Specific procedures for reactivating a<br />
provider number, including the submission of<br />
a new CMS 855 enrollment application, are<br />
included in the new regulations. Reactivation<br />
in those circumstances will not require a new<br />
survey or certification.<br />
When billing privileges are revoked, the provider<br />
or supplier agreement is also terminated.<br />
Additionally, when a revocation occurs,<br />
CMS will automatically review any related<br />
Medicare enrollment file. For example, if a<br />
reported owner (i.e., 5% or greater ownership<br />
interest) is also an owner or a person in<br />
control of another Medicare enrolled entity,<br />
CMS will review the revocation to see if it<br />
warrants an adverse action for the associated<br />
provider or supplier (i.e., associated in this<br />
case by a person with ownership in both<br />
enrolled entities.)<br />
Revalidation process<br />
CMS has developed a procedure to allow it<br />
to determine if updated information has been<br />
promptly submitted. Under the new regulations,<br />
CMS has established a five-year cycle<br />
for revalidation, with the ability to perform<br />
an “off cycle” revalidation if conditions so<br />
warrant. The revalidation process will be<br />
an opportunity to ensure that a provider<br />
or supplier has remained in compliance<br />
with Medicare requirements. In addition to<br />
confirming the validity of the enrollment information<br />
submitted through the revalidation<br />
process, CMS reserves the right to perform<br />
unannounced site visits to verify enrollment<br />
information. Revalidation is designed to<br />
protect beneficiaries and the Medicare trust<br />
fund by ensuring services are received from<br />
legitimate providers and suppliers.<br />
CMS does not expect the revalidation activities<br />
to be significant until 2008, and has not<br />
yet announced how providers and suppliers<br />
will be chosen to enter into the 5-year cycle,<br />
though the first revalidation efforts will focus<br />
on providers or suppliers who never previously<br />
submitted a complete CMS 855 form.<br />
CMS has indicated that the first priority for<br />
enrollment contractors should be to process<br />
new enrollment applications. Such prioritizing<br />
of effort is intended by CMS to address<br />
the concern expressed by providers and<br />
suppliers regarding the ability of the Medicare<br />
enrollment contractors to handle the<br />
increased workload. In its final rule, CMS announced<br />
the intent to conduct approximately<br />
500 on-site visits to Community Mental<br />
<strong>Health</strong> Centers and 2,800 annual visits to<br />
Independent Diagnostic Testing Facilities.<br />
Once the revalidation process becomes<br />
established, the burden on providers and suppliers<br />
should be relatively minimal. CMS has<br />
indicated its intent to send the provider’s or<br />
supplier’s current CMS 855 form on record<br />
to the provider or supplier, to verify the<br />
accuracy of the information and report any<br />
changes to be made regarding the information<br />
in the enrollment file.<br />
Initial enrollment<br />
The new regulations delineate situations in<br />
which the initial enrollment application may<br />
be rejected. If the application is submitted<br />
with missing information and any missing<br />
information or requested supporting<br />
documentation is not submitted on time, the<br />
application will be rejected and the applicant<br />
will need to restart the enrollment process.<br />
There are no appeal rights granted when an<br />
application is rejected.<br />
Additionally, an entity may be denied enrollment<br />
or have its enrollment revoked when<br />
individuals with ownership or controlling<br />
interests have been sanctioned or convicted of<br />
certain federal or state crimes. The new regulations<br />
delineate the specific offenses, such<br />
as exclusion sanctions, that will result in an<br />
automatic rejection or revocation, and other<br />
offenses that may result in rejection or revocation<br />
because the offense has been determined<br />
to be detrimental to the best interests of the<br />
Medicare program or its beneficiaries.<br />
Enrollment may be denied if there is a<br />
determination, based upon the on-site review<br />
or other reliable evidence, that the provider or<br />
supplier is not in compliance with the Medicare<br />
requirements. Appeal rights are granted<br />
in this situation. If, however, the decision is<br />
appealed, then a new application may not be<br />
submitted until a decision is made to uphold<br />
the original determination. If the provider or<br />
supplier elects not to appeal the decision, a<br />
new application may be submitted when the<br />
time frame to appeal has lapsed.<br />
Change of ownership<br />
Consistent with prior requirements, if a<br />
change of ownership involves providers, both<br />
the buyer and seller need to submit provider<br />
enrollment application information. Under<br />
the new regulations, the seller risks sanctions<br />
if it fails to complete the enrollment materials<br />
prior to the change in ownership. When the<br />
seller agrees to assign and the buyer agrees to<br />
Continued on page 29<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
September 2006<br />
27
American <strong>Health</strong> Lawyers <strong>Association</strong><br />
and<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong><br />
presents<br />
FRAUD AND COMPLIANCE FORUM<br />
September 25-27, 2006<br />
Renaissance Harborplace Hotel • Baltimore, MD<br />
PLAN NOW TO ATTEND<br />
Visit: www.hcca-info.org for more information<br />
Don't miss the Fraud and <strong>Compliance</strong> Forum!<br />
The program will provide legal analysis and practical compliance guidance<br />
on issues including:<br />
• Fraud and Abuse Issues for Physicians, Long Term <strong>Care</strong><br />
Facilities, Managed <strong>Care</strong> Organizations, Hospitals and <strong>Health</strong><br />
Systems and Pharmaceutical Manufacturers<br />
• Stark II Phase II Regulations and Fair Market Value<br />
• EMTALA<br />
• Legal Ethics<br />
• Research <strong>Compliance</strong> and Billing<br />
• Auditing and Monitoring <strong>Compliance</strong> Plans<br />
• Internal Investigations<br />
has provided sponsorship in support of this program.<br />
To register visit us online at: www.hcca-info.org<br />
For questions call HCCA at: (888) 580-8373<br />
SAVE THE DATE!<br />
Continuing Education Credits: AAPC • ACHE • AHIMA • HCCB • NASBA • MCLE<br />
September 2006<br />
28<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
New Medicare enrollment regulations ...continued from page 27<br />
accept the assignment of the seller’s provider number, the new regulations<br />
allow for deactivation of the billing number any time before<br />
the final transference of the provider agreement to the buyer, if the<br />
buyer fails to submit what is required within 30 days of the change of<br />
ownership. With respect to a change of ownership or control involving<br />
suppliers, appropriate CMS 855 forms must be submitted within<br />
the 30 days immediately following the change.<br />
Conclusion<br />
It is strongly advisable to become familiar with the new CMS 855<br />
forms, the information required to be reported using these forms, and<br />
the supporting documentation to be sent to CMS. This is certainly<br />
important for new providers or suppliers, and existing providers<br />
and suppliers when they are called upon to complete the CMS 855<br />
form for the first time as part of the revalidation process, or as part<br />
of a change of ownership transaction. It is particularly important for<br />
existing providers and suppliers who have never completed a CMS<br />
855 form and have changes that would require updating the enrollment<br />
file. Existing providers, especially those not familiar with the<br />
CMS 855 process, may not be aware that they are required to report<br />
certain changes that occur during the ordinary course of conducting<br />
their business affairs. Any changes in the categories of information<br />
required on these forms—even if the forms had never previously been<br />
submitted, and the provider or supplier had never previously reported<br />
such information to CMS—must now be reported using the new<br />
forms. If unfamiliar with the reporting requirements, a provider or<br />
supplier may not realize the broad scope of information that CMS<br />
requires to be maintained in its enrollment files and used by CMS<br />
for its monitoring activities, and that a failure to properly report any<br />
changes in that information using the CMS 855 form creates a risk<br />
of being subject to serious sanctions. Providers and suppliers should<br />
develop a clear understanding of what is legally required to complete<br />
the CMS 855 forms, use them to report changes appropriately, and<br />
obtain assistance as necessary in this regard to help assure compliance<br />
or deal with regulatory authorities. This will allow providers<br />
and suppliers to avoid delays in processing and initial activation, but<br />
more importantly to minimize the potential for deactivation of their<br />
Medicare number, revocation of billing privileges, further adverse<br />
consequences to the provider or supplier, or adverse consequences to<br />
other Medicare-enrolled entities having common ownership with the<br />
