BP - Health Care Compliance Association
BP - Health Care Compliance Association
BP - Health Care Compliance Association
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Volume Eleven<br />
Number Three<br />
March 2009<br />
Published Monthly<br />
Meet<br />
Bill Parke<br />
Vice President<br />
Corporate <strong>Compliance</strong><br />
Rutherford Hospital<br />
page 14<br />
HCCA is going green<br />
HCCA conference attendees will NOT automatically<br />
receive conference binders. If you would like to purchase<br />
conference binders, please choose that option on your<br />
conference registration form. Attendees will receive<br />
electronic access to course materials prior to the conference<br />
as well as a CD onsite with all the conference materials.<br />
Earn CEU Credit<br />
w w w.h c ca-i n f o.org/quiz, see page 13<br />
Unauthorized access<br />
to protected health<br />
information: Educating<br />
the workforce<br />
page 10<br />
Feature Focus:<br />
Executive<br />
compensation in<br />
troubled times<br />
page 32
What’s Your Ethical Climate?<br />
Organizational climates change as<br />
organizations grow and evolve. So, how can<br />
you ensure attitudes and behaviors remain<br />
consistent with core values? Look to Global<br />
<strong>Compliance</strong>, the single provider offering a<br />
comprehensive framework to protect your<br />
organization from financial, legal, and<br />
reputational harm.<br />
• Ethics and compliance risk<br />
assessment<br />
• Code of conduct<br />
• Communication campaigns<br />
• Online, computer-based, and<br />
instructor-led training<br />
• Hotlines/Helplines<br />
• Case management<br />
• Investigations<br />
• Data analytics<br />
• Mystery shopping<br />
• Ethics and compliance evaluations<br />
• Employee exit interviews<br />
Contact the ethics and compliance leader<br />
that is already serving over one-half of<br />
America’s Fortune 100 and one-third of<br />
America’s Fortune 1000 along with colleges,<br />
universities, and government entities. And,<br />
we’re proud to claim greater than 450<br />
health care organizations as clients.<br />
With 27 years of experience and the most<br />
comprehensive product and service offering<br />
in the industry, Global <strong>Compliance</strong> can<br />
help you develop and maintain an ethical<br />
climate that’s appealing to employees,<br />
patients, and stakeholders.<br />
Making the world a better workplace TM<br />
13950 Ballantyne Corporate Place • Charlotte, NC, USA 28277<br />
866-434-7009 • contactus@globalcompliance.com<br />
www.globalcompliance.com<br />
© 2008 Global <strong>Compliance</strong>. All Rights Reserved.
Publisher:<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong>, 888-580-8373<br />
Executive Editor:<br />
Roy Snell, CEO, roy.snell@hcca-info.org<br />
Contributing Editor:<br />
Gabriel Imperato, JD, CHC, 888-580-8373<br />
Managing Editor/Articles and Advertisements:<br />
Margaret R. Dragon, 781-593-4924, margaret.dragon@hcca-info.org<br />
Communications Editor:<br />
Patricia Mees, CHC, CCEP, 888-580-8373, patricia.mees@hcca-info.org<br />
Layout:<br />
Gary DeVaan, 888-580-8373, gary.devaan@hcca-info.org<br />
HCCA Officers:<br />
Rory Jaffe, MD, MBA, CHC<br />
HCCA President<br />
Executive Director, California Hospital<br />
Patient Safety Organization (CHPSO)<br />
Julene Brown, RN, MSN, BSN, CHC, CPC<br />
HCCA 1st Vice President<br />
<strong>Compliance</strong> Officer<br />
Merit<strong>Care</strong> <strong>Health</strong> System<br />
Jennifer O’Brien, JD, CHC<br />
HCCA 2nd Vice President<br />
Shareholder<br />
Halleland Lewis Nilan & Johnson PA<br />
Urton Anderson, PhD, CCEP<br />
HCCA Treasurer<br />
Chair, Department of Accounting and<br />
Clark W. Thompson Jr. Professor in<br />
Accounting Education<br />
McCombs School of Business<br />
University of Texas<br />
Gabriel Imperato, Esq, CHC<br />
HCCA Secretary<br />
Managing Partner<br />
Broad and Cassel<br />
Shawn Y. DeGroot, CHC-F, CCEP<br />
Non-Officer Board Member of<br />
Executive Committee<br />
Vice President Of Corporate Responsibility<br />
Regional <strong>Health</strong><br />
Steven Ortquist, JD, CHC-F, CCEP, CHRC<br />
HCCA Immediate Past President<br />
Partner<br />
Meade & Roach<br />
CEO/Executive Director:<br />
Roy Snell, CHC, CCEP<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong><br />
Counsel:<br />
Keith Halleland, Esq.<br />
Halleland Lewis Nilan & Johnson PA<br />
Board of Directors:<br />
Marti Arvin, JD, CHC-F, CPC, CCEP, CHRC<br />
Privacy Officer<br />
University of Louisville<br />
Angelique P. Dorsey, JD, CHRC<br />
Research <strong>Compliance</strong> Director<br />
MedStar <strong>Health</strong><br />
Dave Heller<br />
Chief Ethics & <strong>Compliance</strong> Officer<br />
Qwest Communications<br />
Joseph Murphy, JD, CCEP<br />
Co-Founder Integrity Interactive<br />
Co-Editor ethikos<br />
Karen A. Murray, MBA, FACHE, CHC, CHA<br />
Corporate <strong>Compliance</strong> Officer<br />
Yale New Haven Hospital<br />
F. Lisa Murtha, JD, CHC<br />
Managing Director<br />
Huron Consulting Group<br />
Daniel Roach, Esq.<br />
Vice President <strong>Compliance</strong> and Audit<br />
Catholic <strong>Health</strong>care West<br />
Frank Sheeder, JD, CCEP<br />
Partner<br />
Jones Day<br />
Debbie Troklus, CHC-F, CCEP, CHRC<br />
Assistant Vice President<br />
for <strong>Health</strong> Affairs/<strong>Compliance</strong><br />
University of Louisville<br />
Sheryl Vacca, CHC-F, CCEP, CHRC<br />
Senior Vice President/Chief <strong>Compliance</strong><br />
and Audit Officer<br />
University of California<br />
Greg Warner, CHC<br />
Director for <strong>Compliance</strong><br />
Mayo Clinic<br />
<strong>Compliance</strong> Today (CT) (ISSN 1523-8466) is published by the <strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong><br />
<strong>Association</strong> (HCCA), 6500 Barrie Road, Suite 250, Minneapolis, MN 55435. Subscription<br />
rate is $295 a year for nonmembers. Periodicals postage-paid at Minneapolis, MN<br />
55435. Postmaster: Send address changes to <strong>Compliance</strong> Today, 6500 Barrie Road,<br />
Suite 250, Minneapolis, MN 55435. Copyright 2009 <strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong>.<br />
All rights reserved. Printed in the USA. Except where specifically encouraged, no part of this<br />
publication may be reproduced, in any form or by any means without prior written consent<br />
of the HCCA. For subscription information and advertising rates, call Margaret Dragon<br />
at 781-593-4924. Send press releases to M. Dragon, PO Box 197, Nahant, MA 01908.<br />
Opinions expressed are not those of this publication or the HCCA. Mention of products and<br />
services does not constitute endorsement. Neither the HCCA nor CT is engaged in rendering<br />
legal or other professional services. If such assistance is needed, readers should consult<br />
professional counsel or other professional advisors for specific legal or ethical questions.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
INSIDE<br />
4 New developments in payment and public reporting<br />
of quality of care By Janice Anderson, Cheryl Wagonhurst,<br />
and Anil Shankar<br />
Penalties and incentives are steps toward pay for performance<br />
in Medicare reimbursements.<br />
10 CEU: Unauthorized access to protected health<br />
information: Educating the workforce By Mark C. Rogers<br />
Best practices to implement now to prevent fines, civil<br />
lawsuits, and adverse publicity later.<br />
14 Meet Bill Parke, Vice President, Corporate <strong>Compliance</strong>,<br />
Rutherford Hospital An interview by Greg Warner<br />
18 Letter from the CEO By Roy Snell<br />
Ethics works if everybody is ethical<br />
21 RAC demonstrations and inpatient rehabilitation—<br />
Vision of things to come? By Jane Snecinski<br />
Documenting “medical necessity” is key to avoiding RAC<br />
denial of payment for inpatient rehab facilities.<br />
25 Ask Leadership By John Falcetano<br />
Red Flag identity theft rules<br />
27 Newly Certified CHCs<br />
28 Physician office compliance—Are you monitoring your<br />
auditing and monitoring program? By Melissa Morales<br />
Opportunities to identify needed changes and corrective<br />
actions may be hiding just out of sight.<br />
32 CEU: Feature focus: Executive compensation in troubled<br />
times—Part 1 By Gerald M. Griffith<br />
Economic pressures, increased transparency, fiduciary duties,<br />
and stakeholder interests make compensation decisions more<br />
than a numbers game.<br />
38 <strong>Compliance</strong> 101: I just received a subpoena - Now<br />
what? By Andrea Ebreck and Karen Cincione<br />
State and federal privacy laws affect the appropriate response to<br />
requests for protected health information.<br />
40 Go Local<br />
42 Standing at the crossroads By Michael Spake<br />
Combining rules-based compliance with ethical and moral<br />
decisions to form an integrated operations model for excellence.<br />
46 Cyber Doctors By Sonya Burtner<br />
Electronic communications facilitate telemedicine, but also<br />
raise legal and compliance issues.<br />
51 Mandatory Stark reporting: Is a denouement nigh, or<br />
just another chapter in the saga?<br />
By Edwin Rauzi and Lisa Hayward<br />
CMS wants 400 hospitals to respond to its request for information.<br />
53 CEU: Charge Description Master compliance<br />
assessments By Joel W. Lipin<br />
Tips for assessing the accuracy of your CDM.<br />
55 Increased government oversight of managed care<br />
plans— Are you ready? By Steven E. Skwara<br />
Governmental requirements for detecting, investigating,<br />
and reporting fraud and abuse by “downstream” entities.<br />
61 New HCCA Members<br />
3<br />
March 2009
Affinity Group<br />
Meetings<br />
Hold your own<br />
meeting in conjunction<br />
with HCCA’s 2009<br />
<strong>Compliance</strong> Institute!<br />
Planning on attending the<br />
<strong>Compliance</strong> Institute? Need to<br />
hold a meeting of your own?<br />
Affinity group meetings are now<br />
available in conjunction with the<br />
<strong>Compliance</strong> Institute.<br />
Not only do you get the benefit<br />
of holding your meeting alongside<br />
the most comprehensive<br />
compliance conference for<br />
compliance professionals, but<br />
you also receive complimentary<br />
meeting room space at the<br />
conference site, your choice of<br />
a complimentary continental<br />
breakfast or an a m or pm<br />
break, and registration at the<br />
HCCA Member rate for your<br />
attendees.<br />
Affinity Group Meetings may be<br />
held on one of the following days:<br />
Saturday, April 25, 2009<br />
Wednesday, April 29,<br />
2009 (afternoon)<br />
Thursday, April 30, 2009<br />
To apply, please visit<br />
www.compliance-institute.org<br />
(conference tab) and fill out the<br />
Affinity Group Meeting form.<br />
Please return the completed<br />
form to the HCCA office.<br />
Questions? Contact<br />
Jodi Erickson Hernandez at<br />
952.405.7926 or email her at<br />
jodi.ericksonhernandez<br />
@hcca-info.org<br />
New developments in<br />
payment and public<br />
reporting of quality of<br />
care<br />
By Janice Anderson, Cheryl Wagonhurst, and Anil Shankar<br />
Editor’s note: Janice A. Anderson is a partner<br />
in Foley and Lardner, LLP in Chicago. She is a<br />
member of the <strong>Health</strong> <strong>Care</strong> Industry Team with<br />
25 years’ experience focusing on health regulatory<br />
and compliance issues and over 30 years’<br />
experience working in the health care industry.<br />
She may be contacted by e-mail at janderson@<br />
foley.com or by phone at 312/832-4500.<br />
Cheryl L. Wagonhurst is a partner with the Los<br />
Angeles office of Foley & Lardner LLP and a<br />
member of the firm’s <strong>Health</strong> <strong>Care</strong> Industry Team<br />
and White Collar Defense & Corporate <strong>Compliance</strong><br />
Practice. Ms. Wagonhurst is a former member<br />
of the board of directors of the <strong>Health</strong> <strong>Care</strong><br />
<strong>Compliance</strong> <strong>Association</strong> and currently serves on<br />
the advisory board of the Society of Corporate<br />
<strong>Compliance</strong> and Ethics. She may be reached by<br />
telephone at 213/972-4681 and by e-mail at<br />
CWagonhurst@Foley.com.<br />
Anil Shankar is an associate with Foley &<br />
Lardner LLP in Los Angeles, California, and is a<br />
member of the firm’s <strong>Health</strong> <strong>Care</strong> Industry Team.<br />
He may be reached by phone at 213/972-4584<br />
or by e-mail at ashankar@foley.com.<br />
The long-term plan of Congress<br />
and the Center for Medicare and<br />
Medicaid Services (CMS) to tie<br />
health care reimbursement to the quality<br />
of health care services has been well-documented.<br />
CMS recently issued final rules that<br />
extend quality initiatives beyond inpatient<br />
hospitals to health care professionals and hospital<br />
outpatient departments. Authorized by<br />
the Medicare Improvements for Patients and<br />
Providers Act of 2008 (MIPPA), CMS has<br />
now created incentive programs that affect<br />
the reimbursement of certain healthcare<br />
professionals and outpatient departments of<br />
hospitals.<br />
As a result of changes authorized by MIPPA<br />
and implemented through the 2009 Physician<br />
Fee Schedule Final Rule (PFS Final Rule),<br />
physicians and other eligible professionals<br />
may earn a 2% bonus for the reporting of<br />
quality data specified by the Secretary of the<br />
Department of <strong>Health</strong> and Human Services<br />
(Secretary-HHS), and a separate 2% bonus<br />
for successfully transitioning to an electronic<br />
prescription system. The 2009 Outpatient<br />
Prospective Payment System Final Rule<br />
(OPPS Final Rule) implements a similar<br />
quality data reporting incentive that applies<br />
to hospital outpatient departments. The<br />
OPPS Final Rule authorizes a 2% payment<br />
reduction for outpatient departments that fail<br />
to meet certain outpatient reporting requirements<br />
during FY 2009. Finally, three recently<br />
published National Coverage Determinations<br />
from CMS will make certain “never events”<br />
non-covered services.<br />
The onset of “pay for reporting” incentives<br />
can affect the pocketbook of professionals and<br />
entities which treat Medicare patients, but<br />
the incentives are also significant as a signal<br />
of CMS’ continued commitment to tying<br />
payment to the quality of services provided.<br />
The long-term move toward a “pay for quality”<br />
system (called a “value based purchasing<br />
plan” by CMS) has been implemented<br />
March 2009<br />
4<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
incrementally, and CMS has made clear that<br />
the programs discussed below are intended<br />
as steps toward that goal. Many of the pay<br />
for reporting initiatives began as voluntary<br />
programs, designed to familiarize providers<br />
with the process of reporting and allow CMS<br />
to receive data on quality issues around the<br />
country. Under the new incentive programs,<br />
reporting remains voluntary, but there are<br />
now significant financial implications for<br />
reporting quality data. CMS makes clear that<br />
future programs may make reporting mandatory,<br />
and that payment may be tied to how<br />
well a provider performs on reported quality<br />
measures, rather than just on reporting.<br />
Physician Quality Reporting Initiative<br />
The Physician Quality Reporting Initiative<br />
(PQRI) began with the passage of the<br />
Tax Relief and <strong>Health</strong> <strong>Care</strong> Act of 2006<br />
(TRHCA), which directed the Secretary-<br />
HHS to implement a system for certain<br />
healthcare professionals to report data on<br />
selected quality measures. 1 Reporting began<br />
in July 2007. (Previously, physician’s could<br />
choose to participate in a Physician Voluntary<br />
Reporting Program.) Reports were not<br />
mandatory, but submission of the data in<br />
accordance with prescribed standards generated<br />
a bonus payment of 1.5% of the amount<br />
paid to the eligible professional for covered<br />
professional services during the reporting<br />
period. In July, 2008, MIPPA extended<br />
PQRI indefinitely and raised the bonus for<br />
years 2009 and 2010 to 2%. 2 The eligible<br />
professionals who can submit PQRI and<br />
receive the reporting bonus include certain<br />
midlevel practitioners, physicians, occupational<br />
therapists, qualified speech-language<br />
pathologists, and (starting in 2009) qualified<br />
audiologists. 3<br />
The importance of PQRI for physicians<br />
and other eligible professionals should not<br />
be underestimated. CMS has made clear<br />
that “pay for reporting” programs are a step<br />
toward a “pay for performance” or “pay<br />
for quality” reimbursement model (called<br />
a “value-based purchasing plan” by CMS).<br />
MIPPA directs the Secretary-HHS to submit<br />
to Congress a plan for the transition to<br />
pay for performance (P4P) with regard to<br />
physicians and other practitioners by May<br />
1, 2010. 4 On November 26, 2008, CMS<br />
presented an issues paper which outlines<br />
the initial framework for such a plan, and<br />
conducted a day-long listening session to<br />
discuss the anticipated transition. 5<br />
The incremental movement toward P4P<br />
mirrors the approach taken with regard to<br />
hospitals. The Deficit Reduction Act of 2005<br />
(DRA) established a 2% penalty for hospitals<br />
(referred to as subsection (d) hospitals) 6<br />
that fail to report quality data, and directed<br />
the Secretary-HHS to develop a plan for<br />
implementing P4P for these hospitals for<br />
2009. 7 That plan was submitted to Congress<br />
in November of 2007, but legislation has<br />
not yet been enacted in response. Subsection<br />
(d) hospitals are hospitals in the 50 States,<br />
Washington DC, and Puerto Rico, except for<br />
psychiatric hospitals, rehabilitation hospitals,<br />
hospitals whose inpatients are predominantly<br />
under 18 years old, and hospitals whose<br />
average inpatient length of stay exceeds 25<br />
days. A current bill drafted by Senator Baucus<br />
(D-Montana) and Senator Grassley (R-Iowa)<br />
would implement P4P for subsection (d)<br />
hospitals starting in 2012, and phase in<br />
over a five year period until 2016. 8 Similar<br />
legislation, or an expansion of the current bill,<br />
which extends P4P to physicians and other<br />
healthcare professionals should be anticipated.<br />
The ability to measure the quality of health<br />
care services accurately and efficiently is at<br />
the heart of CMS’ vision of a value-based<br />
purchasing plan. When PQRI was first<br />
implemented in 2007, the data tracked 74<br />
quality measures. The PFS Final Rule expands<br />
PQRI to include 153 quality measures for<br />
2009, up from 119 measures in 2008, but less<br />
than the 175 measures originally proposed by<br />
CMS. MIPPA requires the Secretary-HHS<br />
to ensure that the affected professionals have<br />
an opportunity to provide input during the<br />
development or selection of quality measures,<br />
and CMS has invited comments on the measures<br />
both for PQRI and for the anticipated<br />
transition to P4P.<br />
The 2009 quality measures include the<br />
2008 PQRI measures plus certain measures<br />
endorsed by the National Quality Forum<br />
(NQF) and/or the AQA (formerly the Ambulatory<br />
<strong>Care</strong> Quality Alliance). The 2009<br />
PQRI program also divides certain measures<br />
into seven measure groups, which are subsets<br />
of PQRI measures that have a particular clinical<br />
condition or focus in common. Details<br />
regarding the specific measures and measure<br />
groups included in PQRI for 2009 can be<br />
found at www.cms.hhs.gov/pqri. Technical<br />
specifications for reporting the measures and<br />
measure groups in the 2009 final listing can<br />
be found in the “Measures/Codes” tab of the<br />
PQRI section of CMS’ website.<br />
In addition to the quality measures which can<br />
be reported, the PFS Final Rule contains the<br />
criteria for submission which must be met to<br />
qualify for the incentive payment. In the past,<br />
reporting has encountered numerous hiccups.<br />
CMS data reveal that in 2007, just over half<br />
of those who participated successfully met<br />
the program and reporting requirements<br />
and received the reporting bonus. 9 In<br />
addition, many participants had difficulty<br />
accessing the confidential feedback reports<br />
CMS provided. These reports contained<br />
information as to whether the participant<br />
had met the criteria for satisfactory reporting,<br />
the amount of the incentive earned, and<br />
Continued on page 7<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
5<br />
March 2009
AUTOMATE YOUR COMPLIANCE AND RISK MANAGEMENT PROGRAM<br />
•<br />
Enforce Consistency<br />
Cost<br />
Streamline Processes<br />
•<br />
Mitigate Risk<br />
•<br />
•<br />
Reduce<br />
Policy Management<br />
Contract Management<br />
Remediation Projects<br />
Enterprise Risk Management<br />
Incident Management & Reporting<br />
Audit Management<br />
Regulation Management<br />
Surveys<br />
Liability<br />
Where <strong>Compliance</strong> Comes Full Circle<br />
•<br />
• Increase Productivity<br />
Decrease<br />
•<br />
Drive Accountability<br />
Enhance <strong>Compliance</strong> Visibility<br />
•<br />
Contact us today to view a free demo.<br />
<strong>Compliance</strong> 360 assists <strong>Health</strong>care Organizations comply with:<br />
CMS<br />
OIG’s Annual Work Plan<br />
US Sentencing Commission Guidelines<br />
Stark Law<br />
Medicare Part D<br />
HIPAA<br />
Integrity Agreements<br />
March 2009<br />
6<br />
www.compliance360.com<br />
678.992.0262
New developments in payment and public reporting of quality of care ...continued from page 5<br />
their measure performance rates. CMS has<br />
worked to streamline the process and educate<br />
eligible professionals about how to meet the<br />
requirements and is seeking ways to make<br />
accessing the feedback reports easier, but<br />
these difficulties emphasize the importance<br />
of becoming familiar with the system prior to<br />
the anticipated transition to a P4P reimbursement<br />
scheme.<br />
Eligible professionals have several options<br />
available for reporting the data and qualifying<br />
for the 2% bonus. The options differ<br />
based on whether the professional chooses a<br />
claims-based or registry-based approach and<br />
whether the reporting pertains to individual<br />
measures or measure groups. The options<br />
available for claims-based submission of<br />
individual measures are the most restrictive.<br />
Registry-based reporting permits a physician<br />
to report through an authorized outside<br />
organization, such as certain trade associations.<br />
Registry-based submission using several<br />
different options is permitted and, for 2008<br />
PQRI, there are 32 registries qualified to<br />
submit quality measures on behalf of eligible<br />
professionals. The PFS Final Rule sets forth<br />
the process that registries must go through<br />
in order to be qualified to submit data for<br />
eligible professionals for the 2009 PQRI<br />
program. There are six options available to a<br />
professional reporting on measure groups.<br />
CMS does not, at this time, accept quality<br />
data through electronic health record (EHR)<br />
submission; however, it intends to test EHR<br />
vendors and their products during 2009 to<br />
determine if EHR reporting can be used<br />
in the future. If EHR vendors meet CMS’<br />
qualifications to participate in the PQRI testing<br />
process, their systems can submit quality<br />
measure data to CMS for PQRI on behalf of<br />
eligible professionals who use the systems.<br />
In addition, MIPPA directs CMS to publicly<br />
report the names of eligible professionals who<br />
satisfactorily report quality data for 2009. 10<br />
This marks a significant departure from the<br />
PQRI programs of 2007 and 2008, and is<br />
another of CMS’ strategies for improving the<br />
quality of health care services. The names of<br />
successful reporters will be posted in 2010 on<br />
a “Physician and Other <strong>Health</strong> <strong>Care</strong> Professional<br />
Compare” website. 11 Although the<br />
individual quality data will not be posted, the<br />
PFS Final Rule responded to comments about<br />
publishing the data and stated that CMS’<br />
goal was to “eventually make performance<br />
information available.” 12 The public posting<br />
of successful reporters should be regarded as<br />
the first step toward this process, and will lead<br />
to a website for physicians and other eligible<br />
professionals comparable to http://hospitalcompare.hhs.gov.<br />
E-Prescribing incentive program<br />
MIPPA and the PFS Final Rule also enact<br />
a separate incentive payment program for<br />
health care professionals who transmit a<br />
majority of their prescriptions electronically<br />
(e-prescribe). As with PQRI, the e-prescription<br />
incentive program is the next step in<br />
a long-term plan to improve the quality<br />
of care in the United States. Congress, in<br />
response to findings that e-prescription<br />
could prevent a significant number of<br />
medical errors, enacted a law in 2003 to help<br />
develop the infrastructure for its wider use. 13<br />
The law made drug plans’ acceptance of<br />
e-prescriptions a requirement for participation<br />
in the part D prescription drug benefit<br />
under Medicare, beginning in 2006, and<br />
CMS proclaimed the measure to be “one<br />
of the key action items in the government’s<br />
plan to expedite the adoption of electronic<br />
medical records and build a national<br />
electronic health information infrastructure<br />
in the United States.” 14 MIPPA takes the<br />
next step toward greater use of e-prescribing<br />
by creating significant financial incentives<br />
for physicians and other professionals who<br />
qualify as successful e-prescribers.<br />
Under MIPPA, a successful e-prescriber is an<br />
eligible professional who, for a given reporting<br />
period, reports all the quality measures<br />
specified by the Secretary-HHS that relate to<br />
e-prescribing in at least 50% of the instances<br />
in which the measure could be reported by<br />
the professional. However, the PFS Final<br />
Rule included only one quality measure to<br />
be reported in the e-prescribing program,<br />
which relates to the capacity for and use of<br />
e-prescribing measures. In 2008, this quality<br />
measure was included in the PQRI, but was<br />
removed by MIPPA and made part of the<br />
separate e-prescribing incentive program for<br />
2009. Although there is only one measure for<br />
the 2009 reporting period, CMS has said that<br />
it intends to consider the use of additional<br />
prescribing events as the basis of the incentive<br />
payment in future years. 15<br />
The reporting of e-prescription occurs through<br />
Medicare billing codes. To report one of the<br />
available codes for e-prescriptions, professionals<br />
must have a qualified e-prescribing<br />
system in place, and must have: (1) used it<br />
for all the prescriptions; (2) not generated any<br />
prescriptions during the encounter; or (3)<br />
been prevented from using the system by law,<br />
request of the patient, or the inability of the<br />
pharmacy system to receive e-prescriptions.<br />
CMS compares reported e-prescribing billing<br />
codes against the events reported to determine<br />
whether the professional qualifies as a successful<br />
e-prescriber. 16 Professionals have discretion<br />
in choosing the system they wish to use for<br />
e-prescribing; however, the system chosen<br />
must have the functionality established by the<br />
Medicare Part D e-prescribing standards. 17<br />
The financial incentives authorized by MIPPA<br />
take two forms. Starting in 2009, successful<br />
Continued on page 9<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
7<br />
March 2009
March 2009<br />
8<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
New developments in payment and public reporting of quality of care ...continued from page 7<br />
e-prescribers will receive an incentive<br />
payment. The bonus begins at 2% for years<br />
2009 and 2010, but decreases in subsequent<br />
years and is eliminated entirely by 2014.<br />
The payment is separate from the incentive<br />
payments made under the PQRI, meaning<br />
eligible professionals could receive incentive<br />
payments of up to 4% in 2009. Second,<br />
beginning in 2012, a payment differential<br />
takes effect which penalizes prescribers<br />
by 1% if they do not qualify as successful<br />
e-prescribers. The amount of this differential<br />
increases in subsequent years to a maximum<br />
reduction of 2% by 2014. Thus, eligible professionals<br />
are offered incentives to transition<br />
to e-prescribing in the short-term, but these<br />
incentives steadily transition into penalties<br />
for failure to adopt and use an e-prescribing<br />
system in the future.<br />
The definition of “eligible professionals” for<br />
the e-prescribing initiative is the same as for<br />
the PQRI, and includes physicians as well as<br />
physician assistants (PAs), nurse practitioners<br />
(NPs), clinical psychologists, registered<br />
dietitians, physical therapists, and qualified<br />
audiologists. However, eligibility is restricted<br />
to only those professionals who have prescribing<br />
authority, which may vary from state to<br />
state for certain types of practitioners, based<br />
on the scope of their practice. Moreover,<br />
to qualify for the incentive, the reported<br />
code for e-prescribing must constitute at<br />
least 10% of the professional’s total Part B<br />
allowed charges. This limitation was enacted<br />
by Congress so that only those physicians<br />
or other eligible professionals who have the<br />
opportunity to prescribe a sufficient number<br />
of prescriptions can receive the incentive.<br />
CMS will publish the names of successful<br />
electronic prescribers for the 2009 E-Prescribing<br />
Incentive Program on the Physician and<br />
Other <strong>Health</strong> <strong>Care</strong> Professional Compare<br />
Website (http://www.medicare.gov/Physician/<br />
Home.asp?bhcp=1). This means that both<br />
successful PQRI reporters and successful<br />
electronic prescribers now will be publicly<br />
reported by 2010.<br />
Hospital outpatient quality data reporting<br />
program<br />
The OPPS Final Rule, released November 18,<br />
2008, implements another incentive program<br />
designed to encourage reporting quality<br />
data. 18 The rule expands upon existing<br />
hospital reporting requirements for outpatient<br />
services and implements the Hospital<br />
Outpatient Quality Data Reporting Program<br />
(HOP QDRP), which reduces hospital<br />
outpatient payment rates by up to 2% if the<br />
hospital fails to meet the outpatient reporting<br />
requirements.<br />
HOP QRDP was authorized by the Tax<br />
Relief and <strong>Health</strong>care Act (TRCHA) in 2006,<br />
to begin operating in 2009. 19 The 2008<br />
OPPS Final Rule established seven quality<br />
measures relating to outpatient services,<br />
which were to be reported beginning in<br />
April, 2008. 20 Five of these measures apply<br />
to emergency departments and relate to acute<br />
myocardial infarction treatment, and two<br />
relate to outpatient surgery and the prevention<br />
of surgical infection. This year’s OPPS<br />
Final Rule adds four new quality measures for<br />
FY 2009, focused on MRI of lumbar spine,<br />
mammography, abdominal CT, and thoracic<br />
CT. The adequate reporting of these measures<br />
will be used to determine if a hospital should<br />
be subject to the 2% reduction for FY 2010.<br />
The OPPS Final Rule also lists 18 different<br />
measures in nine measure sets from which<br />
additional quality measures could be selected<br />
for inclusion in HOP QDRP for FY 2011<br />
and beyond.<br />
The OPPS Final Rule explains the manner by<br />
which CMS will apply the 2% reduction in<br />
OPPS payment rates if a hospital fails to meet<br />
reporting requirements under HOP QDRP.<br />
The national unadjusted payment rates for<br />
many services paid under OPPS equal the<br />
product of the OPPS conversion factor and<br />
the scaled relative weight for the ambulatory<br />
payment classification (APC) to which the<br />
service is assigned. The OPPS conversion<br />
factor is updated annually, and CMS proposes<br />
to apply the 2% reduction to the conversion<br />
factor for purposes of implementing the<br />
HOP QDRP payment adjustment. This<br />
means that the payment reduction for failing<br />
to report under HOP QDRP will only apply<br />
to those OPPS services which are adjusted<br />
annually based on the conversion factor. For<br />
CY 2009, the reduction would be determined<br />
by multiplying the full national unadjusted<br />
payment rate for the applicable CPT code by<br />
0.981.<br />
Like the “Reporting Hospital Quality Data<br />
Annual Payment Update” program, CMS<br />
intends that reporting under HOP QDRP<br />
will be made public and has stated that the<br />
data will be posted to the CMS website by<br />
2010. Hospitals will have an opportunity to<br />
review the data prior to publication. CMS is<br />
exploring whether Hospital Compare or other<br />
sites might be used for reporting of hospital<br />
outpatient quality data.<br />
<strong>Health</strong> care-associated conditions and<br />
“never” events<br />
Part of the value-based purchasing program<br />
already implemented by CMS has been a<br />
denial of payment for certain conditions considered<br />
to be preventable. In October 2008,<br />
CMS implemented its Hospital-Acquired<br />
Condition payment penalty to further that<br />
initiative. 21 Applicable to inpatient services<br />
only, the penalty denies any additional DRG<br />
payment for certain preventable complications<br />
that were not present on admission.<br />
Examples of hospital-acquired conditions<br />
Continued on page 52<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
9<br />
March 2009
Unauthorized access<br />
to protected health<br />
information: Educating<br />