provider or supplier. n<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
September 2006<br />
29
September 2006<br />
30<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
September 2006<br />
31
By Salvatore G. Rotella, Jr., Esq.<br />
with a valid authorization from the patient;<br />
or under certain other, limited circumstances.<br />
One of these other circumstances is for<br />
research purposes. 1<br />
As a threshold matter, the Privacy Rule’s<br />
research provision applies only if a research<br />
undertaking’s “primary purpose” is to obtain<br />
“generalizable knowledge.” Accordingly, providers<br />
can customarily review patient records<br />
for quality assessment and improvement<br />
purposes without worrying about the restrictions<br />
on unauthorized disclosure, because<br />
such reviews constitute health care operations,<br />
not research.<br />
Research-related disclosure of medical records<br />
in general. If a provider is participating<br />
in an effort to obtain “generalizable knowledge,”<br />
it may disclose records that contain<br />
PHI only with a valid patient authorization<br />
or under the following scenarios:<br />
First, the provider may de-identify the<br />
records, so that they no longer constitute<br />
PHI. This process entails either removing<br />
18 separate indentifiers or having a qualified<br />
statistician determine that there is minimal<br />
risk that the intended recipient could use the<br />
information to identify the subject, either<br />
alone or in combination with other reasonably<br />
available information. 2<br />
Second, the provider may create a so-called<br />
“Limited Data Set,” which involves removing<br />
certain identifiers from the records and<br />
entering into a data use agreement with the<br />
researcher who will receive the data. 3<br />
Third, the provider may obtain a waiver of<br />
the patient authorization requirement, for<br />
the specific research use at issue, from an appropriate<br />
Institutional Review Board (IRB) or<br />
Privacy Board. 4<br />
Editor’s note: Mr. Rotella is an attorney<br />
and a member of the law firm of Cozen<br />
O’Connor. He may be reached by telephone<br />
at 215/665-3729.<br />
The <strong>Health</strong> Insurance Portability and Accountability<br />
Act’s Privacy Rule (the Privacy<br />
Rule) strikes a balance between restricting the<br />
unauthorized disclosure of medical records<br />
and permitting health care providers to<br />
operate effectively, including participation<br />
in research studies. Specifically, the Privacy<br />
Rule takes into account that getting patient<br />
authorization for a disclosure can be problematic<br />
for researchers who do not interact<br />
directly with their research subjects. <strong>Health</strong><br />
services researchers, for example, typically<br />
analyze large amounts of patient data to reach<br />
evidence-based conclusions about ways to<br />
improve the quality and efficiency of health<br />
care services.<br />
State laws and, to some extent, the Privacy<br />
Rule itself afford significant additional protection<br />
to records of mental health treatment.<br />
As a result, the careful balance between<br />
ensuring confidentiality and fostering studies<br />
to improve health care can shift dramatically<br />
in the case of research involving mental health<br />
records. Pennsylvania offers a good test case<br />
jurisdiction for understanding how to navigate<br />
the often complex overlay of federal and<br />
state laws governing a provider’s disclosure<br />
of mental health records to an independent<br />
researcher.<br />
Federal law: The Privacy Rule<br />
The Privacy Rule sets a floor as to a provider’s<br />
obligation to maintain the confidentiality of<br />
all protected health information (PHI). It<br />
generally allows disclosure of a patient’s PHI<br />
only: for treatment, payment, or operations;<br />
Fourth, a provider may disclose records for<br />
activities preparatory to research, such as for<br />
the researcher to prepare a research protocol. 5<br />
As a practical matter, the Department of<br />
<strong>Health</strong> and Human Services (HHS) has<br />
issued guidance clarifying that a researcher<br />
who is the intended recipient of a covered<br />
entity’s de-identified records can also be the<br />
person to de-identify the records. 6 This is so<br />
because the process of creating de-identified<br />
health information from PHI is itself deemed<br />
a health care operation, and not part of the<br />
research project. Especially in the case of<br />
health services research involving large databases<br />
of patient information, the fact that the<br />
researcher can undertake the de-identification<br />
may well allow a provider to participate in<br />
an independent research project that would<br />
otherwise be out of the question because of<br />
the significant resources the provider would<br />
have had to devote to itself de-identifying the<br />
patient records before disclosing them to the<br />
researcher. Because the HHS guidance on this<br />
issue contemplates that the researcher will<br />
be a “business associate,” it makes sense for<br />
a provider to enter into a business associate<br />
agreement with any researcher to whom it<br />
provides PHI to be de-identified and used for<br />
research purposes.<br />
Finally, if a provider discloses PHI without<br />
a valid authorization, it must further ensure<br />
that it both limits the PHI disclosed to the<br />
“minimum amount necessary” to accomplish<br />
the research purpose and is prepared to<br />
provide an accounting of its disclosures to the<br />
relevant patients. 7 Notably, the regulations<br />
reasonably allow a provider to rely on the<br />
researcher’s request as one that, by definition,<br />
seeks the minimum necessary PHI to achieve<br />
the researcher’s purpose in cases involving a<br />
September 2006<br />
32<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
properly documented IRB or Privacy Board waiver, a review preparatory<br />
to research, or research on decedents’ PHI. 8<br />
Research-related disclosure of mental health records. Notwithstanding<br />
the other mechanisms generally allowing disclosure of<br />
PHI to a researcher absent patient consent, federal law permits<br />
a provider to make such a disclosure of so-called “psychotherapy<br />
notes” only with a valid patient authorization; 9 and this remains<br />
the case even if the notes have been de-identified.<br />
The Privacy Rule defines psychotherapy notes as notes of a private<br />
counseling session taken by a mental health professional. The term<br />
encompasses only such notes kept separately from the rest of the<br />
patient’s medical record, and the definition explicitly excludes<br />
treatment-related information, such as medication prescription<br />
and monitoring, counseling session start and stop times, and any<br />
summary of the patient’s symptoms, prognosis, and progress to<br />
date. 10 Consistent with this narrow definition, HHS has observed<br />
that information critical to the treatment of a patient is normally<br />
maintained in the medical record, and thus, by definition, separate<br />
and apart from psychotherapy notes. According to HHS, the<br />
regulations provide additional protection to psychotherapy notes<br />
precisely because they are usually of little value to anyone (presumably<br />
including a researcher) not present at the counseling session. 11<br />
State law: The Pennsylvania Mental <strong>Health</strong> Procedures Act<br />
Pennsylvania’s Mental <strong>Health</strong> Procedures Act (MHPA or “the Act”)<br />
presents a much more formidable obstacle than does the Privacy<br />
Rule to researchers seeking access to records of mental health treatment.<br />
Rather than focusing only on psychotherapy notes, Section<br />
111 of the MHPA provides that “[a]ll documents concerning<br />
persons in treatment shall be kept confidential and, without the<br />
person’s written consent, may not be released or their contents disclosed<br />
to anyone” except those engaged in providing treatment, to<br />
the county administrator in connection with emergency examinations,<br />
to a court in connection with proceedings authorized by the<br />
MHPA, and pursuant to federal rules when treatment is undertaken<br />
in a federal agency. 12 Regulations promulgated by the Pennsylvania<br />
Department of Public Welfare (DPW) that implement the<br />
Act add some additional permissible disclosures, but likewise do<br />
not include researchers among those enumerated third parties to<br />
whom an entity may potentially release or disclose mental health<br />
records without written consent from the patient. 13<br />
Continued on page 34<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
September 2006<br />
33
Using mental health records for research ...continued from page 33<br />
The scope of the MHPA.<br />
The MHPA’s virtual blanket prohibition<br />
on the disclosure of mental health records<br />
without patient consent applies directly to all<br />
involuntary treatment and voluntary inpatient<br />
treatment of mentally ill persons, and,<br />
effectively, to voluntary outpatient treatment<br />
provided in a facility as well. In addition to<br />
stating that the Act “establishes rights and<br />
procedures for all involuntary treatment<br />
of mentally ill persons whether inpatient<br />
or outpatient, and for all voluntary inpatient<br />
treatment of mentally ill persons,” the<br />
MHPA’s “scope” provision defines the term<br />
“facility” broadly to include, among other<br />
things, community mental health centers. 14<br />
DPW’s implementing regulations, in turn,<br />
provide that the agency’s rules regarding the<br />
confidentiality of mental health records—including<br />
the nonconsensual release of patient<br />
information regulation that parallels Section<br />
111 of the Act—more generally apply to<br />
records of persons receiving mental health<br />
services from any “facility.” 15 In addition to<br />
making its MHPA confidentiality regulations<br />
apply to facilities that treat voluntary<br />
outpatients, DPW also makes compliance<br />
with those regulations an express condition of<br />
licensure for both psychiatric outpatient clinics<br />
and partial hospitalization facilities. 16<br />
An argument could be made that to be<br />
consistent with the statute, the DPW regulations<br />
should be interpreted to apply only<br />
to records in a facility that are also records<br />
within the scope of the MHPA itself—i.e.,<br />
records of inpatient or involuntary treatment.<br />
To be safe, however, providers should assume<br />
that Pennsylvania law permits the disclosure<br />
(to a researcher or otherwise) of records of<br />
voluntary outpatient mental health treatment<br />
provided in a “facility” only to the same<br />
limited extent it permits disclosures of records<br />
of mental health treatment provided to inpatients<br />
or on an involuntary basis. 17<br />
Permissible disclosures under the MHPA.<br />
Because the MHPA provides even greater<br />
privacy protection with respect to the<br />
disclosure of mental health records than does<br />
the Privacy Rule, the federal rule does not<br />
preempt the state rule in this respect. 18 That<br />
means that Pennsylvania providers can only<br />
disclose mental health records covered by the<br />
MHPA as permitted by Section 111 and its<br />
implementing regulations. And under those<br />
state rules, a provider can only disclose such a<br />
record to a researcher if the patient consents<br />
in writing.<br />
Two final, practical issues are worth noting:<br />
First, it is possible to comply with both the<br />
DPW-required elements of a written consent<br />
pursuant to Section 111 of the MHPA and<br />
the Privacy Rule’s mandate that a valid patient<br />
authorization include certain core elements<br />
and required statements, be written in plain<br />
language, and that the individual authorizing<br />
the disclosure receive a copy of the signed<br />
authorization. 19 As a result, a provider should<br />
ensure that the “written consent” it obtains<br />
prior to disclosing records to a researcher under<br />
the MHPA also meets all of these requirements<br />
of a valid Privacy Rule authorization.<br />
Second, because de-identified records do not<br />
constitute PHI, the Privacy Rule would allow<br />
a provider to disclose de-identified mental<br />
health records (other than psychotherapy<br />
notes) without an authorization. The MHPA,<br />
by contrast, seems to prohibit the disclosure<br />
even of de-identified records absent patient<br />
consent. While this approach may seem<br />
overly restrictive, it is consistent with the rest<br />
of the MHPA, as well as with how the courts<br />
and DPW have interpreted the Act.<br />
Like the Privacy Rule, for example, the<br />
MHPA makes allowances for a facility to<br />
undertake internal quality assessment and<br />
improvement. While the federal rule permits<br />
a provider to use patient-identified records<br />
for these efforts, the state law permits such<br />
reviews only on the express condition that<br />
the provider does not identify individual<br />
patients. 20<br />
Federal and state courts interpreting the<br />
MHPA have likewise consistently found<br />
that, unless one of the four exceptions set<br />
forth in Section 111 applies, the Act “absolutely<br />
forbids [the] disclosure” of documents<br />
concerning persons receiving mental health<br />
treatment without the patient’s written<br />
consent. Hahnemann Univ. Hosp. v.<br />
Edgar, 74 F.3d 456, 465 (3d Cir. 1996). See<br />
also Pearson v. Miller, 211 F.3d 57, 70 (3d<br />
Cir. 2000) (finding that “[i]t is settled under<br />
Pennsylvania law that the MHPA gives rise to<br />
an ‘absolute confidentiality privilege’ covering<br />
documents related to the treatment of mental<br />
health problems”); Zane v. Friends Hosp.,<br />
836 A.2d 25, 32 (Pa. 2003) (“The terms<br />
of [Section 111] are eminently clear and<br />
unmistakable and the core meaning of this<br />
confidentiality section of the Mental <strong>Health</strong><br />
Procedures Act is without doubt—there shall<br />
be no disclosure of the treatment documents<br />
to anyone.”) Significantly, the courts have<br />
adopted this strict interpretation of the provision<br />
even in cases in which doing so meant<br />
denying the victim of a violent crime access to<br />
potentially key evidence. See, e.g., Zane, 575<br />
Pa. at 251 (denying female hospital patient<br />
access to mental health treatment records of a<br />
male patient who had kidnapped and sexually<br />
assaulted her); Hahnemann, 74 F.3d at 465<br />
(prohibiting lower court from requiring the<br />
hospital to allow the court to examine mental<br />
health records of two hospital patients who<br />
raped a female patient).<br />
DPW has taken the position, finally, at least<br />
in the labor and employment contexts, that<br />
the MHPA prohibits the disclosure even of<br />
de-identified records of mental health treat-<br />
September 2006<br />
34<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
ment, on the theory that although de-identified, they still constitute<br />
“documents concerning persons in treatment.”<br />
Conclusion<br />
Special federal and state confidentiality protections present significant<br />
challenges to research involving records of mental health<br />
treatment. Under the federal Privacy Rule, providers can generally<br />
disclose to researchers de-identified records and limited data sets<br />
without patient authorization. They can also disclose complete records<br />
containing PHI for reviews preparatory to research or pursuant<br />
to a waiver of the patient authorization requirement by an IRB or<br />
Privacy Board. Only the patient, however, can authorize disclosure of<br />
psychotherapy notes within a record.<br />
Publisher:<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong>, 888-580-8373<br />
Executive Editor:<br />
Roy Snell, CEO, HCCA, roy.snell@hcca-info.org<br />
Contributing Editor:<br />
Dan Roach, President, HCCA, 888-580-8373<br />
Managing Editor and Advertisments:<br />
Margaret R. Dragon, HCCA, 781-593-4924, margaret.dragon@hcca-info.org<br />
Style Editor:<br />
Sarah Anondson, HCCA, 888-580-8373, sarah.anondson@hcca-info.org<br />
Copy Editor:<br />
Patricia Mees, HCCA, 888-580-8373, patricia.mees@hcca-info.org<br />
Layout:<br />
Gary Devaan, HCCA, 888-580-8373, gary.devaan@hcca-info.org<br />
HCCA Officers:<br />
Board of Directors:<br />
State laws often impose even greater confidentiality measures with<br />
respect to mental health records, and thus are not preempted by the<br />
Privacy Rule. Providers must take care to adhere to these local rules<br />
as well. In Pennsylvania, for example, many mental health records are<br />
subject to the strict provisions of the MHPA and its implementing<br />
regulations. Under that regulatory scheme, a provider cannot disclose<br />
any documents concerning mental health treatment, probably even<br />
including records that have been de-identified, without the patient’s<br />
written consent.<br />
Ultimately, a second look at both what laws apply and what those<br />
laws permit is always wise when confronting issues involving the<br />
disclosure of mental health records. n<br />
Acknowledgement: The author wishes to thank his colleagues,<br />
Kate Layman and Melanie Martin, for their help with this<br />
article.<br />
1 45 C.F.R. § 164.512(i).<br />
2 45 C.F.R. § 164.514(a)-(c).<br />
3 45 C.F.R. § 164.514(e).<br />
4 45 C.F.R. § 164.512(i)(1)(i) & (i)(2).<br />
5 45 C.F.R. § 164.512(i)(1)(ii). The regulations also allow for research based on an existing patient consent that<br />
predated the applicable compliance date of the Privacy Rule and for research involving decedents’ PHI. See 45<br />
C.F.R. §§ 164.532(c) & 164.512(i)(1)(iii).<br />
6 See HHS’ “<strong>Health</strong> Services Research and the HIPAA Privacy Rule” at pp. 9-11 and 45 C.F.R. § 164.502(d)(1).<br />
7 45 C.F.R. §§ 164.502(b) & 164.514(d) (minimum necessary); 45 C.F.R. § 164.528 (accounting for disclosures).<br />
8 45 C.F.R. § 164.514(d)(3)(iii)(D).<br />
9 45 C.F.R. § 164.508(a)(2).<br />
10 45 C.F.R. § 164.501.<br />
11 See 65 Fed. Reg. 82462, 82623 (December 28, 2000).<br />
12 50 Pa. Stat. Ann. § 7111 (“confidentiality of records”).<br />
13 55 Pa. Code § 5100.32 (“nonconsensual release of information”).<br />
14 50 Pa. Stat. Ann. § 7103 (“scope of act).<br />
15 55 Pa. Code §§ 5100.31 (“scope and policy”).<br />
16 55 Pa. Code §§ 5200.41(c) & 5210.26(d).<br />
17 The Privacy Rule provisions (discussed in Section 1) would appear to govern the disclosure by a Pennsylvania provider<br />
to a researcher of a mental health record not covered by the MHPA, such as a record of voluntary outpatient<br />