the workforce<br />
By Mark C. Rogers, Esq.<br />
Editor’s note: Mark C. Rogers is a member of the more likely to encounter this problem in the<br />
<strong>Health</strong> <strong>Care</strong> and Corporate Practice Groups at context of a workforce member inappropriately<br />
accessing the medical record of either<br />
The Rogers Law Firm (www.therogerslawfirm.<br />
com) in Boston, Massachusetts. He is also a a co-worker or a family member or friend.<br />
member of the firm’s Consulting Division (www. Beyond the consequences to the workforce<br />
trcgsolutions.com). Mark is Co-Editor of The member who commits the violation, the<br />
Boston <strong>Health</strong> Law Reporter and is an adjunct health care entity also faces exposure to fines,<br />
faculty member at New England School of Law, civil lawsuits, and adverse publicity. This<br />
where he teaches <strong>Health</strong> Law. Mr. Rogers may be article looks at the issue of unauthorized<br />
reached by e-mail at mrogers@therogerslawfirm. access to PHI by workforce members and<br />
com or by telephone at 617/723-1100, ext. 229. what health care entities can do to address<br />
this growing problem.<br />
<strong>Health</strong> care entities have come a long<br />
way in terms of health information<br />
privacy since the enactment Over the last two years, there has been an<br />
Increasing number of incidents<br />
of the HIPAA [<strong>Health</strong> Insurance Portability increase in the number of workers within<br />
and Accountability Act] Privacy and Security health care entities who inappropriately<br />
Rules. The overwhelming majority of health access, and in some cases disclose, the PHI<br />
care entities have worked to create a culture of celebrities. Britney Spears, Maria Shriver,<br />
of commitment to protecting the health and George Clooney are just a few of the<br />
information of their patients. Nevertheless, celebrities who have reportedly had their<br />
despite this commitment to privacy, health PHI inappropriately accessed in a health care<br />
care entities continue to face violations of the entity setting. 1 Recently, Richard Collier, an<br />
HIPAA Privacy and Security Rules by members<br />
of their workforce--including physicians, League’s Jacksonville Jaguars, had his PHI<br />
offensive tackle with the National Football<br />
nurses, technicians, aides, administrative inappropriately accessed while he was recovering<br />
from surgery at a Jacksonville, Florida<br />
assistants, managers, and executives. One of<br />
the more common of these violations, and hospital. According to reports of the media,<br />
certainly one of the most well-publicized, is twenty hospital employees accessed Collier’s<br />
online medical file using the hospital’s<br />
unauthorized access to protected health information<br />
(PHI). In layman’s terms: looking at computer system. 2<br />
other people’s medical records when there is<br />
no legitimate reason to be doing so.<br />
Perhaps the most well-best known incident<br />
of a celebrity’s PHI being inappropriately<br />
Although there are well-publicized incidents accessed is that of Hollywood actress, Farrah<br />
of this occurring with the medical records Fawcett. In February of 2008, Lawanda<br />
of celebrities, a health care entity is much Jackson, a former administrative specialist for<br />
the UCLA <strong>Health</strong> System, was indicted by a<br />
federal grand jury for illegally accessing the<br />
PHI of Fawcett and selling it to the National<br />
Enquirer for $4,600. Jackson faces up to<br />
ten years in prison if she is convicted. It is<br />
also possible the National Enquirer could be<br />
charged as a result of the ongoing investigation<br />
by the U.S. Attorney’s Office. 3 The<br />
indictment of Lawanda Jackson was the result<br />
of an investigation by the State of California<br />
into unauthorized access to PHI within<br />
the UCLA <strong>Health</strong> System. The investigation<br />
showed that in addition to celebrities,<br />
workforce members had inappropriately<br />
accessed the PHI of over 1,000 other patients<br />
since 2003. 4<br />
The problem with unauthorized access to<br />
PHI is, of course, not unique to the UCLA<br />
<strong>Health</strong> System. <strong>Health</strong> care entities across<br />
the country face this problem on an ongoing<br />
basis. For the most part, unauthorized access<br />
to PHI within a health care entity is most<br />
likely to occur in the context of a workforce<br />
member inappropriately accessing the PHI<br />
of a fellow co-worker, friend, neighbor, or<br />
relative who was a patient at the facility.<br />
Potential consequences<br />
The unauthorized access of PHI by a workforce<br />
member of a health care entity presents<br />
a liability exposure to both the workforce<br />
member and the entity. The workforce member<br />
faces:<br />
n Disciplinary action by the covered entity,<br />
from a verbal warning to termination of<br />
employment. If the individual is a member<br />
of the health care entity’s medical staff, he/<br />
she also faces disciplinary action under the<br />
entity’s Medical Staff Bylaws.<br />
n A potential civil lawsuit from the individual<br />
whose PHI is the subject of the<br />
unauthorized access. Depending upon the<br />
circumstances of the underlying incident,<br />
this can include such claims as invasion<br />
March 2009<br />
10<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
of privacy and infliction of emotional<br />
distress.<br />
n Criminal fines and/or penalties under<br />
both state and federal laws. An individual<br />
who knowingly obtains or discloses PHI in<br />
violation of HIPAA faces a fine of $50,000<br />
and up to one year in prison. The criminal<br />
penalties increase to $100,000 and up<br />
to five years in prison if the wrongful<br />
conduct includes false pretenses, and up<br />
to $250,000 and ten years in prison if the<br />
wrongful conduct includes the intent to<br />
sell, transport, or use individually identifiable<br />
health information for commercial<br />
advantage, personal gain, or malicious<br />
harm. 5 In addition, the workforce member<br />
likely will face state criminal charges as<br />
there have been a number of states that<br />
have recently strengthened their criminal<br />
laws pertaining to the privacy of personal<br />
information.<br />
The health care entity also faces a significant<br />
potential liability exposure as a result of a<br />
workforce member’s unauthorized access to<br />
PHI. First, the entity faces an investigation<br />
by both the Office for Civil Rights (OCR) of<br />
the United States Department of <strong>Health</strong> and<br />
Human Services (HHS) which is the agency<br />
that enforces the HIPAA Privacy Rule, and<br />
the Centers for Medicare and Medicaid Services<br />
(CMS) which is the agency that enforces<br />
the HIPAA Security Rule. Such investigations<br />
could lead to a potential fine of $100 per<br />
failure to comply with each HIPAA Privacy or<br />
Security Rule requirement. 6 Second, as with<br />
a workforce member, the entity also faces a<br />
lawsuit from the individual whose PHI is the<br />
subject of the unauthorized access. The lawsuit<br />
would likely include claims of negligence,<br />
negligent supervision and negligent infliction<br />
of emotional distress. Third, the entity faces<br />
civil fines and penalties under state law.<br />
Finally, workforce members’ unauthorized<br />
access to PHI can result in adverse publicity<br />
for the entity which has the potential to affect<br />
patient volume and in turn, revenues.<br />
All of this leads to the question as to how it is<br />
that incidents of unauthorized access to PHI<br />
are discovered. Certainly, audits performed by<br />
the entity which are mandated by the HIPAA<br />
Security Rule are a source of these discoveries.<br />
7 However, it is more likely that the audits<br />
are simply confirming what is already a<br />
rumor within the halls of the entity. Just as<br />
some may argue that it is human nature for<br />
a workforce member to “snoop” into another<br />
individual’s medical record, it is also human<br />
nature for that workforce member to discuss<br />
the contents of the medical record with others<br />
within the entity. This “water-cooler effect”<br />
necessitates that an entity undertake an<br />
investigation to determine whether there was<br />
indeed an incident of unauthorized access to<br />
PHI. A covered entity must mitigate, to the<br />
extent practicable, any harmful effect it learns<br />
was caused by the use or disclosure of PHI<br />
by its workforce in violation of the HIPAA<br />
Privacy Rule. 8 If an entity has confirmed<br />
through an investigation that an incident<br />
of unauthorized access to PHI occurred, an<br />
often overlooked provision of the HIPAA<br />
Privacy Rule requires the entity to list the<br />
incident and the name of the workforce<br />
member who committed the violation<br />
on the patient’s accounting of disclosures<br />
maintained by the entity. 9 Thus, by reviewing<br />
the accounting of disclosures, the patient will<br />
know who accessed their PHI and under what<br />
circumstances.<br />
Addressing the problem<br />
Even with the continued advancement of<br />
health information technology, it is unlikely<br />
that health care entities will ever be able to<br />
eradicate the problem of unauthorized access<br />
to PHI by members of their workforce. The<br />
temptation by certain individuals to view the<br />
PHI of others will, on occasion, overcome<br />
the compliance efforts by health care entities.<br />
Nevertheless, the response by health care<br />
entities to this inevitable truth cannot be<br />
to ignore the problem. To do so creates a<br />
significant potential liability exposure in<br />
an environment of increasing compliance<br />
enforcement. The Office of Inspector General<br />
of HHS recently criticized CMS for its failure<br />
to oversee and enforce the HIPAA Security<br />
Rule. 10 Such a public rebuke is likely to spur<br />
an increase in HIPAA enforcement by both<br />
CMS and OCR. Therefore, now is the time<br />
for health care entities to address the issue of<br />
unauthorized access to PHI by members of<br />
their workforce.<br />
Preventive measures<br />
The first step for a health care entity to effectively<br />
address the problem of unauthorized<br />
access to PHI is to undertake an assessment of<br />
its current HIPAA Privacy and Security policies<br />
and procedures. At the time the HIPAA<br />
Privacy and Security Rules became effective,<br />
many health care entities rushed to promulgate<br />
the required policies and procedures to<br />
meet the government-imposed deadlines. In<br />
doing so, they created the potential for generating<br />
inaccurate or inappropriate policies and<br />
procedures. Furthermore, the assessment and<br />
evaluation of a health care entity’s HIPAA<br />
Privacy and Security policies and procedures<br />
presents an opportunity to incorporate the<br />
best practices that have developed over the<br />
last several years with respect to HIPAA<br />
compliance. This includes best practices for<br />
detecting and preventing unauthorized access<br />
to PHI by a health care entity’s workforce<br />
members.<br />
This, in turn, leads to the second step a<br />
health care entity should undertake to effectively<br />
address the problem of unauthorized<br />
access to PHI by members of its workforce<br />
-- adoption of best practices. Obviously, a<br />
Continued on page 13<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
11<br />
March 2009
Enhance Quality of <strong>Care</strong> and Reimbursement Processing with:<br />
A Compelling Case for Clinical<br />
This one kit offers a handbook, strategy guide and<br />
training system to improve your organization’s<br />
clinical documentation quality.<br />
A Compelling Case for Clinical Documentation introduces the CAMP Method for<br />
Clinical Documentation Training – scientifically proven to substantially improve clinical<br />
documentation quality. Nominated for the Best Theory to Practice Award by the Academy<br />
of Management, this kit offers the most comprehensive guide on clinical documentation<br />
training every published. The kit includes:<br />
3 a two-volume strategy guide:<br />
1. Use Clinical Documentation to Achieve Strategic<br />
Alignment With Your Medical Staff<br />
2. Use the CAMP Method to Improve Clinical<br />
Documentation Quality<br />
3 the CAMP Method Overview training DVD<br />
3 the training system resource CD<br />
Documentation<br />
What is CAMP Method Training?<br />
Developed by Ruthann Russo, PhD, JD, MPH, RHIT, a lawyer with more than<br />
20 years of experience consulting for health care organizations, the CAMP Method is<br />
based on the established theories and practices of self-efficacy education. It relies on four<br />
components to increase participant self-efficacy: Coaching, Asking, Mastering, and Peer learning.<br />
The CAMP training system gives physicians the tools needed to consistently produce high quality clinical<br />
documentation and the conviction needed to do so.<br />
A Compelling Case for Clinical Documentation offers a complete, scientifically tested training system you<br />
can put to work, starting today. You are provided with a DVD that overviews the CAMP training system, as well as a resource<br />
CD with the precise training sequence and all the needed testing forms. For more information, visit www.hcca-info.org/books/.<br />
Qty<br />
Cost<br />
________ HCCA Member Price ...$355 $ _________<br />
________ Non-member Price........$395 $ _________<br />
________ Join HCCA!...................$200 $ _________<br />
Non-members, add $200 to join HCCA, and pay<br />
member prices for your order (regular dues $295/year)<br />
Bulk discounts available for HCCA members only. See<br />
chart at left to figure cost. All purchases receive free FedEx<br />
Ground shipping within continental U.S.<br />
Please make your check payable to HCCA.<br />
For more information, call 888-580-8373.<br />
Mail check to: 6500 Barrie Road, Suite 250<br />
Minneapolis, MN 55435<br />
Fax order to: 952-988-0146<br />
Total: $<br />
Please type or print:<br />
HCCA Member ID<br />
First Name M.I. Last Name<br />
Title<br />
Organization<br />
Street Address<br />
City State Zip<br />
Telephone<br />
Fax<br />
E-mail<br />
My organization is tax exempt<br />
Check enclosed<br />
Invoice me PO #<br />
Charge my credit card:<br />
Mastercard VISA American Express<br />
Account number<br />
Expiration date<br />
Cardholder’s name<br />
Cardholder’s signature<br />
Federal Tax ID: 23-2882664<br />
Prices subject to change without notice. HCCA is required to<br />
charge sales tax on purchases from Minnesota and Pennsylvania.<br />
Please calculate this in the cost of your order. The required sales<br />
tax in Pennsylvania is 7% and Minnesota is 6.5%.
Unauthorized access to protected health information: ...continued from page 11<br />
health care entity needs to approach the issue<br />
with a mindset that not all of the practices<br />
are best suited for their entity. A health<br />
care entity needs to go through the exercise<br />
of what best practices work for them. The<br />
following are just a handful of those best<br />
practices which health care entities have<br />
adopted in an attempt to detect and prevent<br />
unauthorized access to PHI by members of<br />
their workforce:<br />
n Auditing, auditing, auditing: <strong>Health</strong> care<br />
entities should enhance their auditing of<br />
electronic health records to ensure that<br />
members of their workforce are accessing<br />
only those records to which access is appropriate.<br />
Also, health care entities should<br />
communicate this enhancement and auditing<br />
to their workforce members.<br />
n VIPs/Workforce members: <strong>Health</strong> care<br />
entities should engage in targeted auditing of<br />
the electronic health records of workforce<br />
members and VIPs (celebrities, politicians,<br />
sports figures, trustees, donors, etc.) to<br />
assess for unauthorized access.<br />
n Reminders: <strong>Health</strong> care entities should<br />
consistently remind its workforce members<br />
that they are prohibited under federal law<br />
(and in some instances state law) from unauthorized<br />
access to PHI. These reminders<br />
should come in varying forms, including<br />
e-mails and mailings to their departments,<br />
offices, and homes. Also, it is worthwhile<br />
to have the compliance and/or privacy officer<br />
make these reminders in person (such<br />
as at departmental meetings).<br />
n Honeypots: <strong>Health</strong> care entities should<br />
consider using “honeypots” —which is the<br />
practice of creating a fictitious electronic<br />
health record (oftentimes using the name<br />
of a celebrity or VIP) and then monitoring<br />
that electronic health record to see if it is<br />
inappropriately accessed by a workforce<br />
member. Honeypots can be used as a<br />
general compliance tool or in instances<br />
where there is a suspicion that a specific<br />
workforce member or department is inappropriately<br />
accessing electronic health<br />
records.<br />
n Disciplinary actions: Perhaps the best<br />
method for a health care entity to demonstrate<br />
to its workforce how serious it takes<br />
the use of unauthorized access to PHI is to<br />
take strong disciplinary action in response<br />
to an incident. It is now common to<br />
suspend or terminate a workforce member<br />
who engages in this activity. A health<br />
care entity can get the attention of its<br />
workforce by publicizing these disciplinary<br />
actions (without identifying the specific<br />
workforce member involved).<br />
The final and perhaps most important step<br />
for a health care entity to take to effectively<br />
address the issue of unauthorized access to<br />
PHI is education. <strong>Health</strong> care entities need<br />
to educate their workforce about this topic<br />
and the consequences they face as individuals<br />
as a result of engaging in this type of activity.<br />
This education should take place at the time<br />
the individual enters the entity’s workforce<br />
(as part of a more comprehensive HIPAA<br />
training program) and should be mandatory.<br />
Continuing education programs should also<br />
reinforce the importance of this issue and<br />
should be mandatory. Again, it is critical that<br />
workforce members be educated about the<br />
potential consequences they face as a result of<br />
unauthorized access to PHI.<br />
Conclusion<br />
<strong>Health</strong> care entities face a significant liability<br />
exposure as a result of unauthorized access<br />
to PHI by members of their workforce. The<br />
most effective way for a health care entity to<br />
address this serious problem is to undertake<br />
(and follow through with) a comprehensive<br />
assessment and education plan. Although it<br />
is unlikely that a health care entity will be<br />
able to completely eliminate incidents of<br />
unauthorized access to PHI through such a<br />
course of action, it will nevertheless serve to<br />
minimize the entity’s liability exposure and<br />
demonstrate its commitment to protecting<br />
the health information of its patients. n<br />
1 Orenstein, Charles, Ex-worker indicted in celebrity patient leaks, Los Angeles<br />
Times (April 30, 2008); Orenstein, Charles, UCLA worker snooped<br />
in Spears’ medical records, Los Angeles Times (March 15, 2008).<br />
2 20 hospital workers fired for viewing Collier’s medical records, News-<br />
4JAX.com (November 17, 2008).<br />
3 Orenstein, Charles, Ex-worker indicted in celebrity patient leaks, Los<br />
Angeles Times (April 30, 2008); United States of American v. Lawanda<br />
Jackson, February 2008 Grand Jury Indictment.<br />
4 AP News, Not-guilty plea in celebrity medical snooping case, (November<br />
3, 2008).<br />
5 42 U.S.C. § 1320d-6.<br />
6 42 U.S.C. § 1320d-5.<br />
7 45 C.F.R. § 164.312(b).<br />
8 45 C.F.R. § 164.530(f).<br />
9 45 C.F.R. 164.528.<br />
10 Memorandum from Daniel R. Levinson, Inspector General of the<br />
United States Department of <strong>Health</strong> and Human Services to Kerry<br />
Weems, Acting Administrator of the Centers for Medicare and Medicaid<br />
Services, regarding “Nationwide review of the Centers for Medicare and<br />
Medicaid Services <strong>Health</strong> Insurance Portability and Accountability Act<br />
of 1996 oversight” (A-04-07-05064) (October 27, 2008).<br />
Be Sure to Get Your<br />
CHC CEUs<br />
The CEU quiz will no longer be mailed<br />
with each issue of <strong>Compliance</strong> Today.<br />
To take the quiz and obtain credit,<br />
please go to www.hcca-info.org/quiz<br />
and select a quiz. Fill in your contact<br />
information and answer the questions.<br />
Print the completed form and FAX or<br />
MAIL it to Liz Hergert at HCCA.<br />
Articles related to the quiz in this issue of<br />
<strong>Compliance</strong> Today:<br />
n Unauthorized access to protected<br />
health information: Educating the<br />
workforce — By Mark C. Rogers,<br />
page 10<br />
n Feature focus: Executive<br />
compensation in troubled times—<br />
Part 1 — By Gerald M. Griffith,<br />
page 32<br />
n Charge Description Master<br />
compliance assessments —<br />
By Joel W. Lipin, page 53<br />
Questions? Please call Liz Hergert at<br />
888/580-8373.<br />
Please note that credit will be given only<br />
for quizzes received before the expiration<br />
date indicated on the quiz.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
13<br />
March 2009
feature article<br />
Meet Bill Parke<br />
Vice President, Corporate <strong>Compliance</strong>, Rutherford Hospital<br />
March 2009<br />
14<br />
Editor’s note: This interview with Bill Parke<br />
was conducted by Greg Warner, Director for<br />
<strong>Compliance</strong>, Mayo Clinic and a member of the<br />
HCCA Board of Directors. Greg may be reached<br />
by telephone at 507/284-9029. Bill Parke may<br />
be reached in North Carolina by telephone at<br />
828/286-5360.<br />
GW: I always find it interesting to learn<br />
how others found their way into <strong>Compliance</strong>.<br />
Would you share a little of your background<br />
and how you ended up in <strong>Compliance</strong>?<br />
<strong>BP</strong>: I came to the health care field later,<br />
rather than sooner. I graduated with a degree<br />
in Economics from SUNY Cortland and<br />
spent several years trying my hand at a variety<br />
of “opportunities” in other industries. At<br />
the encouragement of a former professor, I<br />
interviewed for a position in administration<br />
at a small nursing home in rural Ohio. It was<br />
there that I started what has proven to be a<br />
very fulfilling career in health care administration.<br />
After doing some coursework at Ohio<br />
State University, I obtained my nursing home<br />
administrator license and worked for several<br />
years in the long-term care industry. Moving<br />
to western North Carolina, I eventually<br />
became the administrator of a hospital-based<br />
nursing home run by Rutherford Hospital,<br />
Inc. (RHI), a position I held for several years.<br />
As often happens in smaller hospital<br />
systems, you end up wearing more than one<br />
hat and that was my experience; I ended up<br />
being one of the corporate vice presidents<br />
with additional operational responsibilities. In<br />
1998, our then-CEO called me into his office<br />
for a chat. He said that there was a new push<br />
in the industry to establish something called<br />
a compliance program. Our CFO had been<br />
putting the program together, but now he had<br />
been informed that having a CFO heading<br />
up a compliance program was not going to be<br />
viewed as “a good thing.” That’s when I was<br />
asked to take over the task of getting a compliance<br />
program up and running across the<br />
various divisions of the hospital. He assured<br />
me that this was a time-limited project—that<br />
once the program was in place, it would pretty<br />
much take care of itself. Ten years later, as the<br />
Vice President of Corporate <strong>Compliance</strong>, I’m<br />
still trying to figure out how to finish the job!<br />
GW: Please describe the scope of your<br />
compliance responsibilities and your<br />
reporting process – both management and<br />
programmatically.<br />
<strong>BP</strong>: As Vice President of Corporate<br />
<strong>Compliance</strong>, I have a dual reporting relationship<br />
- as a member of senior management, I<br />
report directly to our CEO and I also have<br />
the authority to report directly to our Board<br />
of Trustees. Along with my compliance<br />
officer duties, I still have responsibilities over<br />
a couple of support services departments. In<br />
addition, I serve as our Privacy Officer and I<br />
oversee our contract management program.<br />
With the addition of a <strong>Compliance</strong> Assistant<br />
last spring, our <strong>Compliance</strong> department<br />
is now a two-person shop. It goes without<br />
saying that I rely heavily on the efforts of the<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
other members of our senior management<br />
team to make compliance work at RHI.<br />
Having such a strong leadership team to<br />
work with, a team that has truly taken the<br />
compliance discipline to heart, has been an<br />
amazing help to me. They carry a substantial<br />
part of the responsibility for the day-to-day<br />
maintenance of the compliance program, and<br />
without their support and assistance, my job<br />
would be impossible.<br />
Early on, our senior management team<br />
decided to emphasize the link between quality<br />
issues and compliance, so we’ve had quality<br />
elements as part of our annual <strong>Compliance</strong><br />
Work Plan for several years. That linkage was<br />
carried over to our governing body as well.<br />
The board formed a separate committee called<br />
the Personnel, <strong>Compliance</strong>, and Quality<br />
Committee (PCQ) to oversee those three<br />
areas. This has proven to be one of the more
prescient steps we’ve taken. When the emphasis<br />
on issues of quality intensified nationally,<br />
we were already well positioned at the governance<br />
level with a well-informed board committee<br />
that was ready and able to manage their<br />
increasing oversight responsibilities.<br />
I’m fortunate to have the opportunity to<br />
have significant levels of personal interaction<br />
with our board. I am chairman of our<br />
<strong>Compliance</strong> Committee and there is board<br />
representation on that committee. I make<br />
regular compliance reports to the PCQ<br />
Committee every month, and I attend the<br />
monthly board meetings, having scheduled<br />
time on their agenda quarterly to discuss<br />
compliance issues. Being allowed to have<br />
this amount of face time with our board is<br />
a reflection of just how committed they are<br />
to having a compliance program that is well<br />
grounded and effective. Whenever there is<br />
something new to be implemented or there<br />
is an evolving issue that RHI is confronting,<br />
getting the board’s support early on goes a<br />
long way to keeping things moving forward.<br />
GW: I understand Rutherford Hospital<br />
participated in the OIG Roundtable discussion<br />
regarding dashboards and quality indicators.<br />
Tell us a little about your journey to<br />
developing your dashboard and how you and<br />
your organization are using the information.<br />
<strong>BP</strong>: One of the unintended consequences<br />
of developing the PCQ reporting channel<br />
was the increasing amount of data that was<br />
being reported to that committee. When you<br />
consider all the regulatory requirements that<br />
have been added to the compliance umbrella<br />
in the last several years, add on all the issues<br />
related to quality and patient safety, and<br />
then mix in personnel matters and physician<br />
credentialing, the PCQ members ended up<br />
in the proverbial position of “drinking from<br />
a fire hose.” There is only so much information<br />
that can be taken in, and we found that<br />
the PCQ members were being overwhelmed<br />
with data. Ultimately, some sort of filtering<br />
process had to be put into place and that’s<br />
where the dashboard came into play.<br />
We had already developed a basic dashboard<br />
format for tracking issues reported to our<br />
Quality Management Committee, so that<br />
model served as the starting point for what later<br />
became our corporate dashboard. Our CFO has<br />
been instrumental in championing this effort<br />
over the last 18 months, and it has proven to be<br />
a much more complex process than one would<br />
imagine. Identifying what information should<br />
be on the dashboard was just the tip of the<br />
iceberg. We then had to identify what objective<br />
comparative benchmarks would be used, what<br />
reporting thresholds would be established,<br />
what sources of data would be used, what the<br />
reporting period intervals would be, who would<br />
be responsible for compiling the data, how<br />
would the accuracy of the data be ensured, how<br />
would differing lag times in data availability<br />
be handled, etc. But in the end, the dashboard<br />
is serving its purpose; it is focusing the PCQ<br />
member’s attention on not only our current<br />
status on important issues, but it is also allowing<br />
them to monitor trending over time – something<br />
that is critical when making decisions on<br />
the appropriate allocation of finite resources.<br />
GW: Tell us about the resources you find<br />
helpful for moving your program forward.<br />
<strong>BP</strong>: During my years as a nursing home<br />
administrator, I looked to national and state<br />
professional associations as my primary<br />
resources for information and education.<br />
When I became a compliance officer in 1998,<br />
the first thing I did was try to find a comparable<br />
professional organization that I could<br />
look to for help. That’s when I first became<br />
aware of HCCA, and I’ve depended on them<br />
ever since for resources that would help me be<br />
successful in my new role. I still have a well<br />
worn copy of The <strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong><br />
Professional’s Manual sitting on my office shelf.<br />
It served me well when I was just getting<br />
Greg Warner<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
started and it served me well when I was preparing<br />
for my CHC credential.<br />
I‘ve attended at least one HCCA conference<br />
every year since 1998 and they have provided<br />
more than just food for thought. There is<br />
a real and obvious value in hearing what<br />
the leaders in our industry have to say<br />
about properly building and maintaining a<br />
compliance program. But to also hear directly<br />
from leaders of regulatory and enforcement<br />
agencies - to actually hear first hand their<br />
thoughts, concerns, and ideas – has provided<br />
just so much more value. The conferences also<br />
serve as my “early warning system” when new<br />
things are coming down the pipeline. RHI<br />
has a history of being an early adopter and<br />
that has proven to be true for our compliance<br />
program as well – thanks in large part to the<br />
contacts I’ve made through HCCA.<br />
GW: How do you see <strong>Compliance</strong><br />
evolving? That is, will we continue to integrate<br />
with Quality, Accreditation, Safety, etc.<br />
or should we be more stand–alone?<br />
<strong>BP</strong>: When I started in this field, <strong>Compliance</strong><br />
was truly only about coding and billing, and<br />
there was enough regulatory risk there (and<br />
still is) to go around. But now we all know<br />
that it’s not just coding and billing that can<br />
land your organization in the hot seat. A<br />
groundskeeper improperly disposing of excess<br />
Continued on page 16<br />
15<br />
March 2009
Meet Bill Parke ...continued from page 15<br />
pesticides can get you into an awful lot of<br />
difficulty, too. In an increasingly complex<br />
regulatory environment, the <strong>Compliance</strong> discipline<br />
we have honed over the years with its<br />
metrics of clear standards – responsible leadership,<br />
adequate training, internal controls,<br />
reporting mechanisms, and corrective action<br />
– are applicable across the entire enterprise.<br />
Our philosophy is to make our compliance<br />
program a resource for helping stakeholders<br />
manage regulatory risk wherever it is found<br />
– from EMTALA to disaster preparedness,<br />
from HIPAA to wage and hour laws.<br />
That doesn’t mean we “own” those operational<br />
processes, only that we assist those<br />
who do own them to manage them in a more<br />
consistent manner. For example, in the last<br />
couple years we found ourselves assisting in<br />
matters related to governance. Specifically,<br />
we helped our board incorporate certain<br />
elements of Sarbanes Oxley into their committee<br />
processes and we also helped establish<br />
a rebuttable presumption process to protect<br />
against excess benefit transactions. This year<br />
we’ll be keeping up with the work being<br />
done to comply with the new IRS Form 990<br />
reporting requirements and, relatedly, assisting<br />
in the refinement of the processes for the<br />
gathering and compiling of information that<br />
will be incorporated into our Community<br />
Benefit program. Our assistance is pretty<br />
much always the same, no matter what regulation<br />
is at issue. We go back to those basic<br />
compliance metrics and try to apply them<br />
through the same model.<br />
Personally, I think that <strong>Compliance</strong> will<br />
soon become so common an expectation that<br />
it will become essentially ubiquitous in all areas<br />
of operations. I can envision a time when we<br />
will no longer have discussions about what<br />
operational process is – and what operational<br />
process is not – included in “<strong>Compliance</strong>.”<br />
The real discussion will be (1) What’s the<br />
regulation? (2) How do we ensure an on-going<br />
compliant process that meets the regulation?<br />
and (3) How do we prove it? Much like Performance<br />