treatment not provided in a facility.<br />
18 45 C.F.R. § 160.202(b).<br />
19 Compare 55 Pa. Code § 5100.34(f) (DPW required elements for consent form) with 45 C.F.R. § 164.508(c)<br />
(Privacy Rule authorization elements).<br />
20 50 Pa. Stat. Ann. § 7111(a).<br />
Daniel Roach, Esq.<br />
HCCA President<br />
VP & Corporate <strong>Compliance</strong> Officer<br />
Catholic <strong>Health</strong>care West<br />
Steven Ortquist, CHC<br />
HCCA 1st Vice President<br />
Senior Vice President, Ethics and<br />
<strong>Compliance</strong>/Chief <strong>Compliance</strong> Officer<br />
Tenet <strong>Health</strong>care Corporation<br />
Rory Jaffe, MD, MBA, CHC<br />
HCCA 2nd Vice President<br />
Executive Director–Medical Services<br />
University of California<br />
Julene Brown, RN, BSN, CHC, CPC<br />
HCCA Treasurer<br />
Merit<strong>Care</strong> <strong>Health</strong> System<br />
Jennifer O’Brien<br />
HCCA Secretary<br />
VP Corporate <strong>Compliance</strong><br />
Allina Hospitals & Clinics<br />
Odell Guyton<br />
HCCA Immediate Past President<br />
Senior Corporate Attorney,<br />
Director of <strong>Compliance</strong>,<br />
U.S. Legal–Finance & Operations<br />
Microsoft Corporation<br />
Frank Sheeder<br />
Non-Officer Board Member of<br />
Executive Committee<br />
Partner<br />
Brown McCarroll, LLP<br />
CEO/Executive Director:<br />
Roy Snell, CHC<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong><br />
Counsel:<br />
Keith Halleland, Esq.<br />
Halleland Lewis Nilan Sipkins & Johnson<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
Urton Anderson<br />
Associate Dean for Undergraduate Programs<br />
at McCombs School of Business<br />
University of Texas<br />
Cynthia Boyd, MD, FACP, MBA<br />
Chief <strong>Compliance</strong> Officer<br />
Rush University Medical Center<br />
Anne Doyle<br />
Director, Corporate Learning and<br />
Organizational Development<br />
Tufts <strong>Health</strong> Plan<br />
Gabriel Imperato<br />
Managing Partner<br />
Broad and Cassel<br />
Al W. Josephs, CHC<br />
Senior Director Policies and Training<br />
Tenet <strong>Health</strong>care Corporation<br />
Joseph Murphy<br />
Partner, <strong>Compliance</strong> Systems Legal Group<br />
Chairman, Integrity Interactive Corp<br />
F. Lisa Murtha, Esq., CHC<br />
Managing Director<br />
Huron Consulting Group<br />
Mark Ruppert, CPA, CIA, CISA, CHFP<br />
Director, Internal Audit<br />
Cedars-Sinai <strong>Health</strong> System<br />
Debbie Troklus, CHC<br />
Assistant Vice President for <strong>Health</strong> Affairs/<br />
<strong>Compliance</strong><br />
University of Louisville, School of Medicine<br />
Sheryl Vacca, CHC<br />
Director, National <strong>Health</strong> <strong>Care</strong><br />
Regulatory Practice, Deloitte & Touche<br />
Cheryl Wagonhurst<br />
Partner, Foley & Lardner LLP<br />
Greg Warner, CHC<br />
Director for <strong>Compliance</strong><br />
Mayo Foundation<br />
<strong>Compliance</strong> Today (CT) (ISSN 1523-8466) is published by the <strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong><br />
<strong>Association</strong> (HCCA), 6500 Barrie Road, Suite 250, Minneapolis, MN 55435. Subscription rate is $357 a year<br />
for non-members. Periodicals postage-paid at Minneapolis, MN 55435. Postmaster: Send address changes<br />
to <strong>Compliance</strong> Today, 6500 Barrie Road, Suite 250, Minneapolis, MN 55435. Copyright 2006<br />
the <strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong>. All rights reserved. Printed in the USA. Except where specifically<br />
encouraged, no part of this publication may be reproduced, in any form or by any means without prior written<br />
consent of the HCCA. For subscription information and advertising rates, call Margaret Dragon at 781-593-<br />
4924. Send press releases to M. Dragon, PO Box 197, Nahant, MA 01908. Opinions expressed are not those of<br />
this publication or the HCCA. Mention of products and services does not constitute endorsement. Neither the<br />
HCCA nor CT is engaged in rendering legal or other professional services. If such assistance is needed, readers<br />
should consult professional counsel or other professional advisors for specific legal or ethical questions.<br />
September 2006<br />
35
COMPLIANCE<br />
101<br />
September 2006<br />
36<br />
Investigations 101: Practical advice for<br />
new compliance officers<br />
By Kenny A. Johnson, Esq.<br />
Editor’s note: Mr. Johnson is the Director,<br />
Legal <strong>Compliance</strong> for Quest Diagnostics,<br />
Incorporated. He may be reached by email<br />
at kenny.a.johnson@questdiagnostics.com<br />
or by telephone at 972/884-1063.<br />
A health care organization’s ability to perform<br />
timely and thorough compliance investigations<br />
is critical in helping to demonstrate an<br />
Effective <strong>Compliance</strong> and Ethics Program as<br />
required by the Federal Sentencing Guidelines<br />
for Organizations (FSGs). 1 Specifically,<br />
a good investigative process satisfies the FSG<br />
elements that require an organization to:<br />
(1) ensure its compliance program is followed,<br />
promoted, and consistently<br />
enforced;<br />
(2) take appropriate disciplinary measures for<br />
confirmed violations; and<br />
(3) take reasonable steps to respond appropriately<br />
to an offense. 2<br />
In addition to the FSGs, the Office of Inspector<br />
General (OIG) has issued numerous compliance<br />
guidance documents that echo these<br />
requirements and emphasize the importance<br />
of an independent and rigorous investigative<br />
process. For example, the OIG’s <strong>Compliance</strong><br />
Program for Clinical Laboratories Guidance<br />
contains a specific section entitled “Corrective<br />
Action – Investigating, Reporting and Correcting<br />
Identified Problems.” 3<br />
This article is designed to provide <strong>Compliance</strong><br />
officers—particularly new <strong>Compliance</strong><br />
officers—with practical advice on how to<br />
conduct compliance investigations that satisfy<br />
the FSGs and program guidance requirements<br />
listed above. 4 This guidance is tailored to<br />
the internal compliance investigation that a<br />
<strong>Compliance</strong> officer is likely to perform in the<br />
normal course of business. It is not intended<br />
as guidance on how to investigate more serious<br />
matters that may require a formal legal<br />
investigation, such as in response to a government<br />
subpoena. For these matters, compliance<br />
officers should immediately contact legal<br />
counsel or senior management for advice<br />
before taking any actions.<br />
Initial considerations—Should legal counsel<br />
direct the investigation?<br />
In many cases, compliance infractions not<br />
only constitute policy violations, they may<br />
also constitute violations of federal and state<br />
laws (e.g., the federal anti-kickback statute,<br />
Stark legislation, and civil false claims act).<br />
Confirmed violations of these laws can<br />
result in significant liability and negative<br />
consequences for any health care provider,<br />
including severe fines, restitution payments, a<br />
Corporate Integrity Agreement, or in extreme<br />
cases, exclusion from participating in federally<br />
funded health care programs.<br />
Due to these perils, compliance officers<br />
should carefully evaluate compliance allegations<br />
prior to beginning any investigation.<br />
For example, if the allegations relate to<br />
potential violations of federal or state fraud<br />
and abuse laws, it may be in the organization’s<br />
best interest to have legal counsel perform<br />
or direct the investigation to help ensure the<br />
review will be protected by the attorney-client<br />
privilege.<br />
In general, a compliance officer’s investigation<br />
is protected by the attorney-client privilege<br />
Kenny A. Johnson<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
only if legal counsel directs the investigation<br />
and only if the investigative findings are<br />
reported to counsel for the purpose of providing<br />
legal advice. This privilege cannot be<br />
claimed after the fact—any review performed<br />
prior to involving legal counsel is not privileged,<br />
even if legal counsel is subsequently retained.<br />
As such, it may be advisable for health<br />
care providers to adopt specific policies and<br />
procedures that provide compliance officers<br />
with advance directives on how to investigate<br />
compliance matters and when to involve legal<br />
counsel. <strong>Compliance</strong> officers should be aware<br />
that even if an attorney performs or directs an<br />
investigation, it does not automatically mean<br />
the matter will be privileged. For example,<br />
some courts have ruled that no privilege exists<br />
for matters performed or directed by in-house<br />
counsel on the basis that the work was performed<br />
in the ordinary course of business and<br />
not to provide legal advice.<br />
Beginning the investigation<br />
A compliance officer’s primary role in<br />
performing a compliance investigation is to<br />
obtain all relevant facts to help management<br />
determine if a violation has occurred. In<br />
almost all cases, this will require interviewing<br />
employees and reviewing pertinent documents.<br />
Most internal investigations involve<br />
only employee interviews. If individuals<br />
Continued on page 38
The <strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> presents<br />
Medicare Prescription Drug<br />
Par t D <strong>Compliance</strong> Conference<br />
The <strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> (HCCA) will be holding<br />
a Medicare Prescription Drug Part D <strong>Compliance</strong> Conference in<br />
Baltimore, MD, September 10–12, 2006. Topics to include:<br />
Part D Drug Coverage<br />
Fraud and Abuse Under Part D<br />
Long-Term <strong>Care</strong> Issues<br />
Pharmacy<br />
Appeals & Grievance<br />
Auditing & Monitoring<br />
Discipline & Enforcement<br />
Save the Date<br />
September 10–12, 2006<br />
Renaissance Baltimore Harborplace Hotel<br />
202 East Pratt Street, Baltimore, MD 21202<br />
Tel 800-535-1201 • Fax 410-539-5780<br />
To register, please visit www.hcca-info.org<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
September 2006<br />
37
Investigations 101 ...continued from page 36<br />
outside of the organization need to be<br />
interviewed (e.g., clients, former employees),<br />
the compliance officer should first consult<br />
with the Legal and or Human Resources<br />
(HR) departments. Regarding investigative<br />
strategy, experienced investigators may differ<br />
on the exact steps or sequence to be followed,<br />
although almost all will agree that speed,<br />
objectivity, and thoroughness are paramount<br />
to success.<br />
Employee interviews: Minimizing<br />
intimidation<br />
As a preliminary matter, compliance officers<br />
should recognize that compliance investigations<br />
can be an intimidating experience and<br />
that, if performed in a heavy handed manner,<br />
can impact the investigation and undermine<br />
the credibility of both the <strong>Compliance</strong><br />
department and the investigative process.<br />
It is also important to remember that many<br />
employees interviewed during compliance<br />
investigations have done nothing wrong.<br />
Therefore, compliance officers should take<br />
steps to minimize the daunting perceptions<br />
surrounding the process and constantly reinforce<br />
its importance.<br />
One way to accomplish these goals is for<br />
compliance officers to begin all interviews<br />
by introducing themselves, explaining their<br />
job responsibilities, the investigative process,<br />
and finally, their specific role in the investigation—that<br />
of objective fact finder. If applicable,<br />
they may also share that others will<br />
be interviewed during the investigation. In<br />
my experience, this simple introduction helps<br />
reduce anxiety by diverting attention away<br />
from the investigation and by reinforcing that<br />
the investigator and process are fair.<br />
During this introduction, compliance officers<br />
also should establish ground rules, specifically<br />
the need for confidentiality. <strong>Compliance</strong><br />
officers should be aware that even if an<br />
attorney performs or directs an investigation,<br />
it does not automatically mean the matter<br />
will be privileged. For example, some courts<br />
have ruled that no privilege exists for matters<br />
performed or directed by in-house counsel on<br />
the basis the work was performed in the ordinary<br />
course of business and not to provide<br />
legal advice. It is important to stress that the<br />
employee is not to discuss the investigation<br />
with anyone without prior approval. The<br />
compliance officer should explain that this is<br />
a reciprocal obligation with one exception—<br />
that the investigative findings will be shared<br />
with those who have a “need to know” for the<br />
purpose of determining any necessary corrective<br />
measures. This admonishment is essential<br />
to protect the reputation of those accused<br />
of violations, to preserve the investigation’s<br />
integrity by preventing witness tampering<br />
and collusion, and to help identify “chain of<br />
command” issues, (i.e., whether the employee<br />
acted independently or at the direction of a<br />
superior).<br />
Finally, before beginning formal questioning,<br />
it may be helpful to ask a few simple background<br />
questions (e.g., about the employee’s<br />
tenure, current supervisor, and brief description<br />
of current job duties). Again, such<br />
questions are easy to answer, help put the<br />
employee at ease, serve as a good transition<br />
into the actual interview, and in many cases,<br />
help compliance officers quickly assess the<br />
employee’s job experience and compliance<br />
sophistication.<br />
Questions for the formal interview<br />
In each interview, compliance officers should<br />
allow employees to explain events in their<br />
own words and avoid asking questions that<br />
suggest a particular answer. If possible, they<br />
should start with broad, general questions and<br />
narrow the questioning as necessary, depending<br />
on the employee’s responses.<br />
For example, if requested to investigate an<br />
allegation that a sales employee offered Super<br />
Bowl tickets to Dr. Smith in violation of the<br />
organization’s gift and entertainment policy,<br />
the compliance officer should avoid making<br />
the first and only question “It has been<br />
reported that you lavishly entertained Dr.<br />
Smith at the Super Bowl—did you?” Instead,<br />
the compliance officer should begin the questioning<br />
broadly. One initial question could be<br />
to ask the employee to explain the company’s<br />
gift and entertainment policy. Depending<br />
on the response, the next question may be to<br />
ask for examples of past entertainment, how<br />
frequently the employee entertains clients at<br />
sporting events, and so on, until the specific<br />
question is either asked or answered.<br />
A seasoned investigator also attempts to<br />
clarify ambiguity in a witness’ answers. Using<br />
the example above, if the employee acknowledged<br />
entertaining Dr. Smith “a while ago,”<br />
the investigator should clarify this answer,<br />
if it’s relevant to the investigation. In such<br />
cases, provide clarifying parameters. In this<br />
example, ask if “a while ago” means more<br />
than three years ago, between one and three<br />
years, and so on, until the witness narrows<br />
the time frame. If the witness remains evasive,<br />
document each attempt to clarify and the non<br />
responsive or ambiguous answers.<br />
This interviewing technique is critical for<br />
several reasons. First, it allows witnesses to explain<br />
the facts in their own words. Second, it<br />
allows the investigator to evaluate the witness’<br />
understanding of the policy, issue, or event in<br />
question. Third, it prevents the investigator<br />
from consciously or unconsciously steering<br />
the investigative conclusion to support a preexisting<br />
theory of what may or may not have<br />
happened. Fourth, the witness may divulge<br />
unexpected information or admit to compliance<br />
violations that were otherwise unknown.<br />
Continued on page 40<br />
September 2006<br />
38<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
Register Today!<br />
Physician Practice<br />
<strong>Compliance</strong> Conference<br />
October 1–3, 2006<br />
Renaissance Parc 55 Hotel<br />
San Francisco, CA<br />
SAVE $250<br />
Register by<br />
September 6 for a<br />
$50 early discount<br />
plus $200<br />
pre-conference<br />
for free!<br />
Hot Topics<br />
• The future of health care compliance as<br />
related to physicians<br />
• Current government initiatives in the<br />
field of health care compliance specific<br />
to physicians and group practices<br />
• Quality of care issues, training, and<br />
residency compliance issues<br />
• How the information acquired applies<br />
to their professional responsibilities<br />
For more information, visit www.hcca-info.org or call (888) 580-8373<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
September 2006<br />
39
Investigations 101 ...continued from page 38<br />
Fifth, it minimizes any bias or preconceived<br />
notions that the investigator or person reporting<br />
the potential violations may have relative<br />
to the witness. Sixth, it helps the investigator<br />
evaluate credibility. And finally, it limits the<br />
witness’ ability to testify differently in a future<br />
legal proceeding.<br />
Evaluate credibility, bias, and motive<br />
Another important but often overlooked<br />
factor when conducting interviews is to assess<br />
witness credibility, motive, and bias—especially<br />
for those accused of and those reporting<br />
violations. Unfortunately, there are occasions<br />
when employees falsely report violations.<br />
For example, a chronically poor-performing<br />
employee, who knows he is about to be<br />
terminated, may accuse his manager of billing<br />
improprieties to try and suggest that the<br />
expected discipline is retaliatory.<br />
A key to evaluating witness testimony, if possible,<br />
is for the investigator to interview each<br />
witness in person to observe demeanor, facial<br />
expressions, and body language. However,<br />
depending on an organization’s size, structure,<br />
and geography, this may be impractical. If<br />
face-to-face interviews are not possible, the<br />
compliance officer should consider having an<br />
HR representative or another management<br />
member accompany the employee during a<br />
phone interview and assist in assessing these<br />