Improvement, I think that <strong>Compliance</strong><br />
will ultimately be a built-in expectation.<br />
GW: What areas of your compliance<br />
responsibilities do you find particularly challenging<br />
and/or rewarding?<br />
<strong>BP</strong>: I see several emerging issues on the<br />
horizon that are going to be challenging. I<br />
am just now starting to sort through how to<br />
identify my role in ensuring the integrity of<br />
the data that RHI collects and presents to<br />
others. In this day of reimbursements that<br />
are linked to performance outcomes, etc.,<br />
just how far down in the weeds should a<br />
compliance officer go to validate the accuracy<br />
of data being reported and to ensure that no<br />
one has “tinkered” with it?<br />
I also think that we’ll need to revisit data<br />
privacy and security again soon. The electronic<br />
world that we now live in is far different<br />
from that of even 5 years ago. Because<br />
potable devices and the Internet are now<br />
pervasive everywhere in our lives (and perhaps<br />
because we are now hiring a generation<br />
of workers who literally grew up with them),<br />
it is my perception that we have grown far<br />
too casual in the use of emerging technologies.<br />
Staff are going to need renewed privacy<br />
and security training that has been updated<br />
to the paradigm of smart phones, picture<br />
phones, instant messaging, social networking,<br />
etc. I find it inexplicable that the same staff<br />
who would never share sensitive information<br />
in the course of their job duties are having a<br />
hard time seeing why it’s a problem putting<br />
that same sensitive information on MySpace.<br />
Likewise, our IT departments are going to<br />
need a lot of support in painting bright–lines<br />
as they move towards the goal of an interoperable<br />
health record. I serve on a work group in<br />
western North Carolina that is helping with<br />
the development of a RHIO [Regional <strong>Health</strong><br />
Information Organization]. The potential<br />
benefits are amazing, but ensuring that proper<br />
internal controls are effectively deployed to keep<br />
up with the rapid evolution of connectivity and<br />
data-sharing regionally is a unique challenge.<br />
But by far, the place where I find myself<br />
spending the most time recently is in the area<br />
of contracts. Like the rest of the country, our<br />
area is experiencing a realignment of hospital<br />
and local medical community. Through<br />
employment and/or acquisition, RHI has<br />
been changing the nature of our relationships<br />
with several physicians/physician practices.<br />
That has meant a lot of work to ensure that<br />
every process step along the way was compliant.<br />
Whether that step involved business<br />
valuation, facility appraisal, pro forma development,<br />
compensation modeling, or crafting<br />
purchase or employment agreements, we had<br />
a great deal of due diligence to complete.<br />
GW: In your role as a mentor, what advice<br />
would you give to a junior associate who is<br />
interested in <strong>Compliance</strong>?<br />
<strong>BP</strong>: As I said, I was fortunate to be<br />
allowed to hire a <strong>Compliance</strong> Assistant this<br />
year. Although she has health care experience,<br />
none of it is in the compliance field. As we<br />
talked about her interest in the position, I<br />
gave her some things to think about as she<br />
considered whether or not she wanted to<br />
jump into <strong>Compliance</strong> as a career. First, be<br />
patient and take it one piece at a time. There<br />
is no way that anyone can absorb all there<br />
is to know about health care compliance<br />
without spending a good amount of time<br />
in the field working and studying. No one<br />
has it all under their belt – that is why peer<br />
relationships are so important.<br />
Second (and this may reflect my own<br />
experiential bias), be willing to get out of the<br />
office, walk around, and be visible. Get to<br />
know health care operations whenever and<br />
wherever you can; spend time in peoples’<br />
work environment to get a better understanding<br />
of what they are really dealing with.<br />
Be curious and don’t be afraid to ask ques-<br />
March 2009<br />
16<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
tions anytime, anywhere.<br />
Third, understand that when you have seen one compliance program you have<br />
seen just that – one compliance program. The model that I helped put together,<br />
though based on the OIG’s Model Guidance, is unique to RHI and may be absolutely<br />
wrong for another organization. Guidance is just that, guidance. It’s the level<br />
of commitment of the people working within that proven, general framework who<br />
will ultimately make a compliance program rise or fall.<br />
Fourth, understand that you have to work with and through other people in the<br />
organization to get things done. The overwhelming majority of them want to do<br />
their jobs correctly, so appreciate them and value their time and efforts accordingly.<br />
And lastly, when push comes to shove (and it will), be willing to stand for<br />
what is right, even when that stance is less than popular. A zeal for doing things<br />
right, coupled with a thick skin and a measure of compassion, will go a long<br />
way in making a successful compliance officer.<br />
GW: In the slowing economy with health care entities needing to reduce<br />
expenses, what are the best arguments we can make to our management to<br />
preserve our <strong>Compliance</strong> budgets?<br />
<strong>BP</strong>: Trying to quantify the financial benefit of a compliance program has<br />
always been hard. How do you identify the cost of a violation that didn’t happen<br />
because there was a mechanism in place that ensured that the process in question<br />
was compliant? I don’t know. But I do know that it is extremely expensive when<br />
things do go wrong. Conducting even an internal investigation is costly - much<br />
more so when a third party has to be brought in to assist or advise. And the time<br />
spent on such an investigation has an associated opportunity cost as well, i.e.<br />
every hour spent investigating is an hour not spent on the training, monitoring,<br />
etc. necessary to prevent the next problem from happening.<br />
Maybe we should try to identify other ways that the compliance program can<br />
be leveraged to help an organization. If you look around today, the demand for<br />
accountability and transparency is coming from everywhere. I would think that<br />
an effective compliance program may have added value to the organization in<br />
meeting those demands. Perhaps using some of the metrics of the <strong>Compliance</strong><br />
discipline as a spring board for driving performance improvement efforts is<br />
another way of demonstrating value. As I said earlier, <strong>Compliance</strong> is not going<br />
away, but it may become something much more built-in.<br />
GW: Bill, thanks for taking time to share these comments. What other<br />
observations would you like to share with your HCCA member colleagues?<br />
<strong>BP</strong>: I feel privileged to have been allowed to work in this field for the last 10<br />
years and I’ve enjoyed seeing it grow and mature into a valued field of expertise.<br />
I find it refreshing to see the new faces of a younger generation joining our<br />
ranks. They are young professionals seeking careers in a field that, not so long<br />
ago, didn’t even exist. That’s amazing. It’s an exciting time to be in health care,<br />
I hope they think so too. <strong>Compliance</strong> is a fascinating field with new adventures<br />
every day. It is the very best job there is. n<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
17<br />
March 2009
Ethics works if everybody is<br />
ethical<br />
I have been in a constant battle with the entire universe about <strong>Compliance</strong><br />
vs. Ethics. I feel ethics is an outcome (there is at least one exception)<br />
and compliance is a process that leads to ethical behavior. You<br />
can’t talk about ethical behavior and achieve an ethical environment;<br />
you must enforce it with the Seven Elements of <strong>Compliance</strong>. Please<br />
send all your hate mail to Dan Roach at droach@chw.edu. He will<br />
agree with you, he is on our Board, and he will beat me up personally.<br />
If you want to get to me directly, e-mail me at roy.snell@hcca-info.org.<br />
I will forward them all to Dan.<br />
Let’s talk about the exception I know of. There may be more, but I<br />
haven’t seen it. By looking at this exception, I think you will see how<br />
rare it is. You will see how unrealistic it is. It’s extremely difficult<br />
to duplicate. The exception is professional golfers. I am sure there<br />
are a few exceptions, but these guys are maniacally honest. They call<br />
penalties on themselves all the time. They can do it, because they all<br />
do it. Everyone expects it. It is an ethical culture, because somebody<br />
said it would be ethical and it worked. Everyone agreed and followed<br />
through.<br />
Let me give you the most amazing example. J.P. (John) Hayes was<br />
playing in the PGA tour qualifier. Qualify and you play in most any<br />
tournament you want the next year. If you don’t qualify, you can still<br />
play in some tournaments but the financial difference is staggering.<br />
J.P. played in the qualifier and, for two strokes, used a ball that was not<br />
“approved.” He realized his mistake immediately and changed balls.<br />
On the hole where he used the unapproved ball, he played badly, one<br />
over par. A few days after the qualifier, he realized that there was a<br />
rule stating that if you used an unapproved ball, even for one shot,<br />
you were disqualified. He called the ball manufacture, who said the<br />
ball would probably be approved but it was as he thought, not yet<br />
approved.<br />
No one saw him play it. No one would<br />
ever know he played it. If he called and<br />
turned himself in, it would make life very<br />
difficult for him and his family. He did<br />
not hesitate. He called and told the Professional<br />
Golfers <strong>Association</strong> that he must<br />
be disqualified. With a few exceptions, he<br />
will not be playing on tour next year.<br />
ROY sNELL<br />
As a side note, almost all tournaments have a couple exemptions they<br />
give out to anyone. They often give their few exemptions to someone<br />
who will be a big draw, some young up-and-comer for example. J.P.<br />
Hayes does not qualify as a draw, but those people better all give him<br />
one of their exemptions or they will be hearing from me. I am sure<br />
they are quaking in their boots.<br />
Golfers are the real deal. J.P. Hayes exemplifies what we are all<br />
fighting for in compliance and ethics. The number of exemptions J.P.<br />
gets will be a great test of our society’s respect for integrity. Don’t hold<br />
your breath. As I write this, two Minnesota Viking football players<br />
have been suspended for the last four games of the season for using a<br />
banned substance. The Vikings have a shot at winning the division.<br />
The press has covered it more than the Hayes case. Lawyers are fighting<br />
to block the suspensions. A judge has issued a stay. The players<br />
union is spending hours defending these guys. Pardon my pessimism,<br />
but I just don’t think that the average person really gives a crap about<br />
Hayes. It was an interesting story for a while, but if you want to get<br />
everyone’s attention, start talking about winning a football game. That<br />
is why I think it is difficult to expect “ethics” to be enough or better<br />
or more effective than compliance. People don’t do what you expect;<br />
they do what you inspect. They don’t reward integrity; they reward<br />
winning, productivity, the bottom line, glamour, etc.<br />
When people tell me ethics is enough or better than compliance, I get<br />
mad. Like everyone, I wish it were true. I wish it would work. But<br />
if you look at the facts, such as there are few examples of cases where<br />
it works, it is difficult to support the concept that ethics is enough.<br />
Have I seen it work anywhere? Do I see constant examples where<br />
the ethics video by the CEO and code of conduct are not enough? I<br />
just don’t think that flailing away at variations of “do the right thing”<br />
works in many environments. Can you tell me another example,<br />
other than golf? I am sure there are a few companies. I can’t imagine<br />
there are many. And, if you do find an ethical environment, there<br />
is probably no tolerance for poor behavior. In other words, there are<br />
Continued on page 24<br />
March 2009<br />
18<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
The Jones Day/HCCA iPod ® Nano Giveaway!<br />
July 1, 2008 through June 30, 2009<br />
Contribute a compliance-related document to the HCCA <strong>Compliance</strong> Library and you could<br />
win an iPod Nano. Each month, the individual who submits the most documents to the library<br />
receives one of 12 iPod Nanos! This Giveaway begins July 1, 2008 and ends June 30, 2009.<br />
Log on to the HCCA web site (www.hcca-info.org) and go to “Communities” for more details<br />
about the Jones Day/HCCA iPod Giveaway!<br />
Share your ideas — contribute compliance-related documents to the HCCA <strong>Compliance</strong><br />
Library by emailing them to Caroline Lee Bivona at caroline.leebivona@hcca-info.org.<br />
About Jones Day . . .<br />
Jones Day’s <strong>Health</strong> <strong>Care</strong> Practice is an interdisciplinary practice team of legal counsel<br />
aligned to facilitate the exchange of information and targeted knowledge about the health<br />
care industry and the ever-changing health care regulations, to better meet our clients’<br />
needs. Learn more about Jones Day at www.jonesday.com.<br />
you can only win one iPod. hCCA/SCCe and Jones Day staff are not eligible for the giveaway.<br />
2300 lawyers in 30 locations. www.jonesday.com
HCCA’s New Research <strong>Compliance</strong> Guide<br />
Research <strong>Compliance</strong><br />
Professional’s Handbook<br />
The Practical Guide to Building and Maintaining<br />
a Clinical Research <strong>Compliance</strong> & Ethics Program<br />
Clinical research is highly regulated,<br />
so the role of compliance professionals<br />
is vital to meeting the demands<br />
of a wide range of governing entities.<br />
HCCA’s new reference manual,<br />
Research <strong>Compliance</strong> Professional’s<br />
Handbook, offers comprehensive, upto-date<br />
guidance to get you on the right<br />
track. Written by experts with hands-on<br />
experience in clinical research compliance,<br />
this book is intended for anyone<br />
with compliance duties or a need to<br />
understand such key areas as:<br />
Order Now<br />
• human subject protections<br />
• scientific misconduct<br />
• conflicts of interest<br />
• grant and trial accounting<br />
• effort reporting<br />
• privacy and security<br />
• clinical trial billing<br />
• records management<br />
• data monitoring committees<br />
• role of oversight entities<br />
• auditing & monitoring<br />
• integrating research compliance<br />
into corporate compliance<br />
Qty<br />
Cost<br />
HCCA Members ...................................$149.00<br />
Non-members .....................................$169.00<br />
Join HCCA! Non-members, add $200<br />
and pay the member price for your order ................$200.00<br />
(Regular dues $295/year)<br />
Please type or print:<br />
HCCA Member ID<br />
First Name M.I. Last Name<br />
Title<br />
Organization<br />
Street Address<br />
City State Zip<br />
Telephone<br />
Fax<br />
E-mail<br />
Mail check to: 6500 Barrie Road, Suite 250<br />
Minneapolis, MN 55435<br />
Fax order to: 952-988-0146<br />
Total: $<br />
My organization is tax exempt<br />
Check enclosed (payable to HCCA)<br />
Invoice me PO #<br />
Charge my: Mastercard VISA American Express<br />
Credit Card Account Number<br />
Credit Card Expiration Date<br />
Cardholder’s name<br />
Cardholder’s signature<br />
Prices subject to change without notice. HCCA is required to charge sales<br />
tax on purchases from Minnesota and Pennsylvania. Please calculate this<br />
in the cost of your order. The required sales tax in Pennsylvania is 7% and<br />
Minnesota is 6.5%. All purchases receive free FedEx Ground shipping<br />
within continental U.S. (Federal Tax ID: 23-2882664)<br />
6500 Barrie Road, Suite 250<br />
Minneapolis, MN 55435<br />
Phone 888-580-8373 | Fax 952-988-0146<br />
www.hcca-info.org | info@hcca-info.org
RAC demonstrations<br />
and inpatient<br />
rehabilitation –<br />
Vision of things to<br />
come?<br />
Editor’s note: Jane Snecinski is Principal at Noblis,<br />
Center for <strong>Health</strong> Innovation, headquartered<br />
in Falls Church, VA. Ms. Snecinski may be<br />
reached by e-mail at jane.snecinski@noblis.org<br />
for additional information.<br />
The past two years have proven to be<br />
very challenging for providers of rehabilitation<br />
services—both inpatient and<br />
outpatient. This article is one of two specifically<br />
written to focus on the compliance issues<br />
that have been brought into focus by the<br />
Recovery Audit Contractors (RACs). These<br />
issues have increased the financial risk for<br />
providers of rehabilitation services. This article<br />
specifically looks at the issues for providers of<br />
inpatient rehabilitation services.<br />
For providers of inpatient rehabilitation<br />
programs, the change with the greatest public<br />
awareness has been the increased focus on the<br />
“75% Rule,” which has been modified in regulation<br />
to have a 60% threshold; that is, 60% of the<br />
patients admitted to an inpatient rehabilitation<br />
program must have a diagnosis that is included<br />
in a list identified in regulation. In addition to<br />
having the diagnosis identified, the medical<br />
record must support that the beneficiary has<br />
received treatment for the identified diagnosis.<br />
If the threshold is not maintained on an annual<br />
basis, the organization stands the risk of losing<br />
their Medicare rehabilitation provider status.<br />
However, although the enforcement of the<br />
By Jane Snecinski, FACHE<br />
75% Rule has placed an increased focus<br />
on the diagnoses of the patients admitted<br />
to inpatient rehabilitation programs, the<br />
work of the demonstration Recovery Audit<br />
Contractors (RACs) has the potential to<br />
have a staggering significant and immediate<br />
financial impact on any provider of<br />
inpatient rehabilitation programs/services.<br />
The focus of these audits, primarily, has been<br />
on “medical necessity,” as defined by federal<br />
regulation, guidelines, and the Conditions<br />
of Participation for inpatient rehabilitation.<br />
Moreover, even though medical necessity is a<br />
long-standing cornerstone of health care, the<br />
review of medical necessity is relatively new<br />
to the rehab market. This issue, it appears,<br />
is even more important than a diagnosis<br />
that is identified as compliant with the 75%<br />
Rule, because if the admission to inpatient<br />
rehabilitation is not deemed medically necessary,<br />
then the admission is denied—even if<br />
the patient has a “compliant” diagnosis.<br />
As addressed in Section 306 of the Medicare<br />
Prescription Drug Improvement and<br />
Modernization Act of 2003, the RAC demonstration<br />
project began in 2005 in Florida,<br />
California, and New York. The RACs have<br />
several objectives, but they are incentivized<br />
to recoup reimbursement for the Medicare<br />
program through denials of reimbursement<br />
for services. Inpatient rehabilitation was<br />
a primary focus of the RAC efforts in the<br />
demonstration states, including California<br />
and Florida. Although the plan was for CMS<br />
to expand the RAC program to all states<br />
within an established timeline, they have<br />
accelerated their implementation plan, due<br />
to the perceived success of the program. It<br />
is anticipated that the RAC program will<br />
be instituted in all states by 2009 (slightly<br />
delayed from the original plan).<br />
The mission of the RAC demonstration<br />
project (announced January 11, 2005) was to<br />
“reduce Medicare improper payments through<br />
the efficient detection and collection of overpayments<br />
and underpayments and the implementation<br />
of actions that will prevent future<br />
improper payments.” 1 Because the range of<br />
providers that receive Medicare payment is so<br />
broad, post acute providers, specifically providers<br />
of inpatient and outpatient rehabilitation,<br />
were reviewed by the RACs within the scope<br />
of their contract. As with all Medicare providers,<br />
improper payments in the post acute settings<br />
can be received for three primary reasons:<br />
n Services are provided and payment<br />
received for services that have not been<br />
deemed as ‘medically necessary’ for the<br />
level of care in which they were provided;<br />
n Codes/scores are submitted that result in<br />
payment that may not be completely correct<br />
or accurate, (e.g., inaccurate diagnostic<br />
coding, inaccurate coding of functional<br />
status, coding of diagnoses without documentation<br />
of treatment); and<br />
n The medical record/documentation does<br />
not ‘tell the story’ and provide enough<br />
support for the claim for which payment<br />
has been received.<br />
The understanding of these issues and integration<br />
into the documentation of inpatient<br />
rehabilitation, as well as proactive auditing and<br />
associated corrective actions, will be critical to<br />
surviving under the permanent RAC program.<br />
Continued on page 22<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
21<br />
March 2009
RAC demonstrations and inpatient rehabilitation – Vision of things to come? ...continued from page 21<br />
The impact on inpatient rehabilitation<br />
The RAC demonstration project resulted in the<br />
identification of approximately $1.03 billion in<br />
improper payments (actual figures vary slightly,<br />
based on source). Of that amount, $59.7 million<br />
or 6% of the total was identified from inpatient<br />
rehabilitation providers. (These figures represent<br />
the dollar amounts without adjustment for<br />
successful appeal processes.) The efforts focusing<br />
on inpatient rehabilitation providers did not take<br />
place in all three RAC demonstration states, but<br />
only in California. The most recent evaluation<br />
of the demonstration project reports: “The RAC<br />
demonstration had a limited financial impact<br />
on most providers,” however this was clearly not<br />
the case for the inpatient rehabilitation providers<br />
in California. Moreover, even an informal<br />
extrapolation to all of the 50 states will provide<br />
the reader with the potential impact of these<br />
denials on a larger scale.<br />
The following table depicts the circumstances,<br />
or noted errors that resulted in the improper<br />
payments.<br />
Table 1: Overpayments Collected by Error<br />
and Provider Type 2<br />
Error Type<br />
Percent of Total<br />
Medically Unnecessary 5.63<br />
Incorrectly Coded 0.00<br />
No/Insufficient Documentation<br />
0.44<br />
Other 0.00<br />
Total 6.07<br />
When considering the error type, it is clear<br />
that the comprehensiveness and accuracy of<br />
the documentation of the patient’s stay in an<br />
inpatient rehabilitation program is a key factor<br />
in the denial process; that is, the ability of the<br />
medical record to “tell the story” and demonstrate,<br />
without a doubt, that the patient required<br />
an admission to an inpatient rehabilitation program<br />
to care for their medical and rehabilitation<br />
needs, and that the diagnoses identified were<br />
treated during the hospital stay.<br />
Medical necessity – What does that mean?<br />
There is no standardized definition or interpretation<br />
of ‘medical necessity,’ which leads to<br />
confusion as to the necessary content of medical<br />
record documentation and what to review<br />
as part of a proactive audit. It is important to<br />
keep in mind that inpatient rehabilitation beds<br />
are licensed as acute care beds and certified<br />
by Medicare as inpatient rehabilitation beds.<br />
Therefore, it is important to document that the<br />
patients have a medical condition(s) that, in<br />
conjunction with their needs for an intensive,<br />
inpatient rehabilitation program, require<br />
admission to a licensed acute care bed that has<br />
been certified by Medicare as a ‘rehabilitation<br />
bed.’ If a patient does not exhibit the medical<br />
need or does not need, cannot tolerate therapy,<br />
or could make as much progress from another<br />
level of care, then it is the perception of the<br />
RAC that the patient could be admitted to<br />
another level of care and medical necessity for<br />
inpatient rehabilitation is not demonstrated.<br />
When describing medical necessity for<br />
inpatient rehabilitation, all sources refer<br />
to the Medicare Beneficiary Manual, 3<br />
Chapter 1, Section 110: Inpatient Stays for<br />
Rehabilitation <strong>Care</strong>, and the Code of Federal<br />
Regulations. 4 In the Medicare Beneficiary<br />
Manual, the following caveats are provided:<br />
n “The services must be reasonable and<br />
necessary (in terms of efficacy, duration,<br />
frequency and amount) for the treatment<br />
of the patient’s condition; and<br />
n It must be reasonable and necessary to<br />
furnish the care on an inpatient hospital<br />
basis, rather than in a less intensive facility<br />
such as a SNF, on an outpatient basis.”<br />
In order for the admission to be medically<br />
necessary, patients admitted to an exempt<br />
inpatient rehabilitation program must require<br />
and receive care as described in Medicare<br />
Beneficiary Manual, Chapter 1, Section<br />
110. There are several components in the<br />
chapter that note: if a particular component<br />
in isolation was not provided, that, in and<br />
of itself, would not be justification of denying<br />
payment. However, although the RAC<br />
identification of improper payment for<br />
“medical necessity” did not identify specific<br />
components of the referenced chapter as not<br />
having been demonstrated, it stands to reason<br />
that when documentation does not support<br />
several of the components, medical necessity<br />
may be questioned. The specific components<br />
identified in this document are:<br />
1. Preadmission screening<br />
2. Admission orders<br />
3. Inpatient assessment of individual’s status<br />
and potential for rehabilitation<br />
In addition to these issues, there are basic<br />
Hospital Screening Criteria as identified in<br />
the Code of Federal Regulations, Section 42:<br />
1. Close medical supervision by a physician<br />
with specialized training or experience in<br />
rehabilitation;<br />
2. Rehabilitation nursing;<br />
3. Relatively intense level of rehabilitation<br />
services;<br />
4. Multi-disciplinary team approach to<br />
delivery of program;<br />
5. Coordinated program of care;<br />
6. Realistic goals; and<br />
7. Significant practical improvement.<br />
What is interesting to note is that although<br />
most inpatient rehabilitation providers are<br />
knowledgeable about these conditions, they<br />
have not internalized them into practice<br />
within their delivery of care. Therefore, the<br />
documentation of the patient’s care is unlikely<br />
to focus on the issues to demonstrate the<br />
medical necessity as described in the Manual<br />
chapter. It is this situation that places an inpatient<br />
rehabilitation provider at risk under the<br />
March 2009<br />
22<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
RAC program. The documentation of these<br />
conditions, then, is integral to a successful<br />
proactive audit of inpatient rehabilitation.<br />
Proactive auditing in preparation for the RACs<br />
A proactive RAC audit should be conducted<br />
by individuals who have clinical knowledge<br />
of multiple levels of post acute care as well as<br />
the regulations, Medicare Beneficiary Manual,<br />
and Hospital Screening Criteria for inpatient<br />
rehabilitation, so it can be determined if the<br />
medical record supports the admission of<br />
the patient to inpatient rehabilitation versus<br />
any other level of care. An in-depth working<br />
knowledge is valuable, not only in identifying<br />
issues, but in developing corrective actions to<br />
improve document and support the admission<br />
to inpatient rehabilitation, if possible. Because<br />
the definition of “medical necessity” is not<br />
crystal clear, it is suggested that the strictest<br />
interpretation of the criteria for inpatient<br />
rehabilitation be used during the audit.<br />
A word of caution is given, however, that after<br />
the audit is complete, it may become evident<br />
that the documentation does not support<br />
admission to inpatient care, because the<br />
patient’s condition is actually more appropriate<br />
for another level of care. Hopefully<br />
however, the audit will reveal that the patient<br />
is appropriate for an inpatient rehabilitation<br />
program, but some components are missing<br />
from the medical record. Then, corrective<br />
actions can be implemented to improve<br />
documentation to support the admission.<br />
The following questions should be positively<br />
answered, without a doubt, as a result of an<br />
audit of inpatient rehabilitation records:<br />
1. Preadmission screening<br />
Does the documentation of the preadmission<br />
screening reflect the decision-making process<br />
and justification for why the patient has to<br />
be admitted to an inpatient rehabilitation<br />
program versus any other level of care?<br />
2. Admission orders<br />
Do the admission orders for inpatient<br />
rehabilitation reflect care and an intensity<br />
that cannot be provided in any other level<br />
of care? (For example, many orders reflect<br />
services to “evaluate and treat,” but evaluation<br />
and treatment can be provided in<br />
many levels of care, not only an inpatient<br />
rehabilitation setting.)<br />
3. Inpatient assessment of individual’s<br />
status and potential for rehabilitation<br />
oes the result of the assessment of the<br />
patient, in the initial assessment period,<br />
support the lack of functional abilities<br />
that would require an admission to an<br />
inpatient rehabilitation level of care?<br />
4. Close medical supervision by a physician<br />
with specialized training or experience<br />
in rehabilitation<br />
Is there a rehabilitation physician providing<br />
close medical supervision, and does<br />
the medical record (e.g., physician progress<br />
notes, etc.) demonstrate the medical necessity<br />
of the physician’s involvement in the patient’s<br />
care? (For example, a physician’s note<br />
consisting of “Vital signs stable. Continue<br />
rehab” does not contain the content necessary<br />
to support an inpatient rehabilitation<br />
stay, a physician’s visit, or a hospital stay.)<br />
5. Rehabilitation nursing<br />
Is the nursing documentation unique for<br />
inpatient rehabilitation and reflect the<br />
need for rehabilitation nursing?<br />
6. Relatively intense level of rehabilitation<br />
services<br />
Is there evidence that the patient received<br />
a minimum of three hours of physical<br />
and occupational therapy and/or speech<br />
language pathology for a minimum of five<br />
days for each seven days?<br />
7. Multi-disciplinary team approach to<br />
delivery of program<br />
Is there team documentation clearly<br />
reflected as the primary focus of care, or<br />
is care represented by documentation of<br />
unique disciplines,(e.g., physical therapy,<br />
nursing, etc.)?<br />
8. Coordinated program of care<br />
Is there an interdisciplinary plan of care<br />
and is there discussion of the implementation<br />
and accomplishment of the plan of<br />
care in a conference?<br />
9. Realistic goals<br />
Can the patient achieve the identified goals<br />
and does the patient need intensive rehabilitation<br />
services, rehabilitation nursing, and<br />
an interdisciplinary approach to do so?<br />
10. Significant practical improvement<br />
Did the patient make significant improvement<br />
as a result of participation in the<br />
program or did the progress occur regardless<br />
of the program? (For example, if a patient<br />
did not receive an interdisciplinary approach,<br />
rehabilitation nursing, and an intensive level<br />
of therapy, then the patient could have made<br />
the same progress in another level of care.)<br />
In summary, the regulations and criterion<br />
referenced in order to demonstrate medical necessity<br />
are not new, but the RACs significantly and<br />
quickly increased the scrutiny placed on inpatient<br />
rehabilitation providers to demonstrate meeting<br />
these criteria. The majority of denials for improper<br />
payments to inpatient rehabilitation providers in<br />
the RAC demonstration project were the result<br />
of a lack of documentation as medical necessity.<br />
A proactive audit is the best way to identify and<br />
resolve any potential issues beforehand that could<br />
be problematic during a RAC audit for inpatient<br />
rehabilitation. n<br />
1 Available at www.cms.hhs.gov/RAC/05_MissionStatement.asp<br />
2 The Medicare RAC Program: An Evaluation of the 3-Year Demonstration,<br />
June, 2008. Available at http://www.cms.hhs.gov/RAC/Downloads/RAC%20Evaluation%20Report.pdf.<br />
3 Medicare Benefit Policy Manual, Chapter 1 – Inpatient Hospital Services<br />
Covered Under Part A, “Inpatient Stays for Rehabilitation <strong>Care</strong>”<br />
Available at http://www.cms.hhs.gov/manuals/downloads/bp102c01.pdf<br />
4 Available at http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr&rgn=div<br />
6&view=text&node=42:4.0.1.4.18.1&idno=42<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
23<br />
March 2009
CEO: ...continued from page 18<br />
probably auditing and monitoring, enforcement discipline, etc. supporting<br />
the ethical behavior. Golf is the only place where I see little enforcement and<br />
tremendous results. It doesn’t work in any other sport I know of. If a player<br />
called a foul on themselves in football, they would be gone in 60 seconds.<br />
Quality of <strong>Care</strong><br />
March 5 and 13, 2009, Two Parts<br />
The Agency for <strong>Health</strong>care Research and Quality<br />
(AHRQ) Guide on Adoption of <strong>Health</strong> <strong>Care</strong><br />
Innovations – What does mean? Where are we<br />
now?<br />
Lisa Murtha, Managing Director <strong>Health</strong> and<br />
Education Consulting Practice Huron Consulting<br />
Group, and <strong>Compliance</strong> Officer<br />
Cheryl Wagonhurst, Partner, Foley and Lardner<br />
Cory Flickinger, Huron Consulting Group.<br />
Conflict of Interest<br />
March 12, 2009<br />
Kendra Diamond, Director,<br />
Daylight Forensic & Advisory LLC,<br />
Angelia Dorsey, Research Ccompliance Officer,<br />
MedStar <strong>Health</strong><br />
<strong>Health</strong> <strong>Care</strong> IT Security –<br />
A Corporate <strong>Compliance</strong><br />
Matter March 24, 2009<br />
Carolyn Regen, Interim Chief <strong>Compliance</strong> Officer<br />
and Privacy Officer of the Corporate <strong>Compliance</strong><br />
and Privacy Administration of Gwinnett Hospital<br />
System, Inc.<br />
Michele Madison, Partner<br />
Morris, Manning & Martin LLP<br />
J. Tom Jinks, Director,<br />
Moore Colson<br />
Bret Roy, Partner,<br />
Moore Colson<br />
To Register visit<br />
www.hcca-info.org<br />
Past Audio/Web conferences are<br />
available on CD at<br />
www.hcca-info.org/pastweb<br />
For instance, all four of my girls play(ed) volleyball. The coaches don’t teach the<br />
players to call fouls on themselves. I used to play volleyball in pick-up games<br />
without refs at the YMCA. We had to use the honor system, somewhat like golf.<br />
There were disagreements, but most of the players were pretty good about it. In<br />
volleyball, you can’t touch the net. The one rule that stood out the most was: If<br />
you touched the net, you would grab the net and shake it until the play stopped.<br />
My friends and I often called ourselves on the net when no one would ever have<br />
seen it. Some touches were so slight that the net hardly moved, but we knew and<br />
we would call it. I liked the integrity of those games at the YMCA. I want my<br />
daughters to play with integrity, but they don’t. They can’t.<br />
If they called a foul on themselves, nobody would accept it. The coach would<br />
blow a gasket. The players would ostracize them. The fans would boo them.<br />
In most cases, the refs wouldn’t even acknowledge the call. The system is set<br />
up to “get away with it if you can.” The system that works in golf is the only<br />
effective ethics system I know.<br />
I don’t think ethics alone will work. That is why the enforcement community<br />
requires compliance programs in some settlements and encourages them<br />
everywhere else. The US Sentencing Commission added ethics to the US<br />
Sentencing Guidelines recently, but judges still look for compliance programs<br />
to determine if a company is trying to find and fix problems. The judges don’t<br />
mandate ethics programs. Recently, a law was passed to mandate compliance<br />
programs for government contractors. The lobbyists got it reduced to a code of<br />
conduct, just before the regulation was published. The Department of Justice<br />
(DOJ) got mad and supported a “Contractors Fraud Loophole Act.” The<br />
Act said that government contractors had to implement the seven elements as<br />
described in the Sentencing Guidelines. The DOJ considered the last minute<br />
change from compliance to ethics to be a loophole. They want both, but they<br />
really are looking for compliance programs. I keep hearing the people who<br />
are horribly conflicted (they don’t want the pain and cost of compliance) or<br />
idealistic saying that ethics is enough. I keep hearing the people who are tired<br />
of chasing down cheaters (the enforcement community) say that if you want to<br />
be effective or if you want a break, put in a compliance program.<br />
Ethics works if every one is ethical. Everyone else needs a compliance<br />
program. Ethics is important. Having a code of ethics and telling everyone<br />
to do the right thing is important. However, if you want to get people to<br />
be ethical, you must establish standards and procedures, audit and monitor,<br />
investigate, discipline, train and educate, and report to the Board. n<br />
March 2009<br />
24<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
ASK<br />
LEADERSHIP<br />
<strong>Compliance</strong> Today<br />
Needs You!<br />
The <strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong><br />
(HCCA) is seeking authors for<br />
<strong>Compliance</strong> Today. Every month<br />
<strong>Compliance</strong> Today offers health care<br />
compliance professionals information<br />
on a wide-variety of enforcement, regulatory,<br />
legal, and compliance program<br />
development and management issues.<br />
To do this we need your help!<br />
We are particularly interested in articles<br />
covering compliance concerns involving<br />
all segments of the health care industry,<br />
including Behavioral <strong>Health</strong>, Rehabilitation,<br />
Physician practices, Long-Term<br />
<strong>Care</strong>, Homecare and hospice, Ambulatory<br />
Surgery Centers, etc.<br />
For Details: E-mail Margaret Dragon<br />
with your topic ideas, format questions,<br />
etc. at margaret.dragon@hcca-info.org or<br />
call her at 781/593-4924.<br />
Articles generally run between 1,250<br />
and 2,500 words; this is not a limit, just<br />
a guide. <strong>Compliance</strong> Today uses the<br />
Chicago Manual of Style. We require<br />
footnotes to be 10 or less. All references<br />
must appear at the end of the article.<br />
Please do not use the footnote feature in<br />
Word. The author’s contact information<br />
must be included in the article as well as<br />
the article title. Articles should be submitted<br />
as a Word document with very<br />
limited formatting. Anyone interested<br />
in submitting an article for publication<br />
in <strong>Compliance</strong> Today should send an<br />
email to margaret.dragon@hcca-info.<br />
org which includes the article topic and<br />
deadline selected from the list below.<br />
IMPORTANT: For those who are<br />
Certified In <strong>Health</strong>care <strong>Compliance</strong><br />
(CHC), please note that CCB awards<br />
2 CEUs to authors of articles<br />
published in <strong>Compliance</strong> Today.<br />
Upcoming <strong>Compliance</strong> Today Deadlines:<br />
n April 2<br />
n April 20<br />
n May 6<br />
n May 18<br />
n June 1<br />
n June 15<br />
John Falcetano<br />
John asks the leadership<br />
your questions<br />
Editor’s note: John Falcetano is Chief Audit/<strong>Compliance</strong><br />
Officer for University <strong>Health</strong> Systems of Eastern Carolina and<br />
a long-time member of HCCA. This column has been created<br />
to give members the opportunity to submit their questions by<br />
e-mail to jfalcetano@suddenlink.net and have John contact<br />
members of HCCA leadership for their response.<br />
QUESTION: What are Red Flag Identity Theft Rules and do they apply to health care<br />
organizations?<br />
Answer: provided by John C. Falcetano, MA, CHC, CIA, Chief Audit & <strong>Compliance</strong> Officer,<br />
University <strong>Health</strong> Systems of Eastern Carolina Greenville, NC<br />
The FDIC, along with the other federal financial institution regulatory agencies and the<br />
Federal Trade Commission, issued the Red Flags provision of the Fair and Accurate Credit<br />
Transactions Act in October 2007. The final rules and guidelines on identity theft red flags<br />
took effect on November 1, 2008, although enforcement has been suspended until May 2009.<br />
The rules require financial institutions to establish reasonable procedures for identifying and<br />
preventing identity theft.<br />
The rules apply to health care providers because they use consumer reports to check for<br />
criminal backgrounds and credit histories as part of their employment process. In addition,<br />
many health care providers are considered creditors, because they do not require payment when<br />
services are rendered. Creditors in the health care field must also watch for signs of medical<br />
identity theft (i.e., someone obtaining medical services or benefits by using stolen health insurance<br />
information).<br />
Although the rules allow organizations flexibility in establishing their own internal compliance<br />
programs, there are some mandatory requirements that must be included in order to comply<br />
with the rules. For example, the rules require:<br />
n Each financial institution or creditor to develop and implement a written identity theft<br />
prevention program to detect, prevent, and mitigate identity theft in connection with the<br />
opening of certain accounts or certain existing accounts.<br />
n Credit and debit card issuers to assess the validity of notifications of changes of address<br />
under certain circumstances.<br />
n If there is a conflict between information provided on applications and credit reports, financial<br />
institutions must review discrepancies.<br />
Examples of identity theft red flags that financial institutions should consider as part of their<br />
identity theft prevention programs are also included in the rules. Information about the rules<br />
can be found at: http://www.fdic.gov/news/news/financial/2007/fil07100.html n<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
25<br />
March 2009
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong>’s<br />
13th Annual <strong>Compliance</strong> Institute<br />
April 26–29, 2009 | Caesars Palace | Las Vegas, NV<br />
Register now at<br />
www.compliance-institute.org<br />
Register in MARCH<br />
and receive a free copy of Building<br />
a <strong>Care</strong>er in <strong>Compliance</strong> and Ethics *<br />
*New registrations only<br />
Updated Sessions<br />
• 512 Running Successful Hospital Exercises: Planning, Execution,<br />
and Assessment (Mitch Saruwatari, VP Quality and <strong>Compliance</strong>,<br />
LiveProcess; Michael Bowers, Director of Facilities & Engineering,<br />
Riverside County Regional Medical Center)<br />
• 711 Where’s That Policy? Solving the Pitfalls of Paper-Based<br />
and Internally Built Policy & Procedure Systems<br />
(Robert Tietjen, CEO, PolicyTech)<br />
• W1 The Road Ahead and How to Navigate It: Panel Discussion<br />
on Challenges for <strong>Health</strong> <strong>Care</strong> Organizations in 2009 and<br />
How to Address Them (Frank Sheeder, Partner, Jones Day)<br />
AGENDA<br />
AVAILABLE<br />
ONLINE<br />
GROUP<br />
DISCOUNTS<br />
AVAILABLE<br />
(see registration<br />
form)<br />
VISIT WWW.COMPLIANCE-INSTITUTE.ORG<br />
March 2009<br />
26<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
YOUR<br />
INFORMATION<br />
FYIFOR<br />
Declining economy has increased<br />
compliance risks<br />
On January 6, 2009, the <strong>Health</strong> <strong>Care</strong><br />
<strong>Compliance</strong> <strong>Association</strong> reported the results<br />
of a survey it recently conducted with the<br />
Society of Corporate <strong>Compliance</strong> and<br />
Ethics. The survey reveals that the declining<br />
economy may be increasing the risk of legal<br />
and ethics violations in business. In addition,<br />
this increased risk is occurring at a time when<br />
budgets to manage those risks are expected to<br />
at best hold steady, if not decline.<br />
The survey, based on an online questionnaire<br />
completed by more than 600 compliance and<br />
business ethics professionals, showed that<br />
85% feel that the current economy greatly<br />
or somewhat increases the risk of compliance<br />
and ethics failures. To download the entire<br />
survey results: http://www.hcca-info.org/<br />
Content/NavigationMenu/<strong>Compliance</strong>Resources/Surveys/Survey_Form.htm<br />
For the press release: http://www.hcca-info.<br />
org/Content/NavigationMenu/AboutH-<br />
CCA/PressReleases/SurveyResults.pdf<br />
Former HCCA President Odell Guyton<br />
recognized<br />
Society of Corporate <strong>Compliance</strong> and Ethics<br />
Co-Chair, <strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong><br />
Past President and Microsoft Corporation<br />
Director of <strong>Compliance</strong> Odell Guyton<br />
has been named to Ethisphere Magazine’s 100<br />
Most Influential People in Business Ethics<br />
2008. Also named to the prestigious list<br />
are United States President Barack Obama,<br />
Hedge Fund Chairman T. Boone Pickens,<br />
and Triple Pulitzer Prize winner and New<br />
York Times columnist Thomas Friedman. For<br />
the complete list: http://ethisphere.com/100-<br />
most-influential-people-in-businessethics-2008/<br />
n<br />
certified in<br />
CHC<br />
compliance<br />
healthcare<br />
The <strong>Compliance</strong> Certification Board (CCB) compliance certification<br />
examination is available in all 50 states. Join your peers and become<br />
Certified in <strong>Health</strong>care <strong>Compliance</strong> (CHC).<br />
CHC certification benefits:<br />
n Enhances the credibility of the<br />
compliance practitioner<br />
n Enhances the credibility of the<br />
compliance programs staffed by<br />
these certified professionals<br />
n Assures that each certified<br />
compliance practitioner has the<br />
broad knowledge base necessary<br />
to perform the compliance<br />
function<br />
n Establishes professional standards<br />
and status for compliance<br />
professionals<br />
n Facilitates compliance work<br />
for compliance practitioners in<br />
dealing with other professionals<br />
in the industry, such as<br />
physicians and attorneys<br />
n Demonstrates the hard work and<br />
dedication necessary to perform<br />
the compliance task<br />
Since June 26, 2000, when CHC<br />
certification became available,<br />
hundreds of your colleagues have<br />
become Certified in <strong>Health</strong>care<br />
<strong>Compliance</strong>. Linda Wolverton,<br />
CHC, says she sought CHC<br />
certification because “many<br />
knowledgeable people work in<br />
compliance and I wanted my peers<br />
to recognize me as one of their<br />
own.”<br />
For more information about CHC<br />
certification, please call 888/580-8373,<br />
e-mail ccb@hcca-info.org or click on the<br />
CCB Certification button on the HCCA<br />
Web site at www.hcca-info.org<br />
The <strong>Compliance</strong><br />
Professional’s Certification<br />
Congratulations on achieving CHC status! The <strong>Compliance</strong><br />
Certification Board announces that the following individuals<br />
have recently successfully completed the Certified in <strong>Health</strong>care<br />
<strong>Compliance</strong> examination, earning CHC designation:<br />
Lisa J Adamson<br />
Katherine E Baxter<br />
Michael David Beck<br />
Robert H Bowker<br />
Pamela Elaine<br />
Brotherton-Sedano<br />
Camille Ann Cassell<br />
Michelle Lynn Castle<br />
Rocio Chavez<br />
Terri L. Clark<br />
Maureen Ann Clements<br />
Patrick Collins<br />
Charla R. Craig<br />
Lucas D. Crater<br />
Benjamin D. Cripps<br />
Tammy L. Danek<br />
Haley Beth Denzer<br />
Connie S. Dunn<br />
Michele Renee Durocher<br />
Deana Anne Estes<br />
Nayfe S. Faillace<br />
Grace Pamandanan<br />
Fernandez<br />
Diana D. Fourney<br />
Stephen Glenn Gerwolds<br />
Nancy Annette Godby<br />
Kim Renae Gonseth<br />
Carolyn Denise Graham<br />
Regina F. Gurvich<br />
Elizabeth Wade Hall<br />
Janet Anne Herbold<br />
Natalie A. Herron Welch<br />
Karla M. Homelvig<br />
Sharon K. Howard<br />
Dianna Dawn Johnson<br />
Donald R. Jones<br />
Thomas Robert Kane<br />
Jean Kelly<br />
Holly A. Kessler<br />
Ginny Kim<br />
Jennifer D. Malone<br />
Jennifer J. Mayberry<br />
Tina M. Meli<br />
Harlan L. Menkin<br />
Keith L. Morgan<br />
Lorelei C. Mulanax<br />
Joyce K.<br />
Nakamura-Tanoue<br />
Kimberly J. Oka<br />
Jeff Brian Paul<br />
Maria D. Pearson<br />
Shannon Ladon Perkins<br />
Karen Theresa Quintal<br />
Christy Heather<br />
Richardson<br />
Andrew Thomas Rosdahl<br />
James S. Rundell<br />
Marilyn K. Schmidt<br />
Debbie Schneider<br />
Patricia S. Slater<br />
Roianne Summers<br />
Donald Tannenbaum<br />
Tiffany Brooke Thompson<br />
Robert N. Ulrich<br />
Peggy Jo Upson<br />
Kayme L. Voelker<br />
Cynthia Lou Vordenbaum<br />
Blaire Ann Zummak<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
27<br />
March 2009
Physician office<br />
compliance – Are<br />
you monitoring<br />
your auditing and<br />
monitoring program?<br />
Editor’s note: Melissa Morales is a consultant<br />
working in the <strong>Health</strong>care Industries section of<br />
PricewaterhouseCoopers in San Francisco. She<br />
may be reached by e-mail at<br />
Melissa.Morales@us.pwc.com.<br />
Physician compliance auditing and<br />
monitoring programs can be unique,<br />
depending on the practice and<br />
type of provider operations. Such programs<br />
require specific experience and skill sets such<br />
as expertise in audit and coding, to determine<br />
what areas need to be monitored and how<br />
to develop work plans that encompass the<br />
organization’s high risk areas. Auditing and<br />
monitoring programs conduct various types<br />
of review throughout the year as part of an<br />
organization’s compliance plan to help prevent,<br />
detect, and correct noncompliance with<br />
regulations. The program is established on<br />
the fundamental aspects of the organization’s<br />
processes, such as charge capture, billing<br />
forms, claim scrubber functionality, physician<br />
education, compliance, and billing office<br />
operations.<br />
With the day-to-day perspective of an organization’s<br />
operation, it’s not uncommon for<br />
staff to become consumed with the routine of<br />
scheduled reviews, which may cause them to<br />
loose sight of the direction they are heading<br />
and any imperative trends. It’s important<br />
to take a step back and evaluate any data<br />
collected and analyze those results. <strong>Care</strong>ful<br />
By Melissa Morales, CPC<br />
analysis of such data can help identify trends<br />
and/or abnormalities that are not often apparent<br />
on the surface of a review. Without such<br />
analysis, you could be missing key opportunities<br />
for change and corrective action.<br />
So what should be incorporated in an<br />
auditing and monitoring program to prevent<br />
process breakdown?<br />
First, you must ascertain the organization’s<br />
compliance mission and objectives, such as<br />
safeguarding health information, assigning<br />
subject matter experts to the audit process,<br />
and identify key high-risk areas. Organizations<br />
should also use the current year’s Office<br />
of the Inspector General (OIG) Work Plan 1<br />
as a base to identify various factors, events,<br />
emerging issues, and any priority shifts within<br />
Congress that may be an area of concern in<br />
the upcoming year.<br />
Secondly, the organization should perform a<br />
risk assessment, and determine areas of high<br />
concern. This will allow for better determination<br />
of what should be a high priority within<br />
the practice, allow for planning and implementation<br />
of the work plan.<br />
Thirdly, set up an internal audit plan that<br />
outlines audit coverage, scope, and objectives,<br />
such as formal vs. informal reviews, type of<br />
review (e.g., compliance, coding, or payment),<br />
and areas of concern (e.g., high dollar<br />
procedures, or teaching physician environments).<br />
Internal audits should have a quality<br />
review process to verify accuracy, establish<br />
controls, identify best practices, and measure<br />
results against national benchmark data.<br />
Part of the audit plan should establish a<br />
reporting and feedback mechanism to provide<br />
information regarding the audit and its findings.<br />
Monthly reports should be generated<br />
for management and those being audited<br />
to review audit results, provide education,<br />
establish corrective action plans, and review<br />
any trends identified. It is imperative that the<br />
information found through audit is communicated<br />
to those who were audited, not just<br />
the chiefs or management of the department.<br />
In order to assist with accuracy rate improvement<br />
and address any noncompliance with<br />
regulations, everyone participating in the<br />
audit should be notified of their results. If<br />
there were deficiencies identified through<br />
the audit, the reporting mechanism can help<br />
determine what departments or areas need<br />
to be re-evaluated and need continuous<br />
monitoring. When auditing accuracy and<br />
proper documentation of evaluation and<br />
management (E&M) codes, the accuracy rate<br />
needs to be established by the organization.<br />
Any physician who falls below that range<br />
should be continuously monitored until their<br />
accuracy rate has improved.<br />
Routine reports are instrumental in performance<br />
improvement initiatives as well<br />
as in making recommendations for process<br />
improvements or corrective actions.<br />
Fourthly, evaluate the performance of the<br />
process by analyzing the results along various<br />
factors as well as monitoring the process<br />
frequently to make sure there are no loop<br />
holes within the process.<br />
Lastly, examining and re-evaluating your<br />
March 2009<br />
28<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
sampling methodology is vital in determining<br />
any flaws in the system and to ascertain that<br />
the appropriate sample is being reviewed. The<br />
proper sampling methodology ties back to the<br />
type of review that you are performing. The<br />
frequency and type of review, whether payment<br />
or coding related, should be determined<br />
before setting the sample size. There are<br />
several mechanisms and methodologies that<br />
can be used to determine sample sizes. A<br />
common method is to use software to assist<br />
with the sampling. RAT-STATS (statistical<br />
software available through the Office of the<br />
Inspector General website) assists in selecting<br />
random samples and evaluating results. 2<br />
In addition to reviewing the process of an<br />
effective auditing and monitoring program,<br />
organizations should review common<br />
and potential risk areas that <strong>Compliance</strong><br />
departments face. Common issues that are<br />
often missed or not addressed properly are<br />
the overuse and misuse of modifiers, claims<br />
scrubbers, and thorough review of charges<br />
and payments. The misuse of modifiers 24<br />
and 25 leads to overpayment for services that<br />
are either included in an E&M visit or part<br />
of the global surgical package. In this case,<br />
the sampling method needs to be carefully<br />
analyzed to make sure various factors are<br />
reviewed as well as the frequency of use. If<br />
only high level evaluation and management<br />
codes are sampled, a potential exists for missing<br />
the use of modifier 25. Another sampling<br />
issue can lie with pulling procedure codes and<br />
not breaking them down to individual global<br />
period days to determine if there were distinct<br />
services provided where the modifier would<br />
have been appropriate.<br />
Use of modifier 25 (to identify a significant<br />
and separately identifiable service was provided<br />
on the same date as another service) 3<br />
requests additional reimbursement from<br />
payers when performing additional work. It’s<br />
imperative to monitor so inappropriate payment<br />
isn’t received. The frequency of the use<br />
of this modifier should be monitored closely.<br />
OIG published a report on “Modifier 25”<br />
in November 2005, and in this report, OIG<br />
indicated that if modifier 25 is appropriately<br />
appended in an encounter when an E&M<br />
service and a minor procedure were performed<br />
on the same day. It should not exceed<br />
more than 50% of the billable items. 4 The<br />
requirements for the proper use of this modifier<br />
should be carefully reviewed to prevent<br />
incorrect application. Some areas to watch<br />
for are:<br />
n Is the modifier being used every single<br />
time there was a procedure and E&M<br />
performed?<br />
n Is the modifier being appended by alternate<br />
staff, such as billing staff, through<br />
claim scrubber edit work queues?<br />
Modifier 24 poses another issue of receiving<br />
payment for services that are encompassed<br />
with in the global surgical package and<br />
separately billable. Part of the problem begins<br />
with not knowing the global period associated<br />
with certain procedures, and there is often<br />
confusion with how physicians are designated<br />
when they belong to the same group specialty<br />
and practice. Physicians are often unaware<br />
that they are considered one physician when<br />
they belong to the same specialty/department<br />
within the organization. Medicare defines<br />
the “same physician,” within the definition<br />
of modifier 24, as the same physician who<br />
performed the procedure or a member of the<br />
same group within the same specialty. 5 Application<br />
of modifier 24 should not be done<br />
automatically during a post-operative period.<br />
The modifier should be appended by the<br />
physician or by coding staff who have access<br />
to the surgical dates and are able to review<br />
medical records to determine if the service<br />
provided during the post-operative period was<br />
unrelated to the surgery. Understanding the<br />
appropriate use of modifier 24 allows providers<br />
to append the modifier correctly and helps<br />
reduce compliance risks.<br />
An auditing and monitoring process should<br />
also include a review of the use of claims<br />
scrubber edits to ensure that there are no hard<br />
stop edits that will randomly append modifiers<br />
24 and 25. Overview of billing work<br />
queues to resolve modifier edits is essential in<br />
ensuring proper reimbursement. This can be a<br />
daunting task, because some of these reviews<br />
can require review of the medical record to<br />
make certain procedures were unrelated to the<br />
E&M service, or in the case of modifier 25, if<br />
the procedure was indeed separately identifiable<br />
from the original service provided.<br />
Ensuring processes are in place to monitor<br />
your audit program and the frequency of<br />
modifier use is critical. Monthly reporting<br />
will allow the organization to monitor<br />
various departments and processes to ensure<br />
billing, coding, and operations are compliant.<br />
Reporting is one step to improve your<br />
program, in addition to having a comprehensive<br />
communication mechanism to assist<br />
in improving overall processes. An effective<br />
auditing and monitoring program requires<br />
expertise from several individuals and areas<br />
within an organization. <strong>Compliance</strong> departments<br />
that decide to partake in a thorough<br />
audit program will benefit from step-by-step<br />
planning that will help determine the fundamentals<br />
that are needed to provide direction<br />
for an accurate and compliant review.<br />
Participation from everyone with in the<br />
organization is central to having a successful<br />
program and facilitating any recommendations<br />
and changes. n<br />
1. 2009 OIG Work Plan is available at: http://www.oig.hhs.gov/publications/docs/workplan/2009/WorkPlanFY2009.pdf<br />
2. RAT-STATS software is available at: http://www.oig.hhs.gov/organization/oas/ratstats.asp<br />
3. Current Procedural Terminology 2009, AMA<br />
4. OIG report, No.OEI-07-03-00470, Nov.1, 2005 retrieved from http://<br />
www.oig.hhs.gov/oei/reports/oei-07-03-00470.pdf<br />
5. Medicare Claims Processing Manual, Chapter 12: Physician and nonphysician<br />
practitioners<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
29<br />
March 2009
March 2009<br />
30<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
31<br />
March 2009
focus<br />
feature<br />
Executive compensation in troubled times<br />
– Part 1<br />
By Gerald M. Griffith, JD<br />
Editor’s note: Gerald Griffith is a partner in the Chicago office of Jones<br />
Day where he practices as a member of the <strong>Health</strong> <strong>Care</strong> and Tax Practice<br />
Groups. He may be reached by telephone at 312/269-1507 or by email at<br />
ggriffith@jonesday.com.<br />
For many nonprofit healthcare organizations, front page stories<br />
on executive compensation have become an annual event due<br />
to the information publicly available on Form 990. Recently,<br />
the Internal Revenue Service (IRS) has increased the scrutiny of<br />
executive compensation among all nonprofits, including hospitals and<br />
academic medical centers, with three separate, detailed compliance<br />
checks sent to several hundred organizations in the past five years. In<br />
addition to educating the nonprofit sector, those compliance checks<br />
have sought to enforce the excess benefit sanctions that impose excise<br />
taxes of up to 225% on any insider compensation above reasonable<br />
amounts.<br />
With healthcare and other sectors facing a difficult economic situation,<br />
including the highest rate of mass layoffs rates in more than ten years, 1<br />
compensation for health care executives is coming under increasing<br />
scrutiny. Executive compensation packages that may be viewed as rich<br />
in cash compensation by “Joe the Plumber” standards, or include hot<br />
button perquisites (e.g., first class travel), are drawing more intense<br />
media and government scrutiny. This article will explore how that<br />
added scrutiny has manifested itself, and what steps can be taken to<br />
minimize the negative publicity associated with executive compensation,<br />
protect it against IRS sanctions, and demonstrate to policy<br />
makers, regulators, and charitable donors that nonprofit healthcare<br />
organizations can control executive compensation without additional<br />
regulation or investigations. Those proactive steps can be described as<br />
following best practices in the compensation approval process, obtaining<br />
appropriate comparability data, and adopting a compensation<br />
plan design that ties compensation to both financial and non-financial<br />
goals.<br />
Effect of economic downturn on executive compensation<br />
It is unusual now to hear news stories about prospective bailout packages<br />
that do not also include calls for limits on executive compensation.<br />
Just as the Sarbanes Oxley Act arguably started a transparency<br />
trend that has permeated healthcare governance thinking, so too may<br />
rules on executive compensation in Corporate America from the<br />
bailouts filter through to healthcare organizations facing their own<br />
financial challenges.<br />
Economic pressures<br />
Many health care organizations are feeling the pressure of the struggling<br />
economy, through reductions or delays in payment from government<br />
payment programs such as Medicaid, tougher negotiations with<br />
private payers, increased numbers of uninsured patients, mounting<br />
property tax exemption challenges, tighter credit, and plummeting<br />
investment returns. In what is not likely to be an anomaly, one highly<br />
regarded suburban hospital in a particularly hard-hit industrial state<br />
recently announced a voluntary turnaround plan to reduce a projected<br />
multi-million dollar loss in 2008, including a 10% pay cut for the<br />
CEO and other top executives and employed doctors, and a 4% pay<br />
cut for department managers as an alternative to lay offs. Sources estimated<br />
the pay cuts would save 225 jobs at the hospital. 2 With rising<br />
unemployment rates, other health care organizations may feel the need<br />
to make similar reductions as part of an overall cost-cutting strategy.<br />
With various sectors (e.g., financial, automotive) seeking federal<br />
bailouts, Congress has turned its attention once again to potential<br />
abuses in executive compensation. In a recent press release regarding<br />
the federal financial rescue program, the Senate Finance Committee<br />
strongly urged the Secretary of the Treasury to implement proposed<br />
limits on executive compensation for senior executives of institutions<br />
that receive federal bailout funds and ensure transparency in the<br />
bailout process. 3 Those limits in Sections 162(m)(5) and 280G(e)<br />
of the Internal Revenue Code would limit deductibility to the first<br />
$500,000 of compensation and eliminate the exception allowing<br />
higher deductibility for performance-based compensation. 4 In response<br />
March 2009<br />
32<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
to earlier concerns over corporate governance and transparency in the<br />
wake of the Enron scandal, Congress enacted other limits on executive<br />
compensation for public companies in the Sarbanes Oxley Act (SOX),<br />
including clawback provisions that would require repayment of certain<br />
compensation received by the CEO and CFO of any public company<br />
that issues a material restatement of its financials to comply with<br />
securities laws. Affected executives are required to repay (1) any bonus,<br />
incentive-based or equity compensation received within twelve months<br />
after release of the noncompliant financials; and (2) any profits realized<br />
from the sale of any securities of the employer during that same<br />
period. 5<br />
Congress also has a recent history of closely examining executive<br />
compensation in the nonprofit healthcare sector. 6 Senator Grassley<br />
in particular has been very vocal about compensation levels in the<br />
nonprofit sector, noting that the “lack of transparency” in executive<br />
compensation and “the champagne lifestyles of certain non-profit<br />
executives” leave no room for doubt that the IRS needs to adopt<br />
clear guidelines on disclosure and acceptable compensation levels for<br />
nonprofits. In Senator Grassley’s view, “some individuals running<br />
charities view it as an opportunity to do well for themselves as opposed<br />
to doing good for those in need.” 7 As pressure mounts on health<br />