crucial elements. In general, it may be a good<br />
idea to perform all compliance investigations<br />
jointly with an HR representative or another<br />
management member.<br />
Always maintain composure<br />
<strong>Compliance</strong> officers should prepare for the<br />
unexpected—indignant employees who refuse<br />
to answer questions, emotional outbursts,<br />
the cathartic admission, the “I can’t remember<br />
anything,” and the “yes/no” responder.<br />
However, no matter how rude, evasive, or indignant<br />
an employee may be, always maintain<br />
composure and treat employees with dignity<br />
and respect. If an employee threatens physical<br />
harm, the compliance officer should terminate<br />
the interview and immediately contact<br />
HR or Corporate Security. Additionally, avoid<br />
making rash comments or decisions based on<br />
emotion. In some cases, employees who know<br />
the organization has solid evidence against<br />
them may behave offensively to trigger an irrational<br />
response. By maintaining composure<br />
and control during all interviews, <strong>Compliance</strong><br />
officers will eliminate an employee’s potential<br />
claim that the organization acted arbitrarily,<br />
improperly, or unfairly.<br />
Always interview those accused<br />
On occasion, the compliance officer may<br />
receive credible information that appears<br />
to conclusively prove that an employee has<br />
violated a compliance policy. For example, a<br />
well-respected employee with an impeccable<br />
record discovers and turns over documents<br />
prepared by a chronically poor-performing<br />
employee that appear to be incontrovertible<br />
evidence of a compliance violation. Based<br />
on the information source and the alleged<br />
author’s reputation, a compliance officer’s<br />
initial reaction may be to contact the HR department<br />
and the employee’s manager to set<br />
up a termination meeting. Although termination<br />
may be likely in this example, failing to<br />
interview the employee is a mistake.<br />
Unless compelling reasons are present (e.g.,<br />
threats of physical violence), compliance<br />
officers should always interview those accused<br />
of violations to obtain their side of the story.<br />
Strategy may dictate when to perform the<br />
interview—some prefer to interview the<br />
accused first, others as the last interview. My<br />
preference is to interview those accused last,<br />
as my experience has been that I am better<br />
prepared to ask relevant questions if I already<br />
have a general understanding of the issues and<br />
circumstances. It also is advisable to inform<br />
those accused that follow-up questioning may<br />
be necessary.<br />
Interviewing those accused of violations is a<br />
matter of fundamental fairness and probably<br />
consistent with most organization’s values. In<br />
some cases, it is quite possible that the employee<br />
may provide a legitimate explanation Others<br />
may admit to the allegations or offer such a<br />
poor excuse that the disciplinary action originally<br />
contemplated will be more than justified.<br />
Likewise, failing to interview the accused can<br />
undermine the <strong>Compliance</strong> Department’s<br />
credibility and can perpetuate negative perceptions<br />
about the investigative process. Finally,<br />
this omission may ultimately help an otherwise<br />
poor performer establish a discrimination<br />
or retaliation claim against the organization.<br />
The employee will “spin” the facts and suggest<br />
that the organization deviated from standard<br />
practice and “rushed to judgment” to “prevent<br />
the real truth from being told.”<br />
Take detailed notes<br />
<strong>Compliance</strong> officers must take detailed notes<br />
of each interview, as they ultimately are<br />
responsible for justifying the actions or inactions<br />
taken relative to the investigation. Additionally,<br />
all facts are important and should<br />
be captured—oftentimes, facts that initially<br />
appear to be unimportant turn out to be key<br />
pieces of evidence. Finally, because the issues<br />
under investigation may become the subject<br />
of future legal proceedings, compliance officers<br />
should avoid hyperbole, inflammatory<br />
or derogatory statements, and defamatory<br />
characterizations of employees.<br />
Review pertinent documentation<br />
Most investigations require some document<br />
review (e.g., computer records, training<br />
acknowledgements, billing invoices, patient<br />
records, physician orders). It is imperative<br />
to review these records, as they are the best<br />
evidence of whether a violation has occurred.<br />
September 2006<br />
40<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
They also are extremely credible and have no<br />
bias or improper motive. Finally, records are<br />
invaluable in helping establish timelines and<br />
event chronologies.<br />
Consider employee suspensions pending<br />
investigation<br />
Some allegations may warrant removing<br />
employees from the work site pending the<br />
investigation’s completion. A typical example<br />
involves the threat of continuing harm to the<br />
organization if immediate action is not taken<br />
to remove a problem employee.<br />
Prior to suspending an employee, the compliance<br />
officer should consult with the Legal<br />
or HR departments for guidance on the<br />
suspension and whether it should be with or<br />
without pay. In many cases, state laws and<br />
the employee’s job classification—exempt<br />
versus nonexempt—may impact this decision.<br />
Conservative organizations generally suspend<br />
accused employees with pay because it affords<br />
the presumption of innocence and also protects<br />
those exonerated of wrongdoing. It also<br />
undermines any argument that the company<br />
“rushed to judgment” or acted arbitrarily.<br />
Concluding the investigation<br />
<strong>Compliance</strong> officers frequently ask how they<br />
will know when they have thoroughly investigated<br />
a matter. Although each investigation<br />
is different, I often answer this question by<br />
having compliance officers imagine that they<br />
have been chosen as a juror to hear evidence<br />
related to the incident they will be investigating.<br />
As a hypothetical juror, I ask them to<br />
assume that as a result of their investigation,<br />
they will confirm a compliance violation has<br />
occurred, that the company will terminate<br />
those responsible, and additionally, a regulatory<br />
agency will pursue sanctions against the<br />
company for the compliance infractions.<br />
As a juror hearing evidence on whether the<br />
organization acted reasonably under the<br />
circumstances, what evidence and information<br />
would they need to reach a verdict? Who<br />
would they expect to testify at the trial? What<br />
expectations would they have of the organization?<br />
What expectations would they have of<br />
the terminated employees? Also, what actions<br />
would they have expected the organization<br />
to have taken before, during, and after the<br />
incident in question? Chances are, these questions<br />
and answers probably mirror the questions<br />
and answers compliance officers need to<br />
obtain during their investigation. And, when<br />
asked and answered, the investigation likely<br />
is finished.<br />
Determining appropriate remedial actions.<br />
Upon concluding all interviews and evidence<br />
gathering, the final step is to evaluate the evidence<br />
and implement any necessary remedial<br />
measures. <strong>Compliance</strong> officers should remember<br />
that remedial measures involve more than<br />
employee discipline. They include anything a<br />
reasonable organization would do to remedy<br />
and prevent violations. For example, such<br />
actions may include employee re-education,<br />
auditing, modifying business practices, making<br />
refunds, and identifying and eliminating<br />
root causes.<br />
In many ways, determining remedial actions<br />
for compliance infractions is analogous to<br />
completing a jigsaw puzzle. In a perfect<br />
world, all evidentiary “pieces” will be present<br />
to complete the “picture.” In these circumstances,<br />
appropriate remedial measures are<br />
easy to determine.<br />
Unfortunately, there are many occasions<br />
when the investigation is missing one or<br />
more key pieces and a complete picture is<br />
not attainable. In these cases, the organization<br />
still may be obligated to take corrective<br />
actions depending on the pieces present and<br />
the picture assembled. What is important<br />
to remember, especially when determining<br />
employee discipline, is that violations do not<br />
have to be proven beyond a reasonable doubt.<br />
The standard is one of reasonableness and<br />
whether or not it is likely that a violation occurred.<br />
Therefore, if it appears that a violation<br />
likely occurred, the compliance officer should<br />
work with management to ensure remedial<br />
measures are taken proportionate to the<br />
evidentiary findings and consistent with past<br />
precedent.<br />
Conclusion<br />
In today’s regulatory environment, it is crucial<br />
for health care providers to quickly investigate<br />
and remediate confirmed compliance<br />
infractions. In doing so, these organizations<br />
will fulfill key elements of the FSGs as well<br />