care organizations to care for the uninsured and deal with declining<br />
reimbursement while stemming losses to keep programs afloat, executive<br />
compensation levels and program design are likely to come under<br />
increased legislative scrutiny.<br />
Moreover, a high ranking IRS official recently noted the current<br />
economic situation makes it even more important to ensure “proper<br />
stewardship of the tax subsidy” that nonprofits receive and to improve<br />
transparency in governance. 8 In that regard, the IRS also remains<br />
highly interested in executive compensation at nonprofit organizations<br />
as reflected in the new Form 990 (described below). The same official<br />
noted that a pending report on the 2006 survey of nonprofit hospital<br />
executive compensation practices “will reveal high levels of executive<br />
compensation as well as extensive use by nonprofit hospitals of the<br />
rebuttable presumption of reasonableness.” He also implied that the<br />
IRS will look more closely at how well that process is being followed<br />
in upcoming audits, noting that the existing excess benefit rules of Section<br />
4958 may not be adequate to challenge high compensation levels<br />
that may be defensible under the rebuttable presumption standard but<br />
may not satisfy the public and other interested parties. He also raised<br />
questions about the propriety of current law that allows a nonprofit to<br />
use compensation at for-profit companies as part of the comparable<br />
data in determining reasonable compensation at the nonprofit. 9<br />
Effects of increased transparency<br />
Many local papers run annual stories listing top paid executives,<br />
including senior management of hospitals and other healthcare organizations.<br />
For public companies, these figures are reported in securities<br />
filings and can be readily compared on public websites, 10 or gleaned<br />
manually from reviewing SEC filings online. 11 For nonprofits, this<br />
information is typically drawn from annual Forms 990 filed with the<br />
IRS, which are subject to public inspection after filing at the organization’s<br />
offices and, after a lag time, are available online. 12<br />
In recent years, the level of detail and number of executives included<br />
in the Form 990 compensation disclosures has expanded steadily.<br />
With the redesigned Form 990 for tax years beginning in 2008, that<br />
expansion will result in disclosure of base compensation, bonus and<br />
incentive compensation, other compensation reported on Forms W-2<br />
or 1099-MISC (e.g., debt forgiveness, gross-up payments for taxes<br />
on cell phones), deferred compensation, and non-taxable benefits for<br />
all current and former (within the past five years) officers, directors,<br />
trustees, “key employees” and the top five highest paid other employees.<br />
13 In addition, Parts I and III of Schedule J will require disclosure<br />
of a variety of hot button perquisites provided to executives, including<br />
first class or charter travel, spousal/companion travel, tax gross-up<br />
payments (e.g., to pay the executive’s tax liability on certain fringe<br />
benefits), discretionary spending accounts, housing, health club or<br />
social club dues and initiation fees, and various personal services (e.g.,<br />
maid, chauffeur, chef). Organizations are also required to disclose<br />
whether they follow the IRS-prescribed rebuttable presumption<br />
procedure (described below) for approving executive compensation, 14<br />
and whether they intend to rely on the initial contract exception for<br />
any compensation arrangements. 15<br />
The IRS is also becoming more attuned to process issues in audits<br />
and compliance checks. For example, the executive compensation portion<br />
of the Hospital Project <strong>Compliance</strong> Check Questionnaire (May<br />
2006) asked:<br />
n Whether officer, director, trustee and key employee compensation<br />
was approved in advance by disinterested individuals (The<br />
Instructions to the new Form 990, Core Form, Part VII define “key<br />
employees” as the twenty highest paid employees paid more than<br />
$150,000 for the year by the organization and all related organizations,<br />
and who have responsibilities, power or influence over the<br />
organization as a whole, manage a discrete segment or activity of<br />
the organization accounting for more than 10% of the organization’s<br />
activities, assets, income or expenses, or have sole or shared<br />
Continued on page 35<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
33<br />
March 2009
egister now for hcca’s<br />
2009 Academies (revised dates)<br />
Research <strong>Compliance</strong> Academy<br />
San Francisco, CA | June 15–18<br />
With a wide range of research-related issues becoming hot topics with enforcement<br />
agencies, this academy provides attendees with the opportunity to get information<br />
on many areas that affect research compliance officers and their staff on a day-today<br />
basis. A small audience encourages hands-on educational techniques, small<br />
group interaction, and networking.<br />
AdvAnced compliance Academies<br />
San Francisco, CA | June 22–25<br />
HCCA’s Advanced <strong>Compliance</strong> Academy offers four days of intensive, in-depth health<br />
care compliance education for the experienced compliance professional.<br />
basic compliance academies<br />
March 9–12 | Dallas, TX<br />
June 1–4 | Scottsdale, AZ<br />
October 26–29 | Denver, CO<br />
November 16–19 | Orlando, FL<br />
This four-day intensive program focuses on subject areas at the heart of health care compliance<br />
practice. Courses are designed for participants who have a basic knowledge of compliance<br />
concepts and some professional experience in a compliance function.<br />
March 2009<br />
34<br />
register now at www.hcca-info.org<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
Executive compensation in troubled times – Part 1 ...continued from page 33<br />
authority or control over determinations of 10% or more of the expanded questions regarding board independence, conflicts of interest<br />
organization’s capital expenditures, operating budget or employee procedures, disclosure of financial statements, governance policies,<br />
compensation);<br />
and compensation review procedures. These questions are consistent<br />
n Who exactly approves the compensation,<br />
with the IRS’s view that a well governed exempt organization is also a<br />
n What comparability data is relied on in the process,<br />
compliant one. Now the IRS intends to prove that theory.<br />
n Whether the compensation was within the range of that data, and<br />
n Whether the comparables included compensation levels at other In its FY2009 work plan released in late November, the IRS Exempt<br />
tax-exempt hospitals. 16<br />
Organizations Division (EO) announced a new three-part initiative<br />
aimed at nonprofit governance issues. EO will continue its work in the<br />
The IRS has also instructed agents to focus on the effectiveness of nonprofit governance area by focusing on three areas:<br />
internal financial controls when auditing exempt organizations to help<br />
shape the course and scope of the audit – consistent with the IRS view First, EO will develop a checklist to be used by agents in examinations<br />
of exempt organizations to determine whether the organization’s<br />
(and a theme of the new Form 990) that organizations following good<br />
governance practices are more likely to be in compliance with the tax governance practices impacted the tax compliance issues identified in<br />
laws. 17 As part of the opening document requests in hospital audits, the examination and to educate organizations about possible governance<br />
considerations.<br />
IRS agents are now asking for compensation committee minutes as<br />
well as internal audit reports.<br />
Second, EO will commence a training program to educate its employees<br />
about nonprofit governance implications in the determinations,<br />
Fiduciary duties<br />
Setting appropriate parameters for executive compensation is not only rulings and agreements, and education and outreach areas.<br />
likely to be viewed by the public as the right thing to do in tough<br />
economic times, it is also good business and in the best interest of Third, EO will begin identifying Form 990 governance questions<br />
the organization. In that regard, directors and officers of nonprofit that could be used in conjunction with other Form 990 information<br />
corporations owe fiduciary duties of care, loyalty, and obedience to the in possible compliance initiatives, such as those involving executive<br />
corporation. Those fiduciary duties require directors and officers to act compensation, transactions with interested persons, solicitations of<br />
in good faith and in a manner they believe to be in the best interests noncash contributions, or diversion or misuse of exempt assets. 21<br />
of the corporation as opposed to their own personal interests. 18 In<br />
fulfilling those duties in the area of executive compensation, directors Given the emphasis on compensation matters in recent IRS compliance<br />
initiatives, it is likely that these new governance initiatives also<br />
and officers may rely on:<br />
will include close scrutiny of executive compensation processes. Failure<br />
“information, opinions, reports, or statements, including financial to provide proper oversight of the executive compensation process,<br />
statements and other financial data, if prepared or presented by … including an appropriate conflict of interest policy and ensuring that<br />
legal counsel, public accountants or other persons as to matters the compensation levels and plan design are reasonable, also may lead to<br />
director reasonably believes are within the person’s professional or state law allegations of a breach of fiduciary duty. Compensation decisions,<br />
however, are more than a pure numbers game, whether for state<br />
expert competence.” 19<br />
law or federal tax purposes. Simply limiting total compensation does<br />
When the process breaks down, directors and officers are at risk for not necessarily better serve the organization, if it is done at the expense<br />
state attorneys general seeking to recoup excessive payments, including of recruiting and retaining qualified executives or compromising job<br />
bonuses and other insider deals. 20<br />
performance (by providing little or no incentive for improving the<br />
organization’s performance in financial and non-financial areas).<br />
Although fiduciary duties for nonprofits arise under state law, they<br />
also can lead to federal tax compliance concerns including imposition Emphasis on process<br />
of excise taxes at rates up to 225% for excess benefits under Section Real estate experts are fond of saying that the value of property is all<br />
4958 if executive compensation exceeds fair market value. In the about location, location, location. For executive compensation, at least<br />
redesigned Form 990, the IRS will be asking a number of new and<br />
Continued on page 36<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
35<br />
March 2009
Executive compensation in troubled times – Part 1 ...continued from page 35<br />
as far as the federal tax-exemption rules are concerned, it is all about<br />
process, process, process.<br />
Rebuttable presumption<br />
Despite recent criticism of the rebuttable presumption process as<br />
potentially protecting compensation levels that the public would not<br />
be satisfied with, the law remains clear. If an organization successfully<br />
establishes a rebuttable presumption of reasonableness, the burden<br />
shifts to the IRS to prove that compensation of disqualified persons<br />
(including many senior executives) is unreasonable. As noted above,<br />
by the admission of a senior IRS official, that is often a difficult task.<br />
In addition, establishing the presumption ordinarily protects organization<br />
managers against imposition of the 10% excise tax that applies to<br />
anyone approving an excess benefit transaction. 22 Given the increased<br />
scrutiny of executive compensation decisions in nonprofit health care,<br />
it is more important than ever for hospitals to take steps to establish a<br />
rebuttable presumption of reasonableness for executive compensation<br />
packages.<br />
To establish a rebuttable presumption, the compensation package<br />
must be reviewed and approved in advance by an independent board<br />
or committee as being consistent with fair market value based on<br />
appropriate market data for comparable compensation arrangements.<br />
The decision also must be documented on a timely basis (within 60<br />
days or prior to the next meeting) in the board or committee records<br />
(e.g., minutes), and the minutes or other records of the board or<br />
committee must note the terms of the compensation package that was<br />
approved, the members who were present for the debate and voted<br />
on the arrangement, the comparability data relied on and how it was<br />
obtained, and any actions taken with regard to the arrangement by<br />
any member with a conflict of interest in relation to the transaction. 23<br />
The presumption is available for all fixed compensation (i.e., specific<br />
dollar amounts, fixed formulas that are not subject to discretion such<br />
as certain percentage formulas or payments conditioned on achieving<br />
specific goals, or approval of a maximum payment as reasonable). 24 To<br />
avoid disagreements over whether a particular compensation methodology<br />
is a “fixed formula,” organizations may wish to include a cap on<br />
total compensation at a reasonable level.<br />
If the board or committee approves compensation that exceeds the<br />
range of comparable data reviewed, the rebuttable presumption can<br />
still be established if the reasons for exceeding the range are recorded<br />
in the minutes. 25 Acceptable reasons for exceeding the range may<br />
include some combination of a prior history of below-market compensation,<br />
specific increased duties or time commitment, truly exceptional<br />
performance that far exceeds expectations (which may be easier to<br />
demonstrate with reasonable performance goals clearly defined in<br />
advance), bona fide competing offers from unrelated entities, and<br />
demonstrated difficulty in recruiting or retaining executives. 26 Failure<br />
to follow the rebuttable presumption procedure does not necessarily<br />
mean that compensation is excessive, 27 but the IRS reports on the<br />
Executive Compensation Initiative and the Hospital Project suggest<br />
that following this procedure is a best practice.<br />
Conflicts of interest<br />
In recent years the IRS also has shown an increasing interest in good<br />
governance practices in general, issuing and revising both a model<br />
conflicts of interest policy (available in the Instructions to Form 1023)<br />
and good governance guidelines. 28 The model conflict of interest policy<br />
is a starting point for many health care organizations in developing<br />
their own conflict of interest policy, which can be helpful in minimizing<br />
the excess benefit, inurement, and tax risks of executive compensation<br />
and other insider transactions. The IRS also included specific safe<br />
harbors in the regulations to determine when a board or committee<br />
will be sufficiently independent to be able to meet the requirements<br />
for establishing the rebuttable presumption of reasonableness.<br />
Specifically, a member of the reviewing body will be deemed to be<br />
independent for that purpose if he or she:<br />
n Is not a disqualified person (insider) or family member of a<br />
disqualified person who participates in or benefits economically<br />
from the transaction (For this purpose, “family members” include<br />
spouses, ancestors, brothers and sisters (whether whole or half<br />
blood), children (whether natural or adopted), grandchildren, great<br />
grandchildren, and spouses of brothers, sisters, children, grandchildren,<br />
and great grandchildren);<br />
n Is not an employee of or supervised by a disqualified person who<br />
participates in or benefits economically from the transaction;<br />
n Does not receive compensation or other payments subject to<br />
approval by a disqualified person who participates in or benefits<br />
economically from the transaction;<br />
n Has no material financial interest affected by the transaction; and<br />
n Does not engage in vote swapping (i.e., trading his/her vote<br />
for approval of another transaction that benefits the member<br />
economically). 29<br />
Board independence is also relevant for disclosure purposes on Form<br />
990, and the degree of independence of the board may affect how the<br />
IRS, the media and the public perceive an organization and its compensation<br />
practices. The Instructions for the new Form 990 define<br />
March 2009<br />
36<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
independence for board members in this context using a three-part<br />
test, and all three parts must be met:<br />
1. No compensation to the member as an officer or employee of any<br />
related entity;<br />
2. Total of all other payments to the member for the tax year from<br />
any related entity do not exceed $10,000 (reasonable directors’<br />
fees for board service and reimbursement of expenses under a plan<br />
requiring documentation of amounts and business purpose do not<br />
count toward the $10,000); and<br />
3. Neither the member nor his/her family were directly or indirectly<br />
involved in a transaction with any related entity that must be<br />
reported on Schedule L (or would be reportable on Schedule L if<br />
the related entity were a 501(c)(3) organization). 30<br />
IRS compliance checks<br />
The IRS, however, is doing more than just talk about the compensation<br />
process – it is also examining developing trends among nonprofits<br />
and building a database for more effective, focused audits. For<br />
example, the report on the IRS Executive Compensation Initiative<br />
noted among other things that:<br />
n Over 30% of the organizations surveyed did not report compensation<br />
correctly on Form 990;<br />
n Form 990 reporting requirements for executive compensation<br />
needed clarification (which the IRS has since addressed);<br />
n The IRS should revisit (i.e., expand) the circumstances under which<br />
it assesses penalties for filing an incomplete Form 990;<br />
n Following the rebuttable presumption procedure to establish executive<br />
compensation levels is a common practice, though only 51%<br />
of organizations surveyed addressed all three requirements for the<br />
presumption and many organizations may have difficulty in understanding,<br />
applying or meeting all of the requirements;<br />
n Future compliance initiatives should focus on the correlation<br />
between meeting the rebuttable presumption requirements and reasonableness<br />
of compensation (including 5% of organizations where<br />
the affected person did not leave the meeting prior to a vote on his<br />
or her own compensation); and<br />
n Loans to insiders present a high potential for abuse (followed by<br />
excessive compensation and personal use of exempt organization assets<br />
– likely a reference in part to employer-provided cell phones). 31<br />
responses (to February 6, 2009). With the substantial increase in<br />
disclosure requirements for executive compensation in the new Form<br />
990 (described above), it is also likely that the IRS will continue to<br />
use similar compliance checks to find potentially abusive or excessive<br />
compensation arrangements among nonprofits nationally, including in<br />
health care. Those compliance efforts at the IRS likely will be aided to<br />
some extent by whistleblowers, who are able to recover a bounty of up<br />
to 30% of the taxes and penalties collected by the IRS in cases over $2<br />
million, or 15% in smaller cases. 32 n<br />
Part 2 of this article will appear in the April issue of <strong>Compliance</strong> Today<br />
and will address comparability data and compensation plan design.<br />
1 See J. Carlson, “<strong>Health</strong>care Nears 10-year Record for Mass Layoffs,” Modern<strong>Health</strong>care.com (Nov. 21, 2008)<br />
(mass layoffs are more than 50 employees from a single employer).<br />
2 See J. Greene, “Beaumont Hospitals to lay off employees, cut millions from 2009 budget,” Crain’s Detroit Business<br />
(Nov. 17, 2008).<br />
3 The November 19, 2008 news release is available on the Committee’s website at http://finance.senate.gov/press/<br />
Bpress/2008press/prb111908e.pdf.<br />
4 See Notice 2008-94, 2008-44 I.R.B. 10.<br />
5 15 U.S.C. § 7243.<br />
6 G. Griffith and J. King: “The dollars and sense of executive compensation,” <strong>Compliance</strong> Today p. 20 (HCCA,<br />
April 2007).<br />
7 Press Release, “IRS report on non-profits’ executive compensation” (March 1, 2007), available online at http://<br />
finance.senate.gov/press/Gpress/2007/prg030107.pdf.<br />
8 Remarks of Steven T. Miller, Commissioner TEGE (IRS), Western Conference on Tax-exempt Organizations<br />
(Nov. 20, 2008), available online at http://www.irs.gov/pub/irs-tege/stm_loyolagovernance_112008.pdf.<br />
9 F. Stokeld, “IRS Interest in EO Executive Compensation Strong, Official Says,” Tax Notes Today, 2008 TNT<br />
226-3 (Nov. 21, 2008).<br />
10 Two such websites are http://www.vault.com and http://swz.salary.com/.<br />
11 SEC filings are available on the EDGAR system at http://www.sec.gov/edgar.shtml.<br />
12 Forms 990 can be accessed free of charge for three years on www.guidestar.org, or for all available years with a<br />
paid subscription.<br />
13 Form 990 (2008), Schedule J, Part II, available at www.irs.gov/charities/article/0,,id=185561,00.html.<br />
14 Form 990 (2008), Part VI, Line 15a & b, Schedule J, Part I, Line 3 and Schedule L, Part II, Column (f).<br />
15 Form 990 (2008), Schedule J, Part I, Line 8; see also 26 C.F.R. § 53.4958-4(a)(3).<br />
16 Copies of the questionnaire and IRS report are available online at http://www.irs.gov/charities/charitable/<br />
article/0,,id=172267,00.html.<br />
17 See F. Stokeld, “IRS to Ask About Internal Controls During EO Exams,” Tax Notes Today, 2008 TNT 226-3<br />
(Nov. 21, 2008).<br />
18 See Griffith & King, supra; Revised Model Nonprofit Corporation Act, § 8.30(a)(1) (1987) (the “Model Act”).<br />
19 Model Act, § 8.30(b).<br />
20 See, e.g., J. Glater & V. Bajaj, “Coumo Seeks Recovery of Bonuses at A.I.G.,” N.Y. Times (Oct. 16, 2008) (demand<br />
for repayment of multimillion dollar bonuses citing “unwarranted and outrageous expenditures” including<br />
“a lavish golf outing and an overseas hunting trip that cost nearly $100,000”); State v. Anclote Manor Hospital,<br />
566 So. 2d 296 (Fla. Dist. Ct. App. 1990), rev. den., 576 So. 2d 296 (Fla. 1991) (suit to require directors of a<br />
nonprofit to disgorge the profits from a self-dealing transaction); 2008 Fla. Stat. § 617.2003; E. Brody, “A Taxing<br />
Time for the Bishop Estate: What Is the I.R.S. Role in Charity Governance?”<br />
21 University of Hawaii Law Review 537 (Winter 1999) (removal and repayment of excessive compensation allegedly<br />
paid to trustees of nonprofit school).<br />
21 IRS Exempt Organizations Division Work Plan (FY2009), p. 20, available online at www.irs.gov/pub/irs-tege/<br />
finalannualrptworkplan11_25_08.pdf.<br />
22 26 C.F.R. § 53.4958-1(c)(4)(iv).<br />
23 26 C.F.R. § 53.4958-6(c)(3)(i) & (ii).<br />
24 26 C.F.R. § 53.4958-4(a)(3)(ii) & -6(d).<br />
25 26 C.F.R. § 53.4958-6(c)(3)(ii).<br />
26 See, e.g., Choate Construction Co. v. Commissioner, 74 T.C.M. (CCH) 1092 (1992); Medina v. Commissioner,<br />
46 T.C.M. (CCH) 76 (1983); 26 C.F.R. § 53.4958-6(c)(2)(i). In one exempt organization case where such<br />
arguments were made they were rejected for lack of substantiation. See Northern Illinois College of Optometry v.<br />
Commissioner, 2 T.C.M. (CCH) 664 (1943).<br />
27 26 C.F.R. § 53.4958-6(e).<br />
28 The revised good governance guidelines are available on the IRS website at http://www.irs.gov/pub/irs-tege/<br />
governance_practices.pdf. For a summary of the good governance guidelines and other considerations for good<br />
governance please see the Commentary at http://www.jonesday.com/pubs/pubs_detail.aspx?pubID=S4013.<br />
29 26 C.F.R. § 53.4958-6(c)(1)(iii) and 26 C.F.R. § 53.4958-3(b)(1).<br />
30 Form 990, Instructions for Core Form, Part VI, Line 1.<br />
31 The full report is available online at http://www.irs.gov/pub/irs-tege/exec._comp._final.pdf.<br />
32 26 U.S.C. § 7623; 26 C.F.R. § 301.7623-1(c).<br />
A report on the executive compensation phase of the Hospital Project<br />
that started in May 2006 is expected to be released in early 2009.<br />
Another compensation review project involving approximately 400<br />
colleges and universities, including some academic medical centers, is<br />
currently in progress, following an extension of the due date for initial<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
37<br />
March 2009
COMPLIANCE<br />
101<br />
March 2009<br />
38<br />
I just received a<br />
subpoena – Now<br />
what?!<br />
By Andrea Ebreck and Karen Cincione<br />
Editor’s note: Andrea Ebreck and Karen<br />
Cincione are health care attorneys at the law<br />
firm of Vorys, Sater, Seymour and Pease LLP in<br />
Columbus, Ohio. Ms. Ebreck may be reached at<br />
614/464-4951 or by e-mail at alebreck@vssp.<br />
com. Ms. Cincione may be reached at 614/464-<br />
6201 or by e-mail at kacincione@vssp.com.<br />
As a new health care compliance<br />
professional, it is just a matter of<br />
time before you are called upon to<br />
respond to a request from an attorney for the<br />
production of medical records. In responding<br />
to these requests, you must be very careful<br />
to do so in compliance with the <strong>Health</strong><br />
Insurance Portability and Accountability Act<br />
(HIPAA) and other state and federal confidentiality<br />
laws.<br />
Identifying the request<br />
The first order of business after receiving a<br />
subpoena is to review it in order to determine<br />
what is being requested, when, by whom, and<br />
in what type of legal action. Each state has<br />
laws governing the form, content, and service<br />
of a subpoena, and some state laws require<br />
witness or mileage fees to be included with a<br />
subpoena.<br />
To determine how to best respond to a subpoena,<br />
you must first identify the basics of<br />
the request. These include:<br />
n What type of legal action is involved (federal<br />
or state court, juvenile, probate, etc.)?<br />
n What is the name of the individual for<br />
whom information is being sought?<br />
n What is the information that is being<br />
sought (entire record vs. certain specific<br />
information)?<br />
n What does the subpoena direct the health<br />
care provider to do (produce records,<br />
testify, both)?<br />
n Who is requesting the information (attorney<br />
for the person about whom information<br />
is sought or attorney for another<br />
party)?<br />
n Whether the individual whose information<br />
is sought is currently, or has ever been, a<br />
patient for whom the health care provider<br />
has records.<br />
n Whether the health care provider has<br />
the specific information sought by the<br />
subpoena.<br />
n Whether the individual whose information<br />
is sought has authorized the disclosure.<br />
n Whether the information sought is confidential<br />
or privileged under federal or state<br />
law (see discussion below).<br />
n Whether the person seeking the information<br />
has provided evidence of “satisfactory<br />
assurances” that the person has notified or<br />
attempted to notify the individual whose<br />
information is sought (see discussion below).<br />
n Whether a court has ordered the disclosure<br />
of the information sought (apart from<br />
issuance of the subpoena).<br />
Many times, a call to the subpoenaing<br />
attorney can resolve questions about what<br />
information is sought (perhaps the entire<br />
record is not really needed), whose information<br />
is sought (surprisingly often, this is not<br />
clear from the face of a subpoena), whether<br />
authorization for disclosure is sought,<br />
whether appearance at a trial or deposition is<br />
really necessary, or whether a certified copy of<br />
records will suffice.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
Applying the law<br />
Once you have identified the request, you<br />
must then determine whether there are any<br />
federal or state laws that would prevent you<br />
from complying with the subpoena. In<br />
this regard, it is important to consider the<br />
application of HIPAA, the physician-patient<br />
privilege, and a number of other state and<br />
federal confidentiality laws.<br />
HIPAA. Generally, HIPAA prohibits covered<br />
entities from disclosing protected health<br />
information (PHI) except as permitted or<br />
required by law. PHI is defined as information<br />
held or disclosed by the covered entity<br />
in any form (electronic, paper records, oral<br />
communications) that identifies an individual<br />
and relates to the individual’s past, present, or<br />
future physical or mental health or condition,<br />
the provision of health care to the individual;<br />
or the past, present, or future payment for the<br />
provision of health care to the individual. 1<br />
HIPPA allows for the disclosure of PHI in<br />
response to a subpoena in the following two<br />
instances. First, the information may be<br />
disclosed if the individual who is the subject<br />
of the information properly authorizes the<br />
disclosure. Second, the information may be<br />
disclosed without the individual’s authorization<br />
if the covered entity receives “satisfactory<br />
assurance” from the party requesting the PHI<br />
that it has made reasonable efforts to give<br />
notice of the request to the individual who is<br />
the subject of the PHI or has made reasonable<br />
efforts to obtain a qualified protective order. 2<br />
Generally, “satisfactory assurance” that efforts<br />
have been made to provide notice to the<br />
individual requires a written statement and<br />
accompanying documentation that:<br />
1. The party requesting such information<br />
has made a good-faith attempt to provide<br />
written notice to the individual;
2. The notice included sufficient information<br />
about the litigation or proceeding to<br />
permit the individual to raise an objection<br />
to the court or administrative tribunal;<br />
3. The time for individual to raise objections<br />
to the court or administrative tribunal has<br />
elapsed; and<br />
4. No objections were filed, or any objection<br />
filed by the individual have been resolved<br />
by the court or administrative tribunal. 3<br />
A “qualified protective order” means an order<br />
of a court or tribunal or stipulation of the<br />
parties to the proceeding that:<br />
1. Prohibits the parties from using or disclosing<br />
the protected health information<br />
for any purpose other than the litigation<br />
or proceeding for which the information<br />
was requested, and<br />
2. Requires the return to the covered entity<br />
or destruction of the protected health<br />
information at the end of the proceeding. 4<br />
Other federal and state laws<br />
Even if disclosure is permitted under HIPPA,<br />
there may be other reasons to hesitate before<br />
disclosing medical records without a patient’s<br />
written authorization. Practically speaking,<br />
the subpoena will likely be issued without any<br />
determinations regarding the application of<br />
privilege. Although no federal law governs<br />
the application of the physician-patient<br />
privilege, state law generally recognizes a<br />
patient’s right to keep information shared<br />
with their doctor and other health care<br />
practitioners from being disclosed in a legal<br />
proceeding. State laws establish privileges<br />
and often create exceptions to their application.<br />
Often, a health care practitioner<br />
served with a subpoena will not have enough<br />
information to know whether an exception to<br />
privilege exists or whether or not the patient<br />
may have waived the privilege. The patient<br />
may also indicate that he or she does not<br />
want the information sought to be disclosed.<br />
In these situations, it is best for the health<br />
care practitioner to assert the privilege and let<br />
the court determine an exception to privilege<br />
exists or a waiver has occurred. Depending<br />
on a particular state’s laws, a health care<br />
provider that prematurely hands over patient<br />
records to opposing counsel in response to<br />
a subpoena could be sued for negligence for<br />
failing to protect the privilege, even if the<br />
disclosure is authorized under HIPAA or<br />
other state confidentiality laws.<br />
Additionally, medical information may be<br />
protected under state and federal law when it<br />
relates to a specific medical condition or type of<br />
information. For example, federal law protects all<br />
information about any person who has applied<br />
for or been given diagnosis or treatment for alcohol<br />
or drug abuse at a federally assisted program. 5<br />
This law further states that a subpoena or warrant<br />
signed by a judge or an order agreed upon by the<br />
parties is insufficient to support the disclosure of<br />
patient identifying information by any federally<br />
assisted program unless: (1) the subpoena and/<br />
or warrant is accompanied by an authorizing<br />
court order issued after specified procedures are<br />
followed; or (2) the individual has authorized the<br />
disclosure. When the patient does not consent to<br />
the disclosure, the law prohibits substance abuse<br />
treatment programs from releasing information<br />
in response to a subpoena unless a court has<br />
issued an order that complies with applicable<br />
law. 6 Most states also have laws governing the<br />
confidentiality of HIV-related information,<br />
mental health treatment records, and medical<br />
records. When a state or federal confidentiality<br />
law is more restrictive than HIPPA, health care<br />
providers must follow the stricter state law. For<br />
example, if a program has disclosed patient<br />
records that include references to HIV treatment<br />
after the patient has signed a consent form that<br />
is proper under HIPAA, compliance personnel<br />
must also determine whether the state imposes<br />
any additional requirements for disclosing this<br />
type of information, such as a special consent<br />
form. Conversely, in instances in which a state<br />
confidentiality law or any other state law is less<br />
protective of confidentiality than the federal law,<br />
however, federal HIPPA rules will control.<br />
The role of the compliance professional<br />
Many health care providers find that the most<br />
effective way to ensure a correct response<br />
to subpoenas is to designate a compliance<br />
professional to review and coordinate or assist<br />
in responding to subpoenas.<br />
By becoming knowledgeable about the<br />
records, staff credentials, and the laws governing<br />
information in the health care provider’s<br />
possession, compliance professionals can<br />
facilitate appropriate disclosures and protect<br />
the privacy of the provider’s patients. <strong>Compliance</strong><br />
professionals often play a crucial role<br />
in ensuring that clinical staff who have been<br />
subpoenaed to testify are aware of any limitations<br />
or requirements with respect to their<br />
testimony. In many instances, compliance<br />
professionals are also called upon to communicate<br />
with attorneys who seek privileged or<br />
otherwise confidential information and make<br />
them aware of governing health care laws.<br />
Above all, the role of the compliance professional<br />
is to ensure that a subpoena is never<br />
ignored! Even if a federal or state law prohibits<br />
the requested information from being<br />
disclosed, you must still take some action with<br />
respect to a subpoena. When in doubt, you<br />
should always seek advice from legal counsel<br />
to ensure that your response or objection to a<br />
subpoena is appropriate and lawful. n<br />
1 45 C.F.R. §§ 164.501, 164.502(a)<br />
2 45 C.F.R. § 164.512(e)<br />
3 45 C.F.R. § 164.512(e)(iii)<br />
4 45 C.F.R. § 164.512(e)(1)(v)<br />
5 42 CFR §2.11<br />
6 42 CFR §§ 2.63 through 2.67<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
39<br />
March 2009
HCCA Regional Conferences<br />
Join us at HCCA’s 2009 Regional Conferences<br />
HCCA’s regional conferences take place throughout the year, all over the United States.<br />
You’re sure to find one that works for you!<br />
2009 Regional Conferences<br />
Columbus, OH....................... May 8<br />
New York, NY....................... May 15<br />
Seattle, WA........................... June 5<br />
Los Angeles, CA................. June 26<br />
Boston, MA...............September 11<br />
Minneapolis, MN......September 12<br />
Kansas City, KS........September 26<br />
Pittsburgh, PA..................October 9<br />
Honolulu, HI...................October 16<br />
Denver, CO.....................October 23<br />
Nashville, TN................November 6<br />
Louisville, KY.............November 13<br />
Phoenix, AZ................November 20<br />
March 2009<br />
40<br />
Visit www.hcca-info.org for registration information<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
Upcoming Regional Conferences<br />
June 5<br />
Seattle, WA<br />
September 18<br />
Minneapolis, MN<br />
September 11<br />
Boston, MA<br />
October 23<br />
May 8<br />
Denver, CO Columbus, OH<br />
October 9<br />
Pittsburgh, PA<br />
May 15<br />
New York, NY<br />
June 26<br />
Los Angeles, CA<br />
September 25<br />
Kansas City, KS<br />
November 13<br />
Louisville, KY<br />
November 20<br />
Phoenix, AZ<br />
November 6<br />
Nashville, TN<br />
October 16<br />
Honolulu, HI<br />
HCCA is going green<br />
HCCA conference attendees will NOT automatically receive<br />
conference binders. If you would like to purchase conference<br />
binders, please choose that option on your conference<br />
registration form. Attendees will receive electronic access to<br />
course materials prior to the conference as well a CD onsite<br />
with all the conference materials.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
41<br />
March 2009
March 2009<br />
42<br />
Standing at the<br />
crossroads<br />
Editor’s note: Michael Spake is Director,<br />
<strong>Compliance</strong> & Privacy with MCG <strong>Health</strong>, Inc.<br />
in Augusta, Georgia. He may be reached by<br />
e-mail at mspake@mcg.edu or by telephone at<br />
706/721-0900.<br />
“A new beginning has to be made from the<br />
lowest foundations, unless one is content to go<br />
round in circles forever”.<br />
—Francis Bacon 1<br />
Ethicists and hospital ethics committees<br />
originated as support functions<br />
of hospital operations during<br />
the second half of the 20th century. 2 The<br />
idea of a hospital employing an ethicist to<br />
create, implement, and oversee a hospital<br />
ethics committee materialized as a result of<br />
technological developments in the medical<br />
field, new ideas about patients’ rights,<br />
and scenarios that brought to the forefront<br />
conflicts between moral perspectives and<br />
medical judgments. As a result, the function<br />
of hospital ethics committees and the definition<br />
of ethics in the hospital setting centered<br />
on clinical-based decision-making between a<br />
physician and a patient, case consultations,<br />
and closed-door discussions about humansubjects<br />
research.<br />
By Michael Spake, MHA, JD<br />
Since 1990, almost every US hospital has<br />
similarly hired a compliance officer to create,<br />
implement, and oversee a legal compliance<br />
program. <strong>Compliance</strong> programs have been<br />
built around systems focused on preventing,<br />
detecting, and punishing violations of the<br />
law. Their existence and function was a direct<br />
response to the federal government’s scrutiny<br />
and challenge to hospitals to reduce fraud,<br />
waste, and abuse, as well as the cost of health<br />
care to federal, state, and private health insurers.<br />
The goals of a compliance program center<br />
on demonstrating the seven elements of a<br />
compliance program as identified by the U.S<br />
Department of <strong>Health</strong> and Human Services<br />
Office of the Inspector General. 3 These are<br />
viewed as fundamental to an effective compliance<br />
program. The seven elements are:<br />
1 Designing and distributing standards of<br />
conduct including policies and procedures<br />
to address areas of potential fraud, such<br />
as claims development and submission<br />
process, and financial relationships with<br />
physicians and other health care professionals;<br />
2 Designating a chief compliance officer<br />
and other appropriate bodies charged<br />
with the responsibility of operating and<br />
monitoring the compliance program and<br />
who report directly to the CEO and the<br />
governing body;<br />
3 Developing and implementing regular,<br />
effective education and training programs<br />
for all affected employees;<br />
4 Maintaining a process, such as a hotline,<br />
to receive complaints, and adopt<br />
procedures to protect the anonymity of<br />
complainants and to protect whistleblowers<br />
from retaliation;<br />
5 Developing a system to respond to allegations<br />
of improper/illegal activities and to<br />
enforce appropriate disciplinary action<br />
against employees who have violated<br />
internal compliance policies, applicable<br />
statues or regulations of federal health<br />
care program requirements;<br />
6 Auditing evaluating, and monitoring<br />
compliance and assist in the reduction of<br />
identified problem areas; and<br />
7 Investigating and taking remedial actions.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
The Next Generation model<br />
Today, many hospitals are questioning the<br />
status quo of both their hospital ethics committee<br />
and compliance program in an effort<br />
to determine their effectiveness. In addition,<br />
hospitals are being challenged by the<br />
United States Sentencing Commission to<br />
establish organizational cultures that promote<br />
compliance and ethics. Pursuant to<br />
the United States Sentencing Commission,<br />
an organization may mitigate criminal fines<br />
and penalties by establishing and implementing<br />
an effective compliance program. 4 As a<br />
result both ethics and compliance programs<br />
are simultaneously striving to gain greater<br />
effectiveness by achieving a level of success<br />
coined “Next Generation” status. 5 The Next<br />
Generation model is guided by the following<br />
principles:<br />
1 Committees are proactive, not just<br />
reactive;<br />
2 Committees are organizationally<br />
integrated, not isolated;<br />
3 Committees are accountable for performance,<br />
based on demonstrable outcomes,<br />
not just good intentions; and<br />
4 Committees are oriented around organizational<br />
core values, not just regulatory/<br />
accreditation requirements.<br />
Today, compliance programs are making<br />
improvements towards greater effectiveness<br />
by moving from prevention and detection<br />
programs of retrospective review to programs<br />
that promote organizational ethics and<br />
encourage employee commitment to organizational<br />
values. Hospital ethics committees<br />
are simultaneously moving from mechanisms<br />
that provide only clinical consultations to<br />
becoming the center of ethical responsibility<br />
for operational decision-making. However,<br />
neither will independently achieve Next<br />
Generation status. Instead, Next Generation<br />
status will only be achieved when ethics and<br />
compliance are molded into an integrated<br />
operational model that (1) aligns the<br />
organization’s separate ethics and compliance<br />
support functions to build capacity into the
operational decision-making process and (2)<br />
shifts from programmatic and individual<br />
responsibility for compliance and ethics to<br />
organizational commitment that permeates<br />
the entire organizational culture.<br />
Most compliance programs put in place by<br />
health care organizations have been designed<br />
and implemented to meet the legal requirements<br />
established by federal and state government.<br />
They tend to set minimum standards<br />
aimed at meeting a clear and measurable<br />
goal: “Is it legal?” Such compliance programs<br />
are rules-based and often result in a policing<br />
function that “pushes” individuals and the<br />
organization away from awareness of an<br />
institutional ethic. Unfortunately, many compliance<br />
programs have not striven beyond this<br />
minimum-standard mentality of achieving<br />
and documenting legal compliance. Ethics<br />
and values, by contrast, are managed on an ad<br />
hoc basis or as a retrospective review to either<br />
justify a decision or analyze a failure. As a<br />
result, values analysis and ethical discernment<br />
remain excluded from management decision<br />
making. In most cases, decision making is<br />
limited to financial, legal, and market share<br />
analyses.<br />
Many hospitals have inadvertently created<br />
this shortfall by creating an erroneous<br />
division between compliance and ethics. The<br />
narrow concentration of ethics and compliance<br />
has lead to the correlation of compliance<br />
with business transactions (i.e., Business<br />
Ethics) and ethics with clinical care (i.e., case<br />
consultation). Values analysis and ethical<br />
discernment should be carefully distinguished<br />
from compliance analysis.<br />
<strong>Compliance</strong> requirements do not always<br />
reflect society’s moral standards and values,<br />
even when the law is directly concerned with<br />
ethical or moral problems. The mere fact that<br />
something is legal does not make it morally<br />
acceptable. At the same time emphasizing<br />
ethics without stressing the necessity of rules<br />
and laws can leave employees in a vulnerable<br />
position. Taken as a whole, hospitals should<br />
acknowledge this distinction; but it should<br />
be acknowledged by recognizing compliance<br />
and ethics within the scope of an overall<br />
intuitional ethic composed of the following<br />
elements:<br />
n Clinical ethics<br />
n Research ethics<br />
n Social responsibility<br />
n Professional responsibility<br />
n Business ethics, and<br />
n <strong>Compliance</strong><br />
Currently, hospitals are operating each ethics<br />
component as a separate and divergent function<br />
through ethics committees, institutional<br />
review boards, Mission departments, Human<br />
Resources, and <strong>Compliance</strong> offices. However,<br />
when aligned in an integrated ethics<br />
model (Figure 1) they assert an institutional<br />
ethic that embraces compliance with legal<br />
requirements and the values of the entire<br />
organizational culture. Such a model not only<br />
takes into account the minimal considerations<br />
of the organization’s legal duties and<br />
the moral rights of others, but it aligns ethics<br />
components in a manner that emphasizes a<br />
systematic approach and takes into account<br />
Figure 1: The integrated<br />
operations model<br />
Governance<br />
Clinical<br />
Ethics<br />
Research<br />
Ethics<br />
MISSION<br />
INSTITUTIONAL ETHIC<br />
Clinical Operations<br />
Financial Operations<br />
Risk Management<br />
Human Resources<br />
Business Ethics<br />
& <strong>Compliance</strong><br />
that a single compliance/ethics incident can<br />
be reflective of a larger organizational ethic.<br />
This integrated operating model develops<br />
organizations beyond meeting the basic<br />
compliance and regulatory requirements and<br />
better positions them to react to changing<br />
expectations. The model moves past rulesbased<br />
compliance, policing employee actions,<br />
and catching lawbreakers, and simultaneously<br />
expands the current, narrow ethics strategy<br />
of clinical consultations to a larger total<br />
organizational ethic. Such a model clarifies to<br />
employees what conduct is appropriate to the<br />
mission and values of the organization – and<br />
what it not. At the same time it acknowledges<br />
that emphasizing mission, ethics, and values<br />
without stressing the necessity of rules and<br />
laws can leave employees in a vulnerable<br />
position. As a result, the integrated operations<br />
model would answer the question “Is it<br />
legal?” however, it would continue its evaluation<br />
to include identification of all stakeholders,<br />
identification of values and concerns, and<br />
consideration of alternatives.<br />
Moreover, an integrated operational model<br />
would be capable of not only defending its<br />
choice, but also helping the organization<br />
understand why it decided against other<br />
Continued on page 45<br />
Social<br />
Responsibility<br />
Executive Management<br />
Professional<br />
Responsibility<br />
OPERATIONAL SUPPORT ELEMENTS of COMPLIANCE & ETHICS<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
43<br />
March 2009
SAVE THE DATES<br />
AHLA/HCCA Fraud & <strong>Compliance</strong> Forum<br />
October 4–6, 2009 | Baltimore, MD<br />
Register online now at www.hcca-info.org/fraud<br />
Quality of <strong>Care</strong> <strong>Compliance</strong> Conference<br />
October 11–13, 2009 | Philadelphia, PA<br />
Register online now at www.hcca-info.org/quality<br />
Physician Practice <strong>Compliance</strong> Conference<br />
October 11–13, 2009 | Philadelphia, PA<br />
Register online now at www.hcca-info.org/physicians<br />
Research <strong>Compliance</strong> Conference<br />
October 18–20, 2009 | Minneapolis, MN<br />
Register online now at www.hcca-info.org/research<br />
March 2009<br />
44<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong><br />
6500 Barrie Road, Suite 250<br />
Minneapolis, MN 55435<br />
888-580-8373 (p) | 952-988-0146 (f)<br />
helpteam@hcca-info.org | www.hcca-info.org
Standing at the crossroads ...continued from page 43<br />
alternatives. Finally, by practicing such<br />
discernment, a health care organization can<br />
clearly identity its motivations by having a<br />
deeper understanding of its actions.<br />
This integrated operating model cannot be<br />
achieved by a single department or ethic<br />
component. Instead it involves an integrated<br />
structure (as described above) that, through<br />
a broader ethics mechanism, builds capacity<br />
within the operating functions 6 of a hospital.<br />
Creating capacity throughout such a broad<br />
ethics mechanism includes building tools<br />
as uncomplicated as a simple checklist for a<br />
single decision maker to ensure that he or she<br />
is considering all the relevant dimensions of a<br />
complex issue.<br />
Also, and more importantly, it integrates ethical<br />
discernment into the organizational decision<br />
making process. For example along with<br />
financial, legal, and market share analyses,<br />
an organization’s management team that is<br />
practicing an integrated ethics model would<br />
also consider the following when evaluating a<br />
project or course of action:<br />
n Is the action consistent with the organization’s<br />
basic duties?<br />
n Does the action respect the rights and<br />
other legitimate claims of the identified<br />
stakeholders?<br />
n Does this action reflect a “best practice?”<br />
n Is the action consistent with the organization’s<br />
mission, vision, and values? 7<br />
These questions elicit minimal considerations<br />
that address the organization’s duties and<br />
the moral rights of others. However, it also<br />
raises considerations beyond the minimum<br />
standard and emphasizes an ethic demonstrative<br />
of leadership organizations.<br />
Leadership<br />
Once a health care organization has achieved<br />
an integrated ethics model, the final barrier<br />
to achieving Next Generation status is<br />
shifting the organizational culture from one<br />
of individual responsibility for compliance<br />
and ethics to one in which the organization<br />
is committed to achieving operational<br />
excellence in ethics. The compliance officer<br />
cannot serve the roles of both oversight and<br />
owner of corporate compliance. Similarly,<br />
ethicists should not be the sole decisionmakers<br />
when evaluating an organizational<br />
situation. Instead, leadership should embrace<br />
the integrated model under the framework<br />
that everyone is responsible for pursuing the<br />
institutional ethic. Success in building such<br />
an integrated model requires leaders across<br />
all disciplines who have a clear conception of<br />
the organization’s values, talent management,<br />
mission, and community commitment.<br />
Leaders must learn and build ethical awareness<br />
into the culture of the organization.<br />
This type of compliance and ethics strategy<br />
cannot be guided by one ethics officer, but<br />
requires a multi-dimension strategy built<br />
from each ethical component that facilitates<br />
values-based decision-making at every level<br />
of management on a day-to-day basis. Such<br />
a strategy is based upon having a culture<br />
of openness, organizational responsibility,<br />
and a commitment to ethics within each<br />
business goal. Successfully implementation<br />
of this strategy requires not only intellectual<br />
commitment of leadership and all employees,<br />
but also a sense of shared values and purpose<br />
throughout the organization. The end result<br />
is leadership committed to problem finding,<br />
not merely problem solving, and to accepting<br />
responsibility at all levels.<br />
Finally, an organization’s compliance and/or<br />
ethics failure cannot be viewed as a programmatic<br />
failure or individual shortfall. Instead,<br />
it is an organizational opportunity to reflect<br />
upon the entire ethical situation as opposed<br />
to scrutinizing the situation. For example,<br />
after screening employee applications and<br />
qualifications, interviewing candidates,<br />
background checks, and calling references,<br />
the department of an organization hires a new<br />
employee. After the first six months, which<br />
included training and later a remedial workplan,<br />
the employee continues to have below<br />
average productivity. During this period, it<br />
is evident the new employee is becoming<br />
frustrated and angry at his situation. Finally,<br />
the new employee gives-up; but rather than<br />
resign from his position, he/she commits an<br />
act of workplace violence, nearly injuring his<br />
supervisor and co-worker. His actions result<br />
in a criminal charge of attempted murder.<br />
Afterwards, a compliance investigation is<br />
conducted. The investigation concludes that<br />
all actions taken to “help” the new employee<br />
were in accordance with the organization’s<br />
formal published policies. The investigation<br />
further includes that no one was hurt and<br />
the wrong-doer will be punished not only<br />
by immediate termination, but also in his/<br />
her upcoming criminal trial. The investigation<br />
is completed and documented in the<br />
<strong>Compliance</strong> log. Overall, the situation was a<br />
near-miss, but considered a success.<br />
An organization that practices the integrated<br />
ethics model would examine the incident<br />
beyond the facts/legalities and consider<br />
whether or not this one instance is reflective<br />
of a larger organizational ethic. The organization<br />
would identity and explore its motivations<br />
and the new employee’s, and thereby<br />
have a deeper understanding of the actions<br />
of all parties involved. More specifically, the<br />
organization will take accountability and ask<br />
if it failed the new employee.<br />
n Did the organization’s screening process<br />
fail?<br />
n Did the organization fail to develop the<br />
new employee appropriately?<br />
Continued on page 50<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
45<br />
March 2009
Cyber doctors<br />
By Sonya Burtner, MA, CHC, CPC, CPC-H<br />
Editor’s note: Sonya Burtner works as a compliance<br />
specialist for Shands <strong>Health</strong>-<strong>Care</strong> in medical information exchanged from one site<br />
(ATA) defines telemedicine as “the use of<br />
Gainesville, Florida, a seven-hospital health care to another via electronic communications<br />
system. She may be reached at 352/733-0057 or to improve patients’ health status.” Medical<br />
by e-mail at burtnsf@shands.ufl.edu.<br />
information can now be communicated via<br />
the Internet, video conferencing equipment,<br />
When my parents lived in Chicago in the and satellite technology. Telemedicine is<br />
1950s, it was not uncommon for my mother to as basic as a telephone call between two<br />
call our family doctor, about me or one of my providers discussing the case of a patient, or<br />
siblings, to discuss a medical issue. The doctor as complex as using satellite technology for<br />
would direct the sick child to cough into the robotic surgery.<br />
phone. A prescription was then called in.<br />
The terms telehealth and telemedicine are<br />
Patient care at a distance is certainly not a often used interchangeably. Telemedicine is<br />
new practice. There are many examples in most often defined as focusing on clinical<br />
our history illustrating this concept. In 1642, services and the curative aspect, whereas<br />
Theophraste Renaudot, a French physician telehealth has a broader meaning and can<br />
and philanthropist, created a patient booklet refer to clinical and non-clinical services, such<br />
with lists of symptoms and simple body as medical education, administration, and<br />
diagrams. The patients would check off the research, in addition to clinical services.<br />
symptoms they were experiencing from the<br />
list and used the diagrams to identify the Other terms used in the industry are the<br />
body parts that were troubling them. This “originating site” which is the site where the<br />
innovative booklet enabled a patient to patient receiving the service is located, as<br />
receive a diagnosis and treatment by post opposed to the “distant site,” the site where<br />
without a personal visit to the physician. the physician providing the service is located.<br />
Other doctors also engaged in such practices, Also, services where both parties are interacting<br />
at the same time with a communications<br />
such as William Cullen (1710-1790) of<br />
Edinburgh, Scotland and John Morgan link between them are called “real time”<br />
(1735-1789) of Philadelphia, who were both services or synchronous telemedicine. In<br />
equally active with postal consultations. 1 contrast “store and forward technology” refers<br />
to the asynchronous transmission of medical<br />
In more recent years, due to the vast improvement<br />
of modern technology, care at a distance<br />
information to be reviewed at a later time.<br />
has become more sophisticated and developed Current applications<br />
into what we now know as telemedicine. This The dramatic growth of technology and the<br />
article explores current applications of telemedicine,<br />
the benefits, and some of the associated care. Consumers all over the world have a<br />
Internet has provided great benefits to health<br />
compliance and legal risks that hospitals have to wealth of health information at their fingertips<br />
contend with when practicing telemedicine. and can receive diagnostics and purchase<br />
pharmaceuticals. A few of the many applications<br />
Definitions<br />
of telemedicine are described below.<br />
The American Telemedicine <strong>Association</strong><br />
Teleradiology/telepathology - One of the<br />
most common applications of telemedicine<br />
is teleradiology and telepathology. A smaller<br />
hospital, for example, with limited staffing<br />
resources may contract with a bigger hospital<br />
for the purposes of interpretation and/or<br />
consultation of tests for trauma patients after<br />
hours. Radiological patient images, such as<br />
x-rays, CAT scans, and MRIs, are transmitted<br />
from the originating site to the distant site.<br />
This saves time and improves patient care by<br />
allowing hospitals to access radiology services<br />
24/7. Teleradiology can be accomplished with<br />
an international distant site as well. In fact,<br />
outsourcing teleradiology services overseas (in<br />
countries such as India, Israel, and Australia)<br />
is becoming popular to cover the night hours<br />
along with radiologists in other US time<br />
zones, hence the term of “nighthawk” radiology<br />
services. Similarly, telepathology activities<br />
occur to provide urgent services at sites<br />
without a pathologist. Both teleradiology and<br />
telepathology are instrumental in providing<br />
consultative services with immediate access.<br />
This can be extremely beneficial to physicians<br />
in rural areas or for a physician seeking a<br />
second opinion in emergency situations.<br />
Telephone and online patient consultations<br />
Patients consulting their physicians over the<br />
phone or by e-mail via the Internet is not a<br />
new practice, but until recently, there were no<br />
CPT codes to report these services. The CPT<br />
codes for telephone services have been updated<br />
for 2008 to 99441, 99442, and 99443 and are<br />
based on the amount of time spent discussing<br />
the medical issue. And in 2008, the CPT<br />
code 99444 became available to report online<br />
services. According to the AMA Current Procedural<br />
Terminology (CPT), the services can only<br />
be reported for an established patient and only<br />
once for the same episode of care in a sevenday-period.<br />
The service must include all other<br />
communications, such as related phone calls,<br />
March 2009<br />
46<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
prescription, and lab orders. The e-mails must<br />
be kept in permanent electronic or hardcopy<br />
storage. Even though the guidelines are strict,<br />
the assignment of these CPT codes is very<br />
encouraging for telemedicine providers, because<br />
it is a start towards acknowledging these types<br />
of services for reimbursement purposes in a<br />
time where phone and Internet communications<br />
have so many appeals to patients.<br />
Note: The above CPT codes were the only<br />
existing “tele” codes before July 1, 2008,<br />
because all other telemedicine activities are<br />
reported using the same CPT codes as the<br />
service conducted without telemedicine.<br />
Effective July 1, 2008, the AMA introduced<br />
new CPT Category III Codes to<br />
report remote real-time interactive videoconferenced<br />
critical-care services. The codes<br />
are 0188T and 0189T. The creation of new<br />
CPT codes to accurately capture telemedicine<br />
activities will probably increase every year.<br />
Telemarker<br />
A special portable phone used in Israel can assist<br />
in the determination of a real heart attack. The<br />
process is simple. If a patient is experiencing<br />
chest pain, a simple self blood test (called Telemarker)<br />
is performed. The test can detect the<br />
presence of two proteins, which are bio-chemical<br />
precursors of a heart attack. The device sends<br />
the information to a center through a modem,<br />
and the doctor can analyze the results and<br />
determine if there is a real medical emergency.<br />
This device avoids unnecessary hospitalizations<br />
and reduces unnecessary costs. 2<br />
iPath<br />
A telemedicine network developed at the<br />
University of Basel, iPath allows publication and<br />
discussion of medical cases for second opinion<br />
consultations. iPath is a secure teleconsultation tool<br />
that enables virtual communities of care professionals<br />
to exchange advice about the management<br />
of clinical cases in several expertise domains. The<br />
network has been active since 2001 and is used in<br />
15 French-speaking African countries, including<br />
Mali, Mauritania, Morocco, Tunisia, Senegal,<br />
Cameroon and the Ivory Coast. 3<br />
Telesurgery<br />
On September 7, 2001, a team of French<br />
surgeons located in New York performed a gall<br />
bladder removal with the Zeus Robotic System<br />
(at this time, no longer on the market) on a 68<br />
year-old woman located in Strasbourg, France<br />
– 4,000 miles away. “Operation Lindbergh”<br />
took 45 minutes and was the first robotic<br />
transAtlantic telesurgery. The procedure was<br />
successful with no complications and the patient<br />
was discharged two days after the operation. 4<br />
Telesurgeries (also known as remote surgeries)<br />
have not yet occurred with patients in the<br />
U.S.; however, robotic systems are being used<br />
for surgeries when a physician is in the same<br />
room with the patient. The Food and Drug<br />
Administration (FDA) first cleared the da Vinci<br />
Robotic System in 2000 for general laparoscopic<br />
surgeries, such as a gall bladder removal and for<br />
treatment of severe heartburn. Since then, use<br />
of the system has increased and expanded into<br />
several other surgical areas.<br />
The da Vinci Robotic System allows surgeons<br />
to operate from a distance with a minimally<br />
invasive approach that uses small incisions. The<br />
robotic system includes a post with multiple<br />
arms which is positioned over the patient. The<br />
surgeon is seated across the room from the<br />
patient and has his/her arms inserted in a console.<br />
The surgeon manipulates the robot’s arms<br />
while looking at magnified 3D images of the<br />
surgical site. Remote surgery is still considered<br />
investigational within the U.S. and “should<br />
not be performed except under IRB [Investigational<br />
Review Board] approval and by persons<br />
thoroughly familiar with the technology.” 5<br />
Nevertheless, the revolutionary event of Operation<br />
Lindbergh supports the incredible potential<br />
of telesurgery, bringing new opportunities to the<br />
delivery of patient care. Some day, telesurgery<br />
may enable surgeons to operate from remote<br />
locations to help fallen soldiers in a battlefield or<br />
even astronauts in space.<br />
Benefits of telemedicine<br />
The Internet is dramatically changing the way<br />
consumers access health information, receive diagnostics,<br />
and purchase pharmaceuticals, and plays<br />
a key role in expanding the reach of telemedicine.<br />
Telemedicine appeals for a host of reasons:<br />
n Increased access to health care –<br />
Telemedicine increases access to health<br />
care in a variety of situations: the<br />
Emergency department physician can seek<br />
a second opinion quickly, the isolated<br />
community can access a specialist when<br />
there is none in the area, the understaffed<br />
hospital can contract radiology services after<br />
hours and support emergency services.<br />
n Cost savings to patients – Telemedicine<br />
offers certain conveniences, such as allowing<br />
the patient to contact his/her family<br />
doctor without leaving home or to use the<br />
Telemarker test to save a trip to the emergency<br />
room. Internet communications are<br />
convenient and efficient for simple medical<br />
problems and save both time and money.<br />
The health care consumer nowadays is<br />
much more informed, educated, and accustomed<br />
to using electronic sources to gather<br />
and transfer information, and is more likely<br />
to ask for advice by e-mail or phone.<br />
n Cost savings to providers – Providers also<br />
benefit from telemedicine. Travel time for<br />
providers can be significantly reduced as<br />
well. Many radiologists have opted to get<br />
the applicable equipment installed in their<br />
homes when participating in teleradiology<br />
services, thus saving on transportation<br />
expenses with the additional attraction of<br />
flexible working hours. 6<br />
n Improved patient outcomes –<br />
Telemedicine provides quicker delivery of<br />
Continued on page 48<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
47<br />
March 2009
Cyber doctors ...continued from page 47<br />
care, which leads to improved continuity<br />
of care. Doctors can get a more accurate<br />
diagnosis of their patients with the quick<br />
access to a second opinion by teleconsulting<br />
with a specialist.<br />
n Cutting edge opportunities – State of the<br />