as strengthen and enhance the credibility of<br />
their own compliance programs. n<br />
1.) United States Sentencing Commission (USSC), Guidelines Manual,<br />
Chapter 8 – Sentencing of Organizations.<br />
2.) USSC Guidelines Manual, Chapter 8, B2.1(b) (4) – (6).<br />
3.) OIG Model <strong>Compliance</strong> Plan for Clinical Laboratories, 62 Fed. Reg.<br />
9435, March 3, 1997. See also, OIG <strong>Compliance</strong> Program Guidance for<br />
Hospitals, 63 Fed. Reg. 8987, February 23, 1998.<br />
4.) This article presumes the compliance officer is not an attorney.<br />
Call for Authors<br />
Interested in submitting an article for<br />
publication in <strong>Compliance</strong> Today?<br />
Send an email to Margaret Dragon<br />
margaret.dragon@hcca-info.org.<br />
IMPORTANT: HCCB awards 2 CEUs to<br />
authors of articles published in <strong>Compliance</strong><br />
Today for CHC certification.<br />
Upcoming Deadlines:<br />
• September 11 - November Issue<br />
• October 12 - December Issue<br />
• November 1 - January 2007 Issue<br />
• December 1 - February 2007 Issue<br />
Thank you for your time and attention.<br />
We look forward to hearing from you and<br />
reading your articles.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
September 2006<br />
41
September 2006<br />
42<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
FYI ...continued from page 22<br />
Sterritt denied any impropriety in a letter<br />
to Gov. Jon S. Corzine, in which he said<br />
he was resigning immediately.” For more:<br />
http://www.newsday.com/news/local/wire/<br />
newjersey/ny-bc-nj--umdnj-trusteeresi-<br />
0729jul29,0,3946144.story?coll=ny-region-apnewjersey<br />
Massachusetts PT Pleads Guilty to <strong>Health</strong><br />
<strong>Care</strong> Fraud<br />
On July 22, Medical News Today reported<br />
“A physical therapist pleaded guilty earlier<br />
this week in federal court to a charge of<br />
health care fraud in connection with her causing<br />
Medicare to be billed for at least $55,000<br />
worth of physical therapy she either did not<br />
provide or provided incompletely to patients.<br />
“United States Attorney Michael J. Sullivan<br />
and Joseph C. Moraski, Special Agent in<br />
Charge of the Department of <strong>Health</strong> and<br />
Human Services, Office of the Inspector<br />
General for New England, announced that<br />
Ho Ling Lai, age 38, of Framingham, Massachusetts,<br />
pleaded guilty on Tuesday, July 18,<br />
2006 before U.S. District Judge Reginald C.<br />
Lindsay to a one-count Information charging<br />
her with knowingly and willfully committing<br />
health care fraud.” For more: http://www.<br />
medicalnewstoday.com/medicalnews.<br />
php?newsid=47876<br />
Massachusetts Man and His Three<br />
Companies Charged with Fraud<br />
According to a July 28 report in the Metro<br />
West Daily News “A Westborough, Massachusetts<br />
resident and three companies that<br />
he owned were charged yesterday with federal<br />
health care fraud.<br />
“James Taylor, 67, over-billed Medicare and<br />
Blue Cross/Blue Shield for equipment, according<br />
to the U.S. attorney’s office. In some<br />
cases, according to a statement from the U.S.<br />
attorney, he charged for respiratory equipment<br />
that was never delivered.<br />
“The three companies that Taylor owned—<br />
Vejay Oxygen, Inc., West Suburban Medical<br />
Rental, Inc., and Westborough Home <strong>Health</strong>,<br />
Inc.—allegedly defrauded Medicare and Massachusetts<br />
Blue Cross/Blue Shield of more<br />
than $915,000 from 1993 to 2003.<br />
“Taylor could face a maximum 10 years in<br />
prison and a fine up to $250,000. Each of<br />
the Westborough-based companies could face<br />
fines of up to 1.6 times the loss to Medicare<br />
and Blue Cross/Blue Shield.” For more:<br />
http://www.metrowestdailynews.com/local-<br />
Regional/view.bg?articleid=136578 n<br />
&<br />
Present<br />
IMPROVING GOVERNANCE PRACTICES<br />
Audit<br />
&<br />
<strong>Compliance</strong><br />
Committee<br />
Academy<br />
September 20 - 22, 2006<br />
Orlando World Center Marriott Resort | Orlando, FL<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
September 2006<br />
43
The <strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong><br />
welcomes the following new members and<br />
organizations. Please update any contact<br />
information using the Member Center on<br />
the Web site, or e-mail Karrie Hakenson<br />
(karrie.hakenson@hcca-info.org) with<br />
changes or corrections.<br />
California (continued from August)<br />
■ Andrea F. Jones, Kaiser Permanente<br />
■ Deborah A. Jones, RN, Oroville Hospital<br />
■ William A. Keeler, LCWS, Solano Co<br />
Mental Hlth<br />
■ Gail L. Kent, Providence <strong>Health</strong> System<br />
■ Linda Kenworthy, Salus Surgical Group<br />
■ Waynna A. Kershner, CalOptima<br />
■ Dennis Kikuno, Torrance Memorial Med<br />
Ctr<br />
■ Kevin Kirby, Central <strong>Health</strong> Plan of CA<br />
■ Rebecca La Londe, Kaiser Permanente<br />
■ Francis J. LaPallo, Manatt, Phelps & Phillips,<br />
LLP<br />
■ Lori Laratro, Kaiser Permanente<br />
■ Diane B. Liepins, RN,BSN,MMIS, Kaiser<br />
Permanente<br />
■ Kevin N. Lillywhite, Central <strong>Health</strong> Plan<br />
of CA<br />
■ Eunice Little, RHIA, CHC, UCSF<br />
■ Donna V. Lupinacci, MSN, NVA, Kaiser<br />
Permanente<br />
■ David A. Mack, Lodi Memorial Hospital<br />
■ Lauren K. Mack, Sonnenschein Nath &<br />
Rosenthal<br />
■ Christina MacKenzie, Kaiser Permanente<br />
■ Luanne Magee, Saint John's Hlth Ctr<br />
■ Janet Marcus, Sinaiko Hlthcare Consulting,<br />
Inc<br />
■ Danielle M. Martin, Kaiser Permanente<br />
-CSC-SD<br />
■ Nina H. Maruyama, On Lok Senior<br />
<strong>Health</strong> Services<br />
■ Chantel Masengale, Merced County<br />
■ Sandra L. McCreary, Kaiser Permanente<br />
Hosp<br />
■ Dianne McNeal, Kaiser Permanente<br />
■ Ed A. Meyer, Marshall Medical Center<br />
■ Jennifer F. Miller, NHIS, RHIA, Loma<br />
Linda Univ Hlth <strong>Care</strong><br />
■ Carole Morris, UCDHS COMPLIANCE<br />
■ Susan Morris, Kaiser Permanente<br />
■ Catherine A. Nichol, Titan <strong>Health</strong> Corporation<br />
■ Richard A. Nielsen, VNA & Hospice of<br />
Southern CA, Inc<br />
■ Corinna Nyquist, BSN, Indian <strong>Health</strong><br />
Council, Inc<br />
■ Tonya Okon, BA-HSA, CHP, Loma Linda<br />
Univ Med Ctr<br />
■ Eva Osur, Kaiser Permanente<br />
■ Tracie Paiva, Kaiser Permanente<br />
■ Janet Parnell, El Dorado County Public<br />
<strong>Health</strong><br />
■ Rebecca Partridge, Stanford Medical<br />
Center<br />
■ Annette Pereira, Kaiser Permanente<br />
■ Alex M. Perez, MS, MHA, Kaiser Permanente<br />
■ Diane Premeau, EMQ Children & Family<br />
Svcs<br />
■ Keith Pugliese, Brown & Toland Medical<br />
Group<br />
■ Kathryn S. Pyke, JD, Stanford Hosp &<br />
Clinics<br />
■ Alejandra Quintana-Clyde, <strong>Health</strong> Net<br />
■ Dede Ramsey, Kaiser Permanente<br />
■ Mary Ritner, Kaiser Foundation Hospital<br />
■ Cheryl G. Robinson, Kaiser Permanente<br />
■ Carol Roccuzzo, The Children's <strong>Health</strong><br />
Council<br />
■ Liz Rothberg, Kaiser Permanente<br />
■ Mark P. Ruppert, Cedars-Sinai <strong>Health</strong><br />
System<br />
■ Kenneth Schell, Kaiser Foundation <strong>Health</strong><br />
Plan<br />
■ Hester Scherman, Kaiser Permanente<br />
■ Melissa A. Schlichting, Karshmer & Associates<br />
■ Joseph Schohl, DaVita Inc<br />
■ Susan Sekada, RN, Aptium Oncology, Inc<br />
■ Nancy Sheftel, Tarzana Hospital<br />
■ Rebecca Siddiqui, County of Orange/Auditor-Controller<br />
■ Niraj Singh, Kaiser Permanente<br />
■ Melinda Skeath, Kaiser Permanente<br />
■ Roger Skinner, Kaiser Permanente<br />
■ LeeAnn Skorohod, Exodus Recovery, Inc.<br />
■ Charles Steen, Catholic <strong>Health</strong>care West<br />
■ Bonnie L. Studler, CPC, Pacific Alliance<br />
Medical Ctr<br />
■ Joan Taylor, St. Jude Medical Center<br />
■ Robyn Todd, Davis Wright Tremaine LLP<br />
■ Jerry J. Trammel, Kaiser Foundation Hlth<br />
Plan Inc<br />
■ David L. Trotter, Temple Community<br />
Hospital<br />
■ Debora A. Turner, BS, San Antonio Community<br />
Hosp<br />
■ Fred Ung, S. CA Permanente Med Group<br />
■ Rita D. Vandervall, MedAmerica<br />
■ Richard S. Vasquez, Kaiser Foundation<br />
<strong>Health</strong> Plan<br />
■ Antionette M. Velasquez, Planned Parenthood<br />
LA<br />
■ Emmaly Vielhauer<br />
■ Leslie Waudby, Kaiser Permanente<br />
■ Jim Weber, MBA, UCLA Medical Center<br />
■ Matthew Werner, Pacific Medical<br />
■ Gerald Gregory Williams<br />
■ Debrah D. Wonder, RN, MS, CPHQ,<br />
Kaiser Permanente Hospital<br />
■ Lynette Wong, Kaiser Permanente<br />
■ Cheryl Wyborny, Kaiser Permanente<br />
■ Robert Yeargin, HSD Sutter County<br />
Colorado<br />
■ Linda Burch-Pierce, Kaiser Permanente<br />
■ Patricia Callin, CPA, Kaiser Permanente<br />
■ Joanne P. Davidson, Presbyterian/St Luke's<br />
Med Ctr<br />
■ Catharine Fischer, Centura <strong>Health</strong><br />
■ Peggy Givens, Percision Practive Advisors<br />
■ J Christopher Heidrich, RIA/Invision<br />
■ Jerry Johnson, Hanger P & O<br />
■ Susan E. Maly, Kaiser Permanente<br />
■ Jasmine Martin, Genentech, Inc<br />
September 2006<br />
44<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
■ William Munson, North Colorado Medical<br />
Center<br />
■ Albert P. Schwindt, Copic Insurance<br />
Company<br />
Conneticut<br />
■ Mary Ann Alberino,<br />
■ Erin K. Callahan, JD, Bayer <strong>Health</strong><strong>Care</strong>, LLC<br />