art equipment, such as remotely controlled<br />
surgical robots, are opening up many<br />
future opportunities for research, the<br />
military, and NASA.<br />
<strong>Compliance</strong> and legal issues<br />
The telemedicine industry faces many challenges.<br />
Hospitals and other providers need to conduct<br />
due diligence before engaging in any telemedicine<br />
activities. Below are some of the issues.<br />
Interstate licensing<br />
The essence of telemedicine is practicing<br />
medicine without borders. Technology enables<br />
the provider to render an opinion or interpret<br />
a test on a patient who lives down the road as<br />
easily as one living in a different state or across<br />
the world. However, when telemedicine is<br />
practiced across state lines, licensure becomes<br />
an issue. The patient’s physical location (i.e.,<br />
the originating site) identifies the location<br />
where the health care is provided, so a provider<br />
must abide by the laws of that state. In many<br />
cases, this may mean that the provider has to<br />
get licensed in that state. This can be quite<br />
burdensome for a telemedicine provider<br />
who may have to fill out multiple licensure<br />
applications and pay multiple registration fees<br />
in order to practice. In addition, each state has<br />
its own licensure laws regulating telemedicine<br />
with varying degrees of restrictions or exemptions.<br />
In Arizona, licensure requirements do<br />
not apply if a doctor licensed in another state<br />
engages in an episodic consultation about<br />
a patient with a doctor licensed in Arizona.<br />
Montana, on the other hand, prohibits the<br />
practice of telemedicine without a telemedicine<br />
certificate issued by the State Board of Medical<br />
Examiners. 7,8 Some states have not determined<br />
how they want to address the out-of-state<br />
providers licensure issue.<br />
It is not just a physician issue. Hospitals may be<br />
viewed as “aiding and abetting” the physician<br />
who is practicing telemedicine without a license<br />
in another state. A hospital must carefully review<br />
each state’s requirements with their Legal department<br />
before engaging in any kind of telemedicine<br />
involving physicians in other states.<br />
Several medical specialties, such as the American<br />
College of Radiology (ACR), have developed<br />
guidelines for telemedicine activities to ensure<br />
the protection of the patient. On the topic of<br />
overseas contracting for teleradiology, the ACR<br />
recommends that the overseas radiologist “be<br />
licensed by the state(s) and credentialed by the<br />
U.S. hospital(s) that contracts for their services as<br />
stated in the American College of Radiology Teleradiology<br />
Technical Standards.” The interpreting<br />
physician should also be covered by medical<br />
malpractice insurance. Hospitals should conduct<br />
due diligence when entering into contractual<br />
arrangements with teleradiology companies.<br />
Discussions are underway to try to resolve<br />
these licensure dilemmas. The 2001 Telemedicine<br />
Report to Congress outlined different<br />
alternatives to address these issues, including<br />
assessing the feasibility of developing<br />
common licensure application forms.<br />
Credentialing issues<br />
Another dilemma for which solutions are not<br />
clearly defined by the regulations are credentialing<br />
issues. Must a telemedicine provider be<br />
credentialed in the state in which the patient<br />
is located? Various credentialing organizations,<br />
such as the Joint Commission of<br />
Accreditation (JCAHO), have provided some<br />
standards for telemedicine which indicate that<br />
a licensed practitioner who is responsible for<br />
the care of a patient via a telemedicine link<br />
is subject to the credentialing and privileging<br />
processes of the originating site. However,<br />
the originating site can use the credentialing<br />
information from the distant site, if the<br />
distant site is a JCAHO–accredited organization<br />
(Standard MS.13.01.01). JCAHO does<br />
not address all areas of telemedicine services.<br />
Consultative services, for example, fall outside<br />
the scope of the JCAHO telemedicine standards.<br />
9 And, what about the teleradiologist<br />
who is unaffiliated with a particular hospital<br />
and practices independently? Telemedicine is<br />
still an underdeveloped medical-legal frontier.<br />
Security and privacy issues<br />
Privacy, security and confidentiality issues<br />
are not unique to telemedicine. Similar to<br />
any other electronic transactions, hospitals<br />
must ensure that adequate precautions are<br />
taken when transmitting protected health<br />
information (PHI) out of the hospital<br />
networks. Because telemedicine activities<br />
can be broadcast anywhere, the concerns are<br />
perhaps more prevalent. The America Medical<br />
<strong>Association</strong> (AMA) has developed guidelines<br />
for physician–patient e-mail communications.<br />
Advances in technology have brought great<br />
benefits as well as drawbacks in this area.<br />
Informed consent<br />
Physicians who practice telemedicine must also<br />
consider informed consent requirements, which<br />
vary from state to state. In some states, the<br />
informed consent requirements do not apply if<br />
the patient is not involved directly in the telemedicine<br />
activity (such as consultative services).<br />
In addition, the physician’s home state may have<br />
different informed consent requirements than<br />
the state where the patient resides. The treating<br />
physician should explain to the patient, not only<br />
the risks associated with the telemedicine service,<br />
but issues such as which state the telemedicine<br />
provider is licensed/credentialed in, the process<br />
for follow up care, the equipment required, and<br />
the operating staff that may be required at the<br />
originating site and at the distant site. 10<br />
March 2009<br />
48<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
Telemedecine equipment<br />
The technology involved with a telephone or<br />
simple videoconference hookup for telemedicine<br />
services is easy to use and readily available.<br />
However, depending on the type or equipment<br />
or technology used in the telemedicine service,<br />
the provider may be required to abide by state<br />
and federal regulations related to the use of<br />
such equipment. The Federal Food and Drug<br />
Administration (FDA) has the responsibility for<br />
regulating the safety and effectiveness of medical<br />
devices, and therefore, may regulate software and<br />
hardware used to practice telemedicine. Also, telemedicine<br />
providers must consider particular state<br />
regulations. Some states have instituted specific<br />
rules governing the use of the Internet, e-mail and<br />
similar technologies when treating patients.<br />
Hospitals and telemedicine providers need<br />
to review FDA and state regulations in<br />
telemedicine arrangements in reference to<br />
equipment, related technologies, and the use<br />
of the Internet in the treatment of patients.<br />
Reimbursement issues<br />
The lack of reimbursement for the provision<br />
of this mode of treatment is an obstacle to the<br />
expansion of telemedicine. Congress has taken<br />
some action in the Balanced Budget Act (BBA)<br />
of 1997 where some Medicare reimbursement<br />
for telehealth services was authorized. Congress<br />
has further directed The Centers for Medicare &<br />
Medicaid Services (CMS) to establish a payment<br />
methodology for telemedicine services in rural<br />
shortage areas if certain conditions are met. 11<br />
Medicare<br />
The Medicare Policy Benefit Manual has<br />
specific guidelines for coverage and payment for<br />
telehealth services. The list of services covered<br />
are: consultations, office visits, individual<br />
psychotherapy, pharmacologic management,<br />
psychiatric diagnostic interview examination,<br />
end-stage renal disease-related services, individual<br />
medical nutrition therapy, and most recently<br />
added in 2008, neurobehavioral status exam.<br />
The CPT codes used to report telehealth services<br />
are no different than regular services performed<br />
without the use of a telecommunications system<br />
(with the few exceptions already mentioned<br />
for telephone and online consultations and<br />
remote-real time interactive video-conferenced<br />
critical care services). The originating site must<br />
be located either in a rural health professional<br />
shortage area (HPSA) or in a county outside of a<br />
metropolitan statistical area (MSA). Authorized<br />
originating sites are limited to a physician’s office,<br />
a hospital, a critical access hospital, a rural health<br />
clinic, or a federally qualified health center. On<br />
July 16, 2008 Congress passed H.R. 6331, which<br />
expanded Medicare coverage beginning January<br />
1, 2009, to include skilled nursing facilities, inhospital<br />
dialysis centers, and community mental<br />
health centers as telemedicine sites.<br />
The guidelines further state:<br />
“For Medicare payment to occur, interactive<br />
audio and video telecommunications<br />
must be used, permitting real-time<br />
communication between the distant<br />
site physician or practitioner and the<br />
Medicare beneficiary. As a condition of<br />
payment, the patient must be present and<br />
participating in the telehealth visit.”<br />
The payment amount is equal to the<br />
reimbursement of the service without the use<br />
of telemedicine. There is one exception to the<br />
interactive telecommunications requirement in<br />
the case of federal telemedicine demonstration<br />
programs, such as the ones conducted in Alaska<br />
or Hawaii. In those cases, Medicare payment is<br />
permitted for “store and forward technology”. 12<br />
Telephone calls and online consultations<br />
Medicare does not pay for telephone calls or<br />
online consultations at this time. In fact, the<br />
Medicare Benefit Manual Medicare, Chapter<br />
15 states that telephone call services are considered<br />
an integral part of the physician services<br />
and there is no separate payment. Though this<br />
article does not focus on non-federal payers, it<br />
is worth mentioning that Aetna and CIGNA<br />
<strong>Health</strong><strong>Care</strong> are already paying some physicians<br />
for online patient consultations. 13<br />
Home health<br />
Federal regulations require face-to-face visits<br />
for home health, and telemedicine cannot be<br />
used as a substitute for those visits. However,<br />
a telemedicine encounter may be used as a<br />
supplement to the required face-to-face visits.<br />
The Medicare Benefit Policy Manual, Chapter<br />
7 can be reviewed for further detail.<br />
Teleradiology outsourcing<br />
With respect to teleradiology that is outsourced<br />
to a different country, CMS prohibits payments<br />
to providers outside the United States.<br />
Hospitals with such arrangements would have<br />
to pay the overseas radiologists directly. The<br />
ACR has voiced concern about the interpretation<br />
of radiology images outside of the U.S.,<br />
because of the risk that a US radiologist would<br />
be signing off on the “ghost-read” radiographs<br />
without a careful review. 14<br />
Medicaid<br />
CMS has not formally defined telemedicine<br />
services for the Medicaid program; however,<br />
in some states, Medicaid reimbursement is<br />
available for certain services.<br />
2009 OIG WorkPlan<br />
It is noteworthy that some form of telemedicine<br />
auditing is included in the 2009 Work<br />
Plan. OIG will be reviewing the appropriateness<br />
of Medicare claims for long-distance<br />
evaluation and management services:<br />
“Pursuant to the CMS ‘Medicare Benefits<br />
Policy Manual,’ Pub. No. 100-02, ch. 15, §<br />
30, a service may be considered a physician’s<br />
service if the physician either examines the<br />
Continued on page 50<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
49<br />
March 2009
Cyber doctors ...continued from page 49<br />
patient in person or is able to visualize some<br />
aspect of the patient’s condition without a<br />
third person’s judgment. Although services<br />
provided by means of a telephone call between<br />
the physician and the beneficiary may<br />
be covered under Medicare, there are certain<br />
services that require a face-to-face visit.<br />
Previous OIG work identified instances of<br />
physicians billing for services that would normally<br />
require a face-to-face examination for<br />
beneficiaries who lived a significant distance<br />
from the physician. We will also examine<br />
factors that contribute to the submission of<br />
long-distance physician claims.”<br />
Per the Medicare Benefit Policy Manual,<br />
Chapter 15, Section 270.2,<br />
“the use of a telecommunications system may<br />
substitute for a face-to-face, ‘hands on’ encounter<br />
for consultations, office visits, individual<br />
psychotherapy, pharmacologic management,<br />
psychiatric diagnostic interview examination,<br />
end stage renal disease related services, and<br />
individual medical nutrition therapy.”<br />
However, because the CPT codes used are,<br />
CCB Accredited<br />
in most cases, the same as non-telemedicine<br />
encounters, it is unclear how the OIG will<br />
pull the data for this review.<br />
Conclusion<br />
Telemedicine plays a critical role in providing<br />
access to health care, especially in underserved<br />
areas. Providers must ensure that the risks of<br />
providing telemedicine services do not outweigh<br />
the benefits, carefully enter into agreements<br />
with the assistance of their Legal department,<br />
and should develop telemedicine policies. n<br />
1 Wikipedia, the Free Encyclopedia – http://en.wikipedia.org/wiki/<br />
In_absentia_health_care<br />
2 Official Site of the French/Israeli Chamber of Commerce - Article by<br />
Michael Finkelstein – 9/27/2008 - Available at: http://www.israelvalley.com/<br />
news/2008/09/27/19708/israel-medical-abecedaire-telemedecine-peut-savoirsi-le-risque-de-crise-cardiaque-est-reel-grace-a-un-telephone-portable-special<br />
3 Reseau RAFT Network - http://raft.hcuge.ch/<br />
4 Surgeons perform successful near real time telesurgery from New York<br />
on patient in France. Available at: http://www.hoise.com/vmw/01/<br />
articles/vmw/LV-VM-10-01-20.html<br />
5 Society of American Gastrointestinal Endoscopic Surgeons (SAGES)<br />
2000 - Remote Surgery Guidelines<br />
6 Radiology Today - “Remote Reading -PACS and Teleradiology Let<br />
Radiologists Work Almost Anywhere.” - Dan Harvey - 4/10/06<br />
7 AMA - Physician Licensure: An Update of Trends – Janice Robertson-<br />
2/27/2008<br />
8 Lynn D. Feisher and James C. Dechene, Eds: Telemedicine and<br />
E-<strong>Health</strong> Law. Law Journal Seminars Press; Lslf edition (December 5,<br />
2004) Chapter 1<br />
9 JCAHO Perspectives - Existing requirements for telemedicine practitioners<br />
explained – Feb 2003. Available at: http://americantelemed.i4adev.<br />
com/files/public/abouttelemedicine/JCP_2_2_2003.pdf<br />
10 Lynn D. Feisher and James C. Dechene, Eds: Telemedicine and<br />
E-<strong>Health</strong> Law. Law Journal Seminars Press; Lslf edition (December 5,<br />
2004) Chapter 1<br />
11 Lynn D. Feisher and James C. Dechene, Eds: Telemedicine and<br />
E-<strong>Health</strong> Law. Law Journal Seminars Press; Lslf edition (December 5,<br />
2004) Chapter 8<br />
12 Medicare Benefit Manual – Chapter 15 – Section 270 – Telehealth Services<br />
13 New, Revised CPT Codes Target Online, Telephone Services - Sheri Porter<br />
– 2/29/08 – Available at: http://www.aafp.org/online/en/home/publications/news/news-now/practice-management/20080229cptcodes.html<br />
14 The American College of Radiology ( ACR) - Revised Statement on the<br />
Interpretation of Radiology Images Outside the United States – 5/23/06<br />
C R E D I B I L I T Y<br />
Standing at the crossroads<br />
...continued from page 45<br />
n Is there a higher-level management issue<br />
within the department?<br />
n Because the employee has a pregnant<br />
wife who is about to deliver, should the<br />
organization maintain their benefits? If so,<br />
for how long?<br />
Overall organizational responsibility and<br />
commitment to the institutional ethic<br />
recognized by this model is dependent on the<br />
commitment of the organization’s governance<br />
and executive leadership. Almost every hospital<br />
operates each of the ethics components<br />
described in this model. The model proposed<br />
in this paper, though, is just a model. At<br />
the end of the day, what counts is how the<br />
organization places this model (or any model)<br />
into practice; and more importantly, how it<br />
is promoted and practiced by its executive<br />
leadership and board.<br />
As organizations and the delivery of health<br />
care evolves, our system of caring is becoming<br />
more complex. As a result, we as providers<br />
of health care, both clinical and non-clinical,<br />
will face more multifaceted ethical and legal<br />
challenges. The strategy above is neither<br />
a “golden hammer,” nor a one-size-fits-all<br />
resolution to the challenge. Instead, it is<br />
an attempt to encourage rethinking of our<br />
overall ethics strategy and commitment to<br />
mission driven health care. n<br />
Certificate in <strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong><br />
Gain the knowledge compliance officers need in a unique setting<br />
• Interactive courses from industry leaders<br />
• Part time program for working professionals<br />
• Practical knowledge to prepare for the<br />
certification exam—and a meaningful new career<br />
1 Bacon, Francis, ed. Lisa Jardine. New Organon. Cambridge University<br />
Press. March 2000.<br />
2 See “Success and Failures of Hospital Ethics Committes: A National<br />
Survey of Ethics Committee Chairs” Gleen McGee. Cambridge<br />
Quarterly of <strong>Health</strong>care Ethics, Volume 11, Issue 1, January 2002 p87.<br />
(<strong>Health</strong>care ethics committees formally began with the adoption of<br />
Committees for the Discussion of Morals in Medicine at U.S. Catholic<br />
hospitals in the 1960s.).<br />
3 See 63 Fed Reg No. 35, 8987 (February 23, 1998).<br />
4 U.S. Sentencing Commission Guidelines, November 1, 2006, Chapter<br />
8.<br />
5 See Murphy PhD, Kevin. “A ‘Next Generation’ Ethics Committee.”<br />
<strong>Health</strong> Progress. March-April 2006.<br />
6 Clinical Operations, Finance, Risk Management, and Human Resources<br />
7 Paine, Lynn Sharp. Ethics: A Basic Framework. Harvard Business<br />
Review. October 12, 2006.<br />
www.hamline.edu/law/health | 651-523-2625 | mmiller14@hamline.edu<br />
March 2009<br />
50<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
Mandatory Stark<br />
reporting: Is a<br />
denouement nigh, or<br />
just another chapter in<br />
the saga?<br />
Editor’s note: Ed Rauzi and Lisa Hayward are<br />
partners in the Seattle Office of Davis Wright Tremaine,<br />
LLP. They work for clients in the health<br />
care delivery system full-time, all the time. Ed<br />
may be reached by telephone at 206/757-8127<br />
and Lisa’s number is 206/757-8058.<br />
Although it receives scant attention,<br />
the Stark Law has always<br />
authorized the Secretary of <strong>Health</strong><br />
& Human Services to require hospitals to<br />
submit information concerning financial<br />
relationships such hospitals have with physicians.<br />
Regulations purporting to implement<br />
that authority have existed since 1991. 1 To<br />
date, however, there is no evidence that the<br />
Centers for Medicare and Medicaid Services<br />
(CMS) has ever used its authority, even in an<br />
investigation. That may soon change.<br />
In a filing with the Office of Management<br />
and Budget (OMB) on December 18, 2008,<br />
CMS sought approval of documents that<br />
will require selected hospitals to disclose<br />
in writing the financial relationships they<br />
had with physicians in calendar year 2006.<br />
OMB’s permission is required under the<br />
Paperwork Reduction Act, which prohibits a<br />
federal agency from subjecting any person to<br />
a penalty for failing to respond to a request<br />
for information unless the request includes an<br />
OMB authorization number.<br />
If CMS gets its way, 400 hospitals will soon<br />
be receiving a form letter transmitting a<br />
By Edwin Rauzi and Lisa Hayward<br />
packet of information and eight Microsoft<br />
Excel spreadsheets. The letter will inform the<br />
hospitals that they have 60 days to compile a<br />
comprehensive list and provide documentation<br />
of virtually all financial relationships<br />
with physicians and their immediate family<br />
members. 2 The disclosing hospitals will need<br />
to identify and disclose each financial relationship<br />
with each physician. As compliance<br />
officers know, a hospital is prohibited from<br />
submitting a claim to the Medicare program<br />
based on an order or referral from a physician<br />
with whom the hospital has a financial<br />
arrangement that does not satisfy a Stark<br />
exception. The CEO, CFO or “comparable<br />
officer” will be required to certify that the<br />
information is “true and correct, to the best of<br />
my belief and knowledge.”<br />
This is not CMS’s first attempt at obtaining<br />
approval to send out a demand for information.<br />
As <strong>Compliance</strong> Today noted in its September<br />
2007 edition, CMS has been pursuing this<br />
initiative for some time. 3 Perhaps in response to<br />
criticism by lobbyists and the hospital industry,<br />
the last iteration of the packet was withdrawn by<br />
CMS on April 10, 2008. CMS began retracing<br />
its steps with the publication of a notice soliciting<br />
additional comments in the April 30, 2008,<br />
edition of the Federal Register.<br />
The details CMS changed in the new packet<br />
include:<br />
n Reducing the number of hospitals to be<br />
surveyed from 500 to 400;<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
n Increasing the estimate of time that will be<br />
spent in responding from six to 100 hours;<br />
n Disclosing that the responses will be<br />
evaluated initially by a Program Safeguards<br />
Contractor;<br />
n Requiring the disclosure of the National<br />
Practitioner Identifier numbers of<br />
physicians (instead of Unique Physician<br />
Identification numbers);<br />
n Acknowledging that “some” hospitals may<br />
solicit legal review of the information<br />
before it is submitted;<br />
n Clarifying that transactions in each direction<br />
(e.g., leases to physicians by hospitals<br />
as well as leases from physicians by hospitals)<br />
are included; and<br />
n Warning that the government will not be<br />
“estopped” from asserting that an arrangement<br />
the hospital characterizes as compliant<br />
is non-compliant.<br />
Many more things in the packet stayed the same.<br />
In addition to the certification requirement:<br />
n The deadline to respond remains 60 days<br />
after receipt (although CMS will consider<br />
granting extensions);<br />
n The sanction for late responses is potentially<br />
$10,000 per day;<br />
n Unless the hospital has a calendar fiscal<br />
year, information (and contracts) for two<br />
fiscal years will be required;<br />
n Unless groups of agreements are “substantially<br />
the same,” copies of each agreement<br />
must be submitted;<br />
n The hospital must assert whether each<br />
agreement satisfies all of the elements<br />
defined in the applicable regulation;<br />
n The hospital must identify not only<br />
recruiting, personal service and rental arrangements<br />
that they believe fit within an<br />
exception, but also relationships that are<br />
“implicated” by those exceptions; and<br />
n That the information obtained may be<br />
“shared” with other government agencies.<br />
Continued on page 52<br />
51<br />
March 2009
Mandatory Stark reporting:<br />
...continued from page 51<br />
New developments in payment and public reporting of quality of care ...continued from page 9<br />
One conundrum that hospitals are likely<br />
to face is whether each contract with each<br />
physician for each portion of the two year<br />
period must be provided to CMS. If the<br />
hospital’s contracts are “uniform,” then only<br />
a sample must be provided. An agreement is<br />
uniform if “all of the elements present in the<br />
arrangements are materially the same.” Given<br />
the language in the certification, the stakes<br />
involved, and the nature of contracts between<br />
physicians and hospitals, contracts that are<br />
“uniform” may prove to be the exception<br />
rather than the norm.<br />
The names of approximately 290 hospitals<br />
that will receive the packet can be identified.<br />
Those hospitals are either physician-owned<br />
or competitors, who failed to respond to an<br />
earlier “voluntary” request for information.<br />
At the time this article goes to press, it is<br />
not possible to identify the remaining 110<br />
hospitals. It seems likely, however, that at least<br />
one hospital in each state (and more likely,<br />
two) will be chosen.<br />
Hospital compliance officers are well-advised<br />
to show the Certification Statement and<br />
Worksheet 7 to the CEO and CFO, along<br />
with the form’s cover letter. 4 A candid discussion<br />
of whether the hospital could respond<br />
with the scope and quantity of information<br />
required and in the time allotted should<br />
ensue. The hospital may choose to play<br />
“Russian Roulette” and gamble that it is not<br />
one of the hospitals chosen, but woe to the<br />
compliance officer whose senior management<br />
is “surprised” at receiving CMS’s demand. n<br />
1 56 Fed. Reg. 61374<br />
2 The instructions state: “For any question pertaining to the financial relationship<br />
between a physician and the Hospital or entity or individual,<br />
“physician” shall include each immediate family member of the physician,<br />
as defined in 42 CFR §411.351.”<br />
3 CMS sought public comment in Federal Register notices that published<br />
on May 18, 2007 (72 FR 28056), and September 14, 2007 (72 FR<br />
52568). CMS began the process anew in the FY 2009 IPPS proposed<br />
rule (73 FR 23700).<br />
4 The full packet is available at http://www.cms.hhs.gov/PaperworkReduc-<br />
tionActof1995/PRAL/itemdetail.asp?filterType=none&filterByDID=-<br />
99&sortByDID=2&sortOrder=descending&itemID=CMS1218565&in<br />
tNumPerPage=10<br />
include: retained foreign object after surgery,<br />
air embolism, blood incompatibility, stage III<br />
& IV pressure ulcers, falls and traumas such<br />
as electric shock and burns, and manifestations<br />
of poor glycemic control.<br />
Two recent developments signal CMS’ intent<br />
to expand this policy to professionals and to<br />
entities other than inpatient hospitals. First,<br />
in the OPPS Final Rule, CMS discussed<br />
in detail its intent to expand its Hospital-<br />
Acquired Conditions program to outpatient<br />
hospital and other settings. Coining the<br />
term “healthcare-associated conditions,”<br />
CMS signaled its intent to extend the IPPS<br />
policy to hospital outpatient departments,<br />
ambulatory surgical centers (ASCs), skilled<br />
nursing facilities (SNFs), home health,<br />
physician practices, and other settings where<br />
preventable conditions can arise. Although<br />
no definitive policy changes were adopted in<br />
the OPPS Final Rule, CMS made clear that<br />
it views the ongoing problem of preventable<br />
healthcare-associated conditions in outpatient<br />
settings as a key strategy in its attempt to<br />
use Medicare payments to drive quality of<br />
care. This issue likely will be included in the<br />
joint IPPS/OPPS listening session that CMS<br />
intends to schedule this winter.<br />
Second, CMS has taken its focus on “never”<br />
events in a different direction. Instead of<br />
including certain “never” events among the<br />
hospital-acquired conditions for which it<br />
currently denies payment if not present on<br />
admission, CMS has proposed three National<br />
Coverage Determinations (NCDs) eliminating<br />
payment for three serious medical errors: performing<br />
the wrong surgical or other invasive<br />
procedures on a patient; surgical or other invasive<br />
procedures performed on the wrong body<br />
part; and surgical or other invasive procedures<br />
performed on the wrong patient. The three<br />
NCDs were released on December 2, 2008,<br />
and CMS’ goal is to issue them in final form<br />
by March, 2009. By using the NCD approach,<br />
the payment denial policy will extend beyond<br />
inpatient hospital care, affecting payment to<br />
physicians, hospital outpatient departments,<br />
and all other health care providers or suppliers<br />
which may be involved.<br />
Conclusion<br />
As the foregoing developments indicate, CMS<br />
continues to aggressively pursue strategies<br />
to tie payment to quality. It is expanding<br />
the scope of its pay-for-reporting initiatives<br />
to new settings and types of providers as a<br />
transition to pay for quality (value-based<br />
purchasing), and continues to expand the<br />
number of measures used to monitor quality.<br />
All healthcare entities and professionals are<br />
well advised to stay abreast of these new<br />
developments and to participate in them if<br />
they can, as payment tied to demonstrated<br />
quality of care is the Congressional goal in the<br />
not too distant future. n<br />
1 Tax Relief and <strong>Health</strong> <strong>Care</strong> Act of 2006, Pub. Law 109-432 (Dec. 20,<br />
2006), adding subsection (k) to SSA § 1848 and 42 U.S.C. § 1395w-4.<br />
2 The Medicare Improvements for Patients and Providers Act of 2008,<br />
Pub. Law 110-275 § 131(b) (July 15, 2008), amending SSA § 1848(k),<br />
(m) and 42 U.S.C. § 1395w-4(k), (m).<br />
3 SSA § 1848(k)(3)(B); 42 U.S.C. § 1395ww-4(k)(3)(B).<br />
4 Pub. Law 110-275 at § 131(d).<br />
5 HHS, Development of a Plan to Transition to a Medicare Value-Based<br />
Purchasing Program for Physician and Other Professional Services (Nov.<br />
26, 2008), available at http://www.cms.hhs.gov/PhysicianFeeSched/<br />
downloads/PhysicianV<strong>BP</strong>-Plan-Issues-Paper.pdf.<br />
6 Subsection (d) refers to SSA § 1886(d); 42 U.S.C. § 1395ww(d).<br />
Subsection (d) hospitals are hospitals in the 50 States, D.C., and Puerto<br />
Rico, except for psychiatric hospitals, rehabilitation hospitals, hospitals<br />
whose inpatients are predominantly under 18 years old, and hospitals<br />
whose average inpatient length of stay exceeds 25 days.<br />
7 Deficit Reduction Act of 2005, Pub. Law 109-171 § 5001(a), (b) (Feb.<br />
8, 2006).<br />
8 The drafted legislation is currently titled the Medicare Hospital Quality<br />
Improvement Act of 2008 (not yet numbered).<br />
9 CMS, Physician Quality Reporting Initiative: 2007 Reporting Experience<br />
(Dec. 3, 2008) available at http://www.cms.hhs.gov/PQRI/Downloads/PQRI2007ReportExperience.pdf.<br />
10 Pub. Law. 110-275 § 131(b)(3), adding SSA § 1848(m)(5)(G); 42<br />
U.S.C. § 1395w-4(m)(5)(G).<br />
11 2009 Physician Fee Schedule Final Rule, 73 Fed. Reg. 69725, 69846-47<br />
(Nov. 19, 2008).<br />
12 Id. at 69845.<br />
13 Medicare Prescription Drug Improvement and Modernization Act of<br />
2003, Pub. Law 108-173 (Dec. 8, 2003), adding SSA § 1860D-4(e), 42<br />
U.S.C. § 1395w-104(e).<br />
14 CMS, Overview of E-Prescribing program, http://www.cms.hhs.gov/<br />
eprescribing/.<br />
15 2009 Physician Fee Schedule Final Rule, 73 Fed. Reg. 69725, 69848<br />
(Nov. 19, 2008).<br />
16 For specific codes, see CMS, Medicare’s Practical Guide to the E-<br />
prescribing Incentive Program (Nov. 2008), available at http://www.<br />
cms.hhs.gov/partnerships/downloads/11399.pdf.<br />
17 Information about the qualified e-prescribing systems can be found at<br />
CMS, 2009 Electronic Prescribing Incentive Program – Adoption/Use<br />
of Medication Electronic Prescribing Measures, (Nov. 7, 2008) available<br />
at http://www.cms.hhs.gov/PQRI/Downloads/E-PrescribingMeasure-<br />
Specifications.pdf.<br />
18 73 Fed. Reg. 68502, 68758 (Nov. 18, 2008)<br />
19 Pub. Law. 109-432 Part B § 109 (Dec. 20, 2006), adding SSA § 1833(t)<br />
(17), 42 U.S.C. § 1395(l)(t)(17).<br />
20 72 Fed. Reg. 66580, 66860 (Nov. 27, 2007).<br />
21 Inpatient Prospective Payment System FY 2009, 73 Fed. Reg. 48434,<br />
48471 (Aug. 19, 2008).<br />
March 2009<br />
52<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
Charge Description<br />
Master compliance<br />
assessments<br />
Editor’s note: Joel W. Lipin is Managing<br />
Director, Reimbursement Services with Sinaiko<br />
<strong>Health</strong>care Consulting, Inc. in Los Angeles. He<br />
may be reached by telephone at 310/551-5252.<br />
Years ago (not to reveal my age)<br />
the Charge Description Master<br />
(CDM) was an unknown entity.<br />
I remember numerous occasions in which I<br />
entered a CFO’s office and tried to convince<br />
the staff that they needed to pay attention<br />
to the data within their CDM. Many times<br />
I experienced reluctance during these visits.<br />
I now look back on those times and realize<br />
that CDM awareness has truly evolved to<br />
a point now where most healthcare-related<br />
magazines have an article about the CDM on<br />
some regular basis.<br />
The CDM is a critical component within<br />
the middle section of the revenue cycle that<br />
brings together charging, coding, and billing<br />
functions as the computerized warehouse for<br />
charge descriptions, coding, and pricing for<br />
all charges incurred within a hospital setting.<br />
Because there are two distinct sources of<br />
coding, from the CDM (hard-coded) and<br />
<strong>Health</strong> Information Management (HIM)<br />
(soft-coded), it is important to understand<br />
where the coding is derived for each of the<br />
various departments. Some examples are the<br />
laboratory, which usually is hard-coded from<br />
the CDM; the Surgical Services areas are<br />
usually soft-coded by HIM, based upon the<br />
medical record documentation.<br />
To ensure that your CDM maintains accurate<br />
information, it is mandatory to conduct<br />