■ Debra Carney<br />
■ Margaret DeMeo, RN, UCONN <strong>Health</strong><br />
Center<br />
■ Jeffrey M. Greenman, JD, Bayer <strong>Health</strong>-<br />
<strong>Care</strong>, LLC<br />
■ Susan Hostage, Gaylord Hospital<br />
■ Virginia S. Pack, BS, MSN, U of CT<br />
<strong>Health</strong> Center<br />
■ Lowell Peterson, Charter Oak <strong>Health</strong><br />
Center, Inc<br />
■ Deborah Schmidt, Haven <strong>Health</strong>care of<br />
Soundview<br />
■ Sandra Tackitt, Bayer <strong>Health</strong><strong>Care</strong>, LLC<br />
■ Debora M. Welch, JD, Bayer <strong>Health</strong><strong>Care</strong>,<br />
LLC<br />
Washington, DC<br />
■ Eric Baim, Sonnenschein Nath & Rosenthal<br />
■ Saundra Brown-Savoy<br />
■ Emilie Deady, Peace Corps<br />
■ Virginia Evans, KPMG, LLP<br />
■ Adam Falk, JD, MPH, George Washington<br />
Univ<br />
■ Ramy Fayed, Sonnenschein Nath &<br />
Rosenthal<br />
■ Rebecca C. Fayed, Epstein Becker & Green<br />
■ Mark Fitzgerald, J.D., Powers, Pyles, Sutter,&<br />
Verville PC<br />
■ Wendy L. Krasner, Manatt, Phelps & Phillips,<br />
LLP<br />
■ Kirk Ogrosky, JD, Skadden, Arps, Slate,<br />
Mayher & Florn, LLP<br />
■ Deborah A. Randall, JD, Esq, Arent Fox<br />
PLLC<br />
■ Michael F. Ruggio, Manatt, Phelps &<br />
Phillips, LLP<br />
Florida<br />
■ Lance Bradley, JD, MPA, Shands <strong>Health</strong>care<br />
■ Yvonne Brinson, University of Florida<br />
■ Shannon Buckner, CMS<br />
■ Susan Burgess, JD, CPC, Univ Community<br />
<strong>Health</strong><br />
■ Jean Butler, BCBS of Florida<br />
■ Robert P. Cleary MBA,CHC, <strong>Health</strong> <strong>Care</strong><br />
<strong>Compliance</strong> Partners<br />
■ Jeffrey L. Cohen, Strawn, Monaghan &<br />
Cohen, P.A.<br />
■ Julie Ann Dewey, HCPCS, Inc<br />
■ Susan L. Evans, Sarasota Memorial Hospital<br />
■ Silvia C. Fajardo, Doctor<strong>Care</strong>, Inc<br />
■ Barbara Diane Farb, JD, University of Fl<br />
■ Jennifer Ferrer, Ruden McClosky<br />
■ Mary Fisher, CCA, Aptium Oncology, Inc<br />
■ Guillermina Gomez, Orlando Regional<br />
<strong>Health</strong>care<br />
■ Rose M. Gomez, Access Diabetic Supply,<br />
LLC<br />
■ Susan Griffin, Citrus <strong>Health</strong> <strong>Care</strong><br />
■ Marta G. Hernandez, CHC, RHIT,<br />
Mount Sinai Medical Center<br />
■ Lea Isea, Sheridan <strong>Health</strong>corp<br />
■ Kristy M. Johnson, CHC, Carlton Fields,<br />
PA<br />
■ Gary Keilty, Navigant Consulting, Inc<br />
■ Stephanie Keith, Orlando Regional<br />
<strong>Health</strong>care<br />
■ Val Kight, Jr., Mayo Clinic Jacksonville<br />
■ Justin Kuperberg, Leavitt Mgmt Group<br />
■ Juliet Labossiere, BSHM, Pediatrix Medical<br />
Group<br />
■ Bruce Lamb, Ruden,McClosky,Smith,Sc<br />
huster<br />
■ John T. Mackin, Jr., AIRC, Universal<br />
American Financial Corp<br />
■ Becky McIntire, NS, Aptium Oncology,<br />
Inc<br />
■ Al Meyer, Leavitt Mgmt Group<br />
■ Karen Morrison, Brain & Spine Center ,LLC<br />
■ Michelle Onisawa, Physician Independent<br />
Mngt Svcs Inc<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
■ Maria Panyi, CISA, Mt. Sinai Medical Ctr<br />
■ Shonta Peterson, Dept of VA<br />
■ Beverly Pitts, Family Medical & Dental<br />
Centers<br />
■ Ishwar Ramsingh, Univ of Miami<br />
■ Lou Ann Ray, <strong>Health</strong>point Mgmt Services<br />
■ Stephanie S. Reid, <strong>Health</strong> First, Inc<br />
■ Sandra Rivera, South Florida ENT Associates<br />
■ Thomas Safko, JD, Clark & Daughtrey<br />
■ Diana Salinas, Jackson <strong>Health</strong> Systems<br />
■ Ron Samuelian, Northwest Florida Surgery<br />
Ctr<br />
■ Tracy Schmidt, Nations<strong>Health</strong><br />
■ David M. Shapiro, MD, CHC,<br />
■ Karen Soehner, Family Senior <strong>Care</strong><br />
■ Robin L. Supler, Nova Southeastern<br />
University<br />
■ Donna Vincent, RN, JD, Bay Medical<br />
Center<br />
■ Mark Weber, Jr., Orlando Regional<br />
<strong>Health</strong>care<br />
■ Thomas G. Wilson, BCBS of Florida<br />
■ Teresa Wong, LLB, LLM, America's<br />
<strong>Health</strong> Choice<br />
Georgia<br />
■ Jo Ellen Abigando, RN, West GA <strong>Health</strong><br />
System Inc<br />
■ Christine Adams, Medical College of<br />
Georgia<br />
■ Rebecca Bodie, Beverly Enterprises<br />
■ Jason E. Bring, Arnall Golden Gregory<br />
LLP<br />
■ Doreen Carter, St. Josephs/Candler Hlth<br />
Sys<br />
■ Donna Crouse, Hanger P & O<br />
■ Sara M. DeKutowski, Visiting Nurse/Hospice<br />
Atlanta<br />
■ Margaret F. Fay, Clinical Research Facilitators<br />
■ Raquel Gayle, JD, Powell Goldstein<br />
■ Mitchell Goodman, National Vision, Inc.<br />
■ Randy D. Graham, FTI Consulting<br />
■ Jorge J. Hernandez, Northside Hospital<br />
September 2006<br />
45
Research<br />
<strong>Compliance</strong><br />
Conference<br />
September 17–19, 2006<br />
Caesars Palace<br />
Las Vegas, NV<br />
Conference Sponsors<br />
BNA’s Medical Research Law & Policy Report<br />
Conference Supporters<br />
Clinical Research <strong>Compliance</strong> Manual:<br />
An Administrative Guide<br />
<strong>Health</strong> Law and <strong>Compliance</strong> Update<br />
Journal of <strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong><br />
Medical Ethics: Policies, Protocols,<br />
Guidelines & Programs<br />
September 2006<br />
Brochure is available online<br />
46For more information <strong>Health</strong> visit <strong>Care</strong> www.hcca-info.org, <strong>Compliance</strong> <strong>Association</strong> call •(888) 888-580-8373 580-8373, • www.hcca-info.org<br />
or fax 952-988-0146
®<br />
SMART2.o :<br />
bringing HIM people<br />
and HIM technology<br />
together.*<br />
On one side, it’s a technology solution. On the other, a service<br />
solution. SMART2.o is more than a software tool, it’s a technology<br />
solution designed to help you continuously assess coding<br />
accuracy and data quality as an important part of your hospital’s<br />
compliance program.<br />
SMART2.o<br />
For more than 15 years, we’ve worked with HIM professionals<br />
providing affordable tools and services that help them with coding<br />
accuracy, regulatory compliance, data management and reports<br />
to monitor PPS requirements.<br />
So, whether you look at your hospital’s compliance program from<br />
a technology perspective or a service perspective, SMART2.o is<br />
a very smart, very budget-friendly way to work.<br />
To start an in-depth conversation about your particular needs,<br />
contact Doug Barry at 866-792-4920 or visit pwc.com/healthcare<br />
*connectedthinking<br />
© 2005 PricewaterhouseCoopers LLP. All rights reserved. "PricewaterhouseCoopers" refers to PricewaterhouseCoopers LLP (a Delaware limited liability partnership) or, as<br />
September 2006<br />
the context requires, other member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity. *connectedthinking<br />
and SMART2.o are trademarks <strong>Health</strong> of PricewaterhouseCoopers <strong>Care</strong> <strong>Compliance</strong> LLP <strong>Association</strong> (US). • 888-580-8373 • www.hcca-info.org<br />
47
HCCA Presents Its Fall<br />
2006 Conference Calendar<br />
For complete details go to HCCA<br />
Web Site: www.hcca-info.org<br />
HCCA has a number of National Specialty, Academies, and Local Area Conferences planned for this Fall.<br />
Please check this listing below. Local Area Conferences are offered by HCCA to provide inexpensive compliance education<br />
and local networking opportunities for compliance officers and their staff. You will find conference details on the<br />
HCCA Web site www.hcca-info.org, or you may call HCCA at 888/580-8373 with questions.<br />
National Specialty Conferences and<br />
<strong>Compliance</strong> Academies<br />
Medicare Part D <strong>Compliance</strong> Conference<br />
September 10–12, 2006<br />
Renaissance Harborplace Hotel<br />
Baltimore, MD<br />
Research <strong>Compliance</strong> Conference<br />
September 17–19, 2006<br />
Caesars Palace<br />
Las Vegas, NV<br />
Audit & <strong>Compliance</strong> Committee Academy<br />
September 20–22, 2006<br />
Orlando World Center Marriott Resort<br />
Orlando, FL<br />
AHLA/HCCA Fraud & <strong>Compliance</strong> Forum<br />
September 25–27, 2006<br />
Renaissance Harborplace Hotel<br />
Baltimore, MD<br />
Physician Group Practice <strong>Compliance</strong><br />
Conference<br />
October 1–3, 2006<br />
Renaissance Parc 55 Hotel<br />
San Francisco, CA<br />
Advanced <strong>Compliance</strong> Academy<br />
October 23–26, 2006<br />
Harrah’s Las Vegas<br />
Las Vegas, NV<br />
<strong>Compliance</strong> Academy<br />
November 6–9, 2006<br />
Portofino Bay Hotel<br />
Orlando, FL<br />
Local Area Conferences<br />
New England Area <strong>Compliance</strong> Conference<br />
Boston, MA<br />
September 8, 2006<br />
Upper Midwest Area <strong>Compliance</strong> Conference<br />
September 15, 2006<br />
Minneapolis, MN<br />
Mid Atlantic Area <strong>Compliance</strong> Conference<br />
September 29, 2006<br />
Pittsburgh, PA<br />
North Central Area <strong>Compliance</strong> Conference<br />
October 6, 2006<br />
Chicago, IL<br />
Hawaii Area <strong>Compliance</strong> Conference<br />
October 19–20, 2006<br />
Honolulu, HI<br />
Tri-State Area <strong>Compliance</strong> Conference<br />
November 3, 2006<br />
Louisville, KY<br />
South Central Area <strong>Compliance</strong> Conference<br />
November 10, 2006<br />
Nashville, TN<br />
September 2006<br />
48<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org