CDM compliance assessments at least once a<br />
By Joel W. Lipin, MD, MPH<br />
year. With CPT/HCPCS codes being revised<br />
as each Centers for Medicare and Medicaid<br />
Services (CMS) memorandum is issued, it is<br />
even more important to review the accuracy<br />
of each line item within your CDM in<br />
accordance with federal, state, and third-party<br />
regulatory requirements. The basic assessment<br />
should include, at a minimum, an evaluation<br />
of appropriate CPT/HCPCS codes, UB-04<br />
revenue codes, accurate and consistent<br />
descriptions, appropriate and consistent<br />
pricing of line items, as well as verification<br />
that services are accurately identified during<br />
the charge capture process.<br />
The project scope should include all line items<br />
within the CDM, because several procedures<br />
and services will occur across many departments.<br />
In most cases, these procedures and services<br />
are performed in a like manner and should<br />
be represented from a description, coding, and<br />
pricing perspective as the same. Not only is this<br />
a potential compliance risk if one department<br />
is charging a different price than another or<br />
charging the same for services that should be<br />
efficient by setting, but pricing transparency and<br />
defensible pricing issues are also at risk.<br />
More than ever, hospitals need to be cognizant<br />
of how their charges are established,<br />
whether they reflect prices above the highest<br />
fee schedule price, are greater than calculated<br />
costs, and are mindful of CPT/HCPCS<br />
coding hierarchy relationships. One example<br />
of the coding relationship includes the three<br />
CPT codes within radiology for magnetic<br />
resonance imaging of the brain, (i.e., CPT<br />
codes 70551, without contrast; CPT code<br />
70052, with contrast; and CPT code 70553,<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
without followed by contrast). In this case,<br />
the price for the procedure without contrast<br />
should be lower than the procedure with<br />
contrast, which in turn should be lower than<br />
the procedure that includes both a study<br />
without contrast followed by the procedure<br />
with contrast. Too often a CDM becomes<br />
incongruent as a result of yearly percentage<br />
price increases without a concern for these<br />
relational hierarchy issues.<br />
The CDM assessment should also include<br />
detailed face-to-face meetings with each<br />
department and should include an analysis<br />
of existing processes surrounding charge<br />
capture, CDM maintenance, and updates.<br />
Discussions with the department directors<br />
should identify potential breakdowns within<br />
the middle section of the revenue cycle<br />
(where the CDM resides) and work towards<br />
developing recommendations to resolve<br />
any identified issues. The approach for the<br />
departmental meetings should include discussions<br />
toward:<br />
n <strong>Compliance</strong>, medical necessity, charge<br />
capture, current correct coding initiatives,<br />
and national and local coding decisions;<br />
n Procedures and services that are provided<br />
and not currently captured;<br />
n Procedural methodology confirmation;<br />
n Controls, reconciliation, and/or policies<br />
and procedures related to charge capture,<br />
CDM, and pricing;<br />
n Charge tickets or electronic order entry<br />
screens to the CDM for appropriate line<br />
item additions, deactivations, or variances;<br />
n Line-by-line review to determine accuracy<br />
of the charge description, CPT/HCPCS<br />
code(s), UB-04 revenue code(s) and the<br />
price;<br />
n Procedures that may or may not be appropriate<br />
for bundling or unbundling;<br />
n Inclusion of separate line-item billing<br />
for Medicare-reimbursable supplies and<br />
Continued on page 54<br />
53<br />
March 2009
Charge Description Master compliance assessments<br />
...continued from page 53<br />
pharmaceuticals and other Ambulatory Payment Classification<br />
(APC) pass-through items, and identifying chargeable verses nonchargeable<br />
line items;<br />
n Appropriate use of modifiers (especially related to the rehabilitation<br />
services, physical, occupational, speech, audiology); and<br />
n The use of unlisted CPT codes as potential “black holes” for<br />
lost charges, as well as other pertinent coding issues as needed.<br />
As more hospitals create positions for CDM coordinators, we are<br />
seeing the need for a specific skill set; one which includes knowledge<br />
of the clinical terminology and an understanding of the various<br />
procedures performed in a given specialty area, coupled with<br />
a solid understanding of coding and billing functions. Therefore,<br />
the CDM coordinator has evolved into a liaison between the front,<br />
middle, and back ends of the revenue cycle. This person, supported<br />
by the appropriately sized departmental staff (depending on the<br />
size of the facility), needs to maintain a proactive approach to the<br />
compliance and maintenance of the CDM. Staying current regarding<br />
specific regulatory changes and relating them to the applicable<br />
department must be a critical component of this individual’s job<br />
description.<br />
It is recommended that a CDM task force team be developed in<br />
order to continually communicate, monitor, maintain, and meet<br />
with each department at various intervals throughout the year. The<br />
task force should be comprised of the CDM coordinator, <strong>Compliance</strong><br />
coordinator, director of HIM, director of Patient Financial<br />
Services (PFS), representative from Information Technology<br />
(IT), and the department director(s) relevant for a given meeting.<br />
Maintaining an accurate and compliant CDM is a complex task<br />
that requires the full time attention of a CDM coordinator and the<br />
CDM task force.<br />
<strong>Compliance</strong> Today Editorial Board<br />
The following individuals make up the <strong>Compliance</strong> Today Editorial Advisory Board:<br />
Gabriel Imperato, JD, CHC<br />
CT Contributing Editor<br />
Managing Partner<br />
Broad and Cassel<br />
Christine Bachrach, CHC<br />
Senior Vice President –<br />
<strong>Compliance</strong> Officer<br />
<strong>Health</strong>South<br />
Bonnie-Lou Bennig<br />
Director of Corporate <strong>Compliance</strong><br />
& Quality Improvement<br />
Vanguard <strong>Health</strong>care Services, LLC<br />
Cynthia Boyd, MD, MBA<br />
Associate Vice President<br />
Chief <strong>Compliance</strong> Officer<br />
Rush University Medical Center<br />
Becky Cornett, PhD, CHC<br />
Director, Fiscal Integrity<br />
Finance Administration<br />
The Ohio State University<br />
Medical Center<br />
Gary W. Herschman<br />
Chair, <strong>Health</strong> and Hospital Law<br />
Practice Group<br />
Sills Cummis & Gross P.C.<br />
Deborah Randall, JD<br />
Partner<br />
Arent Fox LLP<br />
Kirk Ruddell, CHC, MBA<br />
<strong>Compliance</strong> Officer<br />
Island Hospital<br />
James G. Sheehan, JD<br />
New York State<br />
Medicaid Inspector General<br />
Lisa Silveria, RN BSN<br />
Home <strong>Care</strong> <strong>Compliance</strong><br />
Catholic <strong>Health</strong>care West<br />
Jeffrey Sinaiko<br />
President<br />
Sinaiko <strong>Health</strong>care Consulting, Inc.<br />
José A. Tabuena,<br />
JD, CFE, CHC<br />
VP Integrity and <strong>Compliance</strong>/<br />
Corporate Secretary<br />
MedicalEdge <strong>Health</strong>care Group, Inc.<br />
The efforts described above should be coupled with intermittent,<br />
more detailed compliance audits, including sample charge capture,<br />
coding and documentation assessments, audits of claims data relative<br />
to charge entry, and effective staff education on accurate CDM<br />
usage to mitigate significant compliance risks for your facility. The<br />
heightened scrutiny by governmental agencies has made it more<br />
important than ever to tighten your controls over these areas. So,<br />
when and if CMS or another governmental fraud agency sends<br />
a letter, your facility will be in a position to react quickly and<br />
your response won’t be one which is defensive, but rather one of<br />
confidence, knowing that these issues have already been monitored<br />
and explored for potential exposure. n<br />
David Hoffman, JD<br />
President<br />
David Hoffman & Associates<br />
Eric Klavetter, JD, MS, MA<br />
Privacy and <strong>Compliance</strong> Officer<br />
Mayo Clinic<br />
F. Lisa Murtha, JD, CHC<br />
Managing Director<br />
Huron Consulting Group<br />
Debbie Troklus, CHC, CCEP<br />
Assistant Vice President for<br />
<strong>Health</strong> Affairs/<strong>Compliance</strong><br />
University of Louisville<br />
School of Medicine<br />
Cheryl Wagonhurst, JD, CCEP<br />
Partner<br />
Foley & Lardner LLP<br />
March 2009<br />
54<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
Increased government<br />
oversight of<br />
managed care plans—<br />
Are you ready?<br />
Editor’s note: Steven E. Skwara is a partner in<br />
the Washington, DC offices of Epstein Becker<br />
& Green, P.C. He may be reached by telephone<br />
at 202/861-4192 or by e-mail at SSkwara@<br />
ebglaw.com.<br />
Medicare Advantage, Medicare Part D, and<br />
Medicaid managed care plans should assess<br />
whether they are prepared for sure-to-beincreased<br />
governmental oversight of their<br />
monitoring, investigating, and reporting of<br />
providers and other “downstream” entities<br />
for fraud and abuse. To that end, the first<br />
part of this article discusses specific governmental<br />
compliance requirements for fraud<br />
and abuse programs, particularly as they<br />
pertain to third-party monitoring, auditing,<br />
and investigation. The second part of this<br />
article discusses the implications of those<br />
fraud and abuse compliance requirements<br />
for government-contracted health plans, the<br />
reasonableness of those requirements (or lack<br />
thereof), and common indicia of an effective,<br />
and presumably compliant, fraud and abuse<br />
program.<br />
Increased fraud and abuse compliance<br />
requirements<br />
Both federal and state government agencies<br />
expect contracted Medicare and Medicaid<br />
health plans to act as sentinels against<br />
provider and “downstream” fraud and abuse.<br />
Although prosecutors will continue to rely on<br />
“whistleblowers” for federal, and increasingly,<br />
state-level, fraud or False Claims Act cases,<br />
recent comments show that prosecutors are<br />
affirmatively expecting increased referrals for<br />
By Steven E. Skwara<br />
health care fraud prosecution from program<br />
safeguard contractors. 1 Safeguard contractors,<br />
in turn, rely on the reporting of fraud and<br />
abuse by the front-line health plans.<br />
The seemingly inexorable result of this<br />
governmental sentinel effort, as evidenced by<br />
increasingly specific regulatory and contractual<br />
requirements regarding fraud and abuse,<br />
is that government-contracted health plans<br />
will have to demonstrate the efficacy of an<br />
outward-looking fraud and abuse program<br />
as part of an overall compliance portfolio.<br />
As to Medicare, the Centers for Medicare<br />
and Medicaid Services (CMS) has set forth<br />
specific fraud and abuse requirements for<br />
Medicare D plans and has stated its intention<br />
to issue fraud and abuse requirements for<br />
Medicare Advantage plans early in 2009.<br />
In light of recommendations made by the<br />
General Accounting Office in a recent report,<br />
increased CMS auditing of the fraud and<br />
abuse programs of Medicare Part D plans<br />
appears imminent and has been identified<br />
as an area of focus in the HHS-OIG FY<br />
2009 Work Plan. As to Medicaid, against a<br />
backdrop where the federal government has<br />
recently renewed emphasis on Medicaid fraud<br />
and abuse, state Medicaid agencies increasingly<br />
require Medicaid HMOs systematically<br />
to address fraud and abuse in their provider<br />
networks.<br />
Medicare Part D requirements for plan<br />
sponsors<br />
Congress and CMS have required Medicare<br />
Part D plan sponsors to guard against fraud<br />
and abuse by pharmacy benefits managers<br />
(PBM), pharmacies, prescribing physicians,<br />
pharmaceutical manufacturers, and others, as<br />
part of a comprehensive compliance program.<br />
Under the Medicare Modernization Act of<br />
2003, 2 the federal government mandated that<br />
Part D plan sponsors establish a program to<br />
control fraud and abuse.<br />
CMS has issued guidance to “assist Sponsors<br />
in implementing a comprehensive<br />
program to prevent and detect fraud and<br />
abuse in the prescription drug program”<br />
in Chapter 9 of CMS’ Prescription Drug<br />
Benefit Manual (Manual). Although many<br />
of the Manual’s recommendations purport<br />
to be aspirational (e.g., “this chapter provides<br />
recommendations,” 3 ), in reality, many Part D<br />
plan sponsors view the “recommendations”<br />
as mandatory, because those sponsors may<br />
soon be subject to CMS reviews focused in<br />
part on the efficacy of the sponsor’s fraud and<br />
abuse program. Indeed, the HHS-OIG FY<br />
2009 Work Plan specifically identifies this as<br />
an area of focus for fiscal 2009, stating that<br />
“[w]e will determine the extent to which plan<br />
sponsors conduct inquiries, initiate corrective<br />
actions and make referrals regarding potential<br />
fraud and abuse.” 4 (CMS has also announced<br />
that it plans to update its Part D fraud and<br />
abuse guidance in early 2009, but that update<br />
was not available at the time of this publication’s<br />
deadline.)<br />
The CMS Manual requires Part D plan<br />
sponsors to implement plans to monitor and<br />
investigate their transactional partners – “first<br />
tier,” “downstream,” and “related” entities<br />
involved in the administration or delivery<br />
of the drug benefit. 5 These entities include a<br />
plan sponsor’s PBM, pharmacies, prescribing<br />
physicians, drug wholesalers, and pharmaceutical<br />
manufacturers. The Manual does not,<br />
however, explain how a health plan sponsor<br />
Continued on page 56<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
55<br />
March 2009
Increased government oversight of managed care plans ...continued from page 55<br />
might, for example, go about reviewing or<br />
investigating transactions between pharmaceutical<br />
manufacturers and physicians for<br />
purposes of identifying “inappropriate transactions”<br />
or “illegal remuneration schemes.”<br />
Examples provided by CMS of the fraud or<br />
misconduct for each type of entity for which<br />
the plan sponsor must be vigilant include:<br />
1. PBMs – inappropriate formulary decisions;<br />
prescription drug switching; unlawful<br />
remuneration; inappropriate formulary<br />
decisions. 6<br />
2. Pharmacies – inappropriate billing<br />
practices; prescription drug shorting;<br />
prescription refill errors. 7<br />
3. Prescribers – illegal remuneration<br />
schemes; prescription drug switching;<br />
provision of false information. 8<br />
4. Wholesalers – counterfeit and adulterated<br />
drugs through black and gray market<br />
purchases. 9<br />
5. Pharmaceutical manufacturers –<br />
kickbacks, inducements, other illegal<br />
remuneration; formulary and formulary<br />
support activities; inappropriate relationships<br />
with physicians. 10<br />
Additionally, plan sponsors must “identify<br />
overpayments and underpayments at any level<br />
within the sponsor’s network.” 11<br />
Upon learning of possible fraud or abuse<br />
within its network of first tier, downstream,<br />
and related entities, a plan sponsor must<br />
conduct a “reasonable inquiry,” and, upon<br />
determining that potential fraud or misconduct<br />
related to the Part D program occurred,<br />
must promptly report the conduct to a<br />
Medicare Integrity Contractor (MEDIC).<br />
The scope of the potential “fraud or misconduct”<br />
is not limited to particular jurisdictions<br />
or even just criminal laws. CMS instructs<br />
plan sponsors to “refer potential violations<br />
of applicable federal and state criminal, civil<br />
and administrative laws, rules and regulations<br />
to the MEDIC and/or law enforcement for<br />
further investigation.” 12<br />
In sum, for Part D plan sponsors, CMS has<br />
prescribed a system under which Part D<br />
plan sponsors must implement monitoring<br />
and auditing processes focused on the entire<br />
pharmaceutical delivery system, from manufacture<br />
to dispensing. (The reasonableness<br />
and wisdom of this “soup to nuts” approach is<br />
discussed in Part II of this article.)<br />
CMS oversight in this area has, however,<br />
been minimal to date. In August 2008, the<br />
Government Accountability Office (GAO)<br />
issued a report showing that a selected sample<br />
of Part D sponsors had not fully implemented<br />
all of CMS’ required fraud and abuse compliance<br />
plan elements, including the monitoring<br />
and auditing requirements, and recommended<br />
that “CMS conduct timely audits of<br />
Part D sponsor’s fraud and abuse programs.” 13<br />
The GAO noted that CMS had not audited<br />
Part D sponsors’ fraud and abuse programs<br />
in 2007 and did not plan to do so in 2008. 14<br />
In an October 2008 audit report, HHS‐OIG<br />
found that although CMS conducted 19<br />
audits of plan sponsors in 2007, only one of<br />
these audits included a review of the sponsors’<br />
compliance plan.<br />
Also, HHS‐OIG reported that although<br />
CMS stated that its MEDIC would begin<br />
auditing sponsors’ compliance plans in<br />
summer 2008, as of early August 2008, the<br />
MEDICs had not yet done so. HHS‐OIG<br />
recommended that CMS “conduct routine<br />
audits of PDP sponsors’ compliance plans<br />
to ensure that these compliance plans meet<br />
all federal requirements. Specifically, these<br />
audits should cover all compliance plan<br />
requirements contained in regulations as well<br />
as requirements included in Chapter 9 of the<br />
‘Prescription Drug Benefit Manual.’” 15<br />
In its defense, CMS has cited the lack of<br />
funding from Congress as a reason for its<br />
limited fraud and abuse program oversight. 16<br />
CMS funding issues notwithstanding, as<br />
evidenced by the specific reference to reviews<br />
of plan sponsors’ fraud and abuse programs<br />
in the HHS-OIG 2009 Work Plan, plan<br />
sponsors should anticipate that CMS and its<br />
MEDICs will begin a more vigorous program<br />
of auditing the fraud and abuse programs of<br />
Part D sponsors.<br />
Medicare Advantage Plans<br />
As of the publication deadline for this<br />
article, CMS intended to issue fraud and<br />
abuse guidance for Medicare Advantage plan<br />
sponsors for implementation in early 2009. 17<br />
In the meantime, CMS advises Medicare<br />
Advantage plans to rely on the fraud and<br />
abuse guidance from the Part D Prescription<br />
Drug Benefit Manual. 18 Because Medicare<br />
Advantage plans cover many medical services<br />
other than prescription drugs, the Manual’s<br />
specific guidance concerning fraud and abuse<br />
by PBM’s and pharmacies is less relevant than<br />
its general fraud and abuse guidance.<br />
An application of the Manual’s general<br />
approach by Medicare Advantage plan<br />
sponsors would seem to require that those<br />
plans monitor and investigate providers in<br />
the plan’s network for potential fraud and<br />
abuse. The physicians, hospitals, laboratories,<br />
durable medical equipment (DME) providers,<br />
etc. in the Medicare Advantage plan’s<br />
network presumably comprise the “first<br />
tier,” “downstream,” and “related” entities<br />
involved in the administration or delivery of<br />
Medicare Advantage plans’ members’ health<br />
care services and products. Specific areas for<br />
fraud and abuse monitoring and investigation<br />
will likely include things like billing for<br />
services not rendered, upcoding, unbundling,<br />
and other traditional types of provider fraud.<br />
Also, as required in the Part D Manual,<br />
March 2009<br />
56<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
Medicare Advantage plan sponsors may be responsible<br />
(however implausibly) for monitoring illegal remuneration<br />
schemes involving providers and “downstream” entities (e.g.,<br />
potentially unlawful payments from a supplier to a physician).<br />
Medicare Advantage plan sponsors will also likely<br />
have specific reporting requirements for referrals to program<br />
safeguard contractors.<br />
In short, Medicare Advantage plans will be given specific<br />
guidelines for monitoring, investigating, and reporting<br />
external fraud and abuse, but the Part D Manual does provide<br />
clues about CMS’ fraud and abuse compliance expectations<br />
that plan sponsors should consider acting upon now.<br />
Medicaid HMOs<br />
As is the case with the Medicare-related plans, Medicaid<br />
HMOs (health maintenance organizations) too, face increasing<br />
compliance demands with respect to provider fraud and<br />
abuse activity. This movement began taking shape as part of<br />
CMS’ (then called the <strong>Health</strong> <strong>Care</strong> Financing Organization<br />
or HCFA) “National Medicaid Fraud and Abuse Initiative.”<br />
In HCFA’s “Guidelines for Addressing Fraud and Abuse in<br />
Medicaid Managed <strong>Care</strong>,” published in October 2000, HCFA<br />
asserted that<br />
“[w]hether established as a compliance program or a<br />
state-approved fraud and abuse plan, managed care organizations<br />
should undertake such efforts as . . . developing<br />
procedures to monitor service patterns of providers,<br />
subcontractors, and beneficiaries.” 19<br />
More succinctly, “[t]he MCO should be monitoring provider<br />
fraud . . . .” 20 And, according to HCFA, “[a]n MCO might<br />
identify provider fraud and abuse by reviewing for a lack of<br />
referrals, improper coding (upcoding and unbundling), billing<br />
for services never rendered or inflating the bills for services<br />
and/or goods provided.” 21<br />
Never Face a<br />
<strong>Compliance</strong> or Ethics<br />
Challenge Alone<br />
Now you can meet and collaborate with<br />
ethics and compliance professionals year<br />
round and around the clock. The <strong>Compliance</strong><br />
& Ethics Social Network puts you directly in<br />
touch with your peers.<br />
Get your questions answered. Learn from<br />
what others are doing. Share your experience,<br />
policies, and other documents. To get<br />
started:<br />
• Go to community.hcca-info.org.<br />
• Log in using your e-mail address and<br />
HCCA password.<br />
• Click “Social Network” (in the top black bar).<br />
• Click the name of a community (or<br />
communities) that interest you.<br />
• Select your communications<br />
option and save.<br />
• Start communicating and<br />
collaborating!<br />
• Maybe set up<br />
your own<br />
community…<br />
It’s fast, easy, and can help<br />
improve both your work and<br />
the profession as a whole.<br />
Sign on today.<br />
Moreover, the federal government has recently placed<br />
increased emphasis on Medicaid fraud and abuse as exemplified<br />
by the antifraud provisions of the Federal Deficit<br />
Reduction Act (DRA). 22 Though it has begun implementing<br />
the Medicaid Integrity Program pursuant to the DRA’s directive,<br />
CMS has not focused much on managed care, apparently<br />
Continued on page 58<br />
HCCA’S <strong>Compliance</strong> &<br />
Ethics Professional<br />
Social Network<br />
57<br />
March 2009
Increased government oversight of managed care plans ...continued from page 57<br />
content to leave that oversight function to the<br />
states for now.<br />
Consistent with these federal exhortations,<br />
the state-level agencies that directly oversee<br />
Medicaid managed care plans typically<br />
require those plans to monitor and investigate<br />
their provider networks for fraud and<br />
abuse. For example, a state Medicaid agency<br />
may require, by contract, the following fraud<br />
and abuse-related obligations:<br />
n Develop a comprehensive internal fraud<br />
and abuse program;<br />
n Upon a complaint of fraud or abuse<br />
or upon identifying any questionable<br />
practices, conduct a preliminary review<br />
to determine whether in the contractor’s<br />
judgment, there is sufficient reason to<br />
believe that the provider or enrollee has<br />
engaged in fraud or abuse, and where sufficient<br />
reason exists, report the matter in<br />
writing;<br />
n Make diligent efforts to recover improper<br />
payments or funds misspent due<br />
to fraudulent or abusive actions by the<br />
organization or its subcontractors;<br />
n Require providers to implement corrective<br />
actions or terminate provider agreements,<br />
as appropriate;<br />
n Submit reports on its fraud and abuse<br />
activities; and<br />
n Certify in writing on an annual basis<br />
that to the best of its (or its designated<br />
signatory’s) knowledge, the contractor is<br />
in compliance with its contract and is not<br />
aware of any instances of fraud and abuse<br />
in the program covered by the contract,<br />
other than those previously reported in<br />
writing.<br />
Medicaid managed care fraud and abuse<br />
requirements may vary by state, but they<br />
will tend to share common elements, and, if<br />
anything, they will become more demanding<br />
in light of the government’s recent emphasis<br />
on curtailing Medicaid fraud and abuse.<br />
Practical implications for governmentcontracted<br />
plans<br />
The practical challenge for many governmentcontracted<br />
health plans is implementing a<br />
competent fraud and abuse infrastructure,<br />
particularly for smaller plans that may not<br />
historically have investigated external fraud<br />
and abuse with vigor.<br />
The not-so-insignificant question of reasonableness<br />
remains open as well. As it stands,<br />
for example, CMS’ Part D fraud and abuse<br />
requirements for plan sponsors are impractical,<br />
if not impossible, to meet in certain<br />
respects and hopefully, with experience, CMS<br />
will recognize this fact.<br />
Finally, there are certain elements of an<br />
outward-looking fraud and abuse compliance<br />
program that, if implemented, should not<br />
only meet a government-contracted plan’s<br />
compliance obligations, but that also may<br />
make sense as a business proposition.<br />
The balance of this article addresses each of<br />
these practical implications in turn.<br />
Implementing an outward-focused<br />
program<br />
The ease with which a government-contracted<br />
health plan can implement a reasonable,<br />
compliant fraud and abuse program will vary,<br />
obviously, by the size and type of plan.<br />
For larger insurers that manage governmentcontract<br />
plans alongside other lines of health<br />
insurance, compliance with the burgeoning<br />
externally-focused fraud and abuse requirements<br />
have been, and will be, relatively<br />
painless. Most such insurers have established<br />
special investigations units (SIU’s), antifraud<br />
functions in audit or legal areas, or<br />
investigative outsourcing relationships for<br />
all of their lines of insurance, and it is not<br />
difficult to fold the government-contract<br />
business into the plan’s pre-existing antifraud<br />
activities. There will be additional, minimallyburdensome<br />
reporting obligations, but the<br />
antifraud infrastructure will be in place and<br />
the incremental cost of government-required<br />
fraud and abuse activities will be small.<br />
Even though insurers or plans may already<br />
have an investigative structure in place,<br />
however, there is still a need to develop a<br />
government program-specific monitoring and<br />
audit plan. For instance, in its recent report<br />
on fraud and abuse programs at Part D plans,<br />
the GAO noted that only one of five plan<br />
sponsors that the GAO reviewed conducted<br />
data analysis of Part D claims separate and<br />
apart from its “regular” analyses. 23 The implication<br />
from this finding is that, at least in the<br />
GAO’s view, a plan sponsor’s fraud and abuse<br />
program should include a Part D-specific<br />
work plan.<br />
Smaller or newer government-contracted<br />
plans may face a relatively greater challenge<br />
in demonstrating a compliant “downstream”<br />
fraud and abuse program, because they may<br />
not have a dedicated SIU or other antifraud<br />
infrastructure in place. To be sure, CMS<br />
expressly states that its Part D guidance<br />
does not require a health plan to develop<br />
an SIU. CMS does require a fraud and<br />
abuse program however. 24 In addition to the<br />
obvious solution — creating and staffing an<br />
SIU — a niche health care fraud investigations<br />
outsourcing industry is growing and<br />
may be a more financially-viable solution for<br />
small to mid-sized health plans. In any case,<br />
a program should be established in some<br />
demonstrable fashion.<br />
Reasonableness of fraud and abuse<br />
programs<br />
Reasonableness should be a core attribute of<br />
March 2009<br />
58<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
any governmental guidelines for fraud and<br />
abuse programs, but, as shown, there may<br />
be a perception gap regarding reasonableness<br />
that will hopefully be bridged as both<br />
government agencies and plan sponsors<br />
become more experienced in this area. For<br />
example, taken literally, certain aspects of<br />
CMS’ Part D fraud and abuse guidance are<br />
virtually impossible to administer. CMS does<br />
not (and cannot as a practical matter) specify<br />
how and to what extent, for instance, plan<br />
sponsors should “monitor” and “investigate”<br />
downstream entities, such as drug wholesalers<br />
or PBMs. Typically, a plan sponsor will not<br />
have practical or legal access to the books,<br />
records, or data of such downstream entities<br />
nor will it have the expertise to review such<br />
records and data even if it were to have access.<br />
A plan sponsor will typically have little ability<br />
to determine whether a downstream entity<br />
is properly calculating true out-of-pocket<br />
costs for drugs or whether a pharmaceutical<br />
manufacturer’s relationship with a physician<br />
may violate federal law.<br />
Likewise, CMS does not explain how a plan<br />
sponsor might, for example, go about reviewing<br />
or investigating transactions between<br />
pharmaceutical manufacturers and physicians<br />
for purposes of identifying “inappropriate<br />
transactions” or “illegal remuneration<br />
schemes.” Plan sponsors typically do not have<br />
access to information that would allow them<br />
to even begin to identify such transactions or<br />
schemes. Thus, it does not seem reasonable<br />
for CMS to expect significant “monitoring”<br />
or “investigating” of any entities other than<br />
the “first tier” entities with which the plan has<br />
direct day-to-day interaction (e.g., network<br />
pharmacies and physicians). CMS’ expectations<br />
and guidance will likely moderate over<br />
time.<br />
Indeed, HHS-OIG’s audit work tends to<br />
prove that plan sponsors are generally unable<br />
to investigate once-or-more-removed entities<br />
with any vigor. In another October 2008<br />
audit, HHS-OIG reviewed the fraud and<br />
abuse reporting data from 86 plan sponsors<br />
to determine what types of fraud and abuse<br />
the plans were identifying and what they were<br />
doing in response. 25 Although the general<br />
results of this audit are not terribly interesting<br />
— some plans identify and report more<br />
fraud and abuse incidents than others — the<br />
results of the type-of-fraud survey show that<br />
most identified incidents result from “direct”<br />
interaction with the plan sponsor (e.g.,<br />
improper billing being the most prevalent<br />
type of fraud and abuse identified). In<br />
contrast, and unsurprisingly, the plan sponsors<br />
identified very few “downstream” types<br />
of fraud and abuse by entities not in direct<br />
contractual privity with the plan sponsors<br />
such as illegal renumeration, bribes, inappropriate<br />
formulary decisions, manipulation<br />
of “true out-of-pocket costs,” or inappropriate<br />
manufacturer sales techniques.<br />
The most reasonable approach for all fraud<br />
and abuse compliance would seem to be that<br />
exemplified in the Medicaid HMO contractual<br />
language set forth above. It is reasonable<br />
to ask government-contracted plans to monitor,<br />
investigate, and resolve fraud and abuse<br />
issues with their direct networks of providers,<br />
members, or others (e.g., PBM’s) for which<br />
the plan has reasonable access to claims data,<br />
medical records, and similar information. It<br />
is also reasonable to expect that plans analyze<br />
and monitor their claims data for aberrations<br />
or patterns indicative of fraud and abuse.<br />
Indeed, at least based on anecdotal information,<br />
Part D plans seem to be structuring<br />
their fraud and abuse compliance plans<br />
assuming that they are responsible for reasonable<br />
outward-looking fraud and abuse efforts<br />
focused on entities with which the plan has a<br />
direct relationship.<br />
Elements of a reasonable program<br />
CMS and Medicaid programs will continue<br />
to require specific, unique fraud and abuse<br />
program components, but a reasonable<br />
outward- or downstream-looking fraud and<br />
abuse investigation program generally will<br />
include the following, scalable elements:<br />
n Monitoring. A “fraud hotline” for members<br />
and providers to report fraud or abuse<br />
by providers and other downstream entities<br />
will be of obvious utility. Depending<br />
on the size of the plan, a dedicated<br />
Medicare or Medicaid fraud hotline might<br />
be warranted. The hit and miss nature of<br />
relying on ad hoc “tips” or “leads” from a<br />
fraud hotline will not be entirely sufficient<br />
for compliance purposes, however. A plan<br />
will want to demonstrate a regularized,<br />
data-driven monitoring process by which<br />
it looks for aberrational billing patterns<br />
based on recognized pattern-detection<br />
methods, for example, peer-group analysis<br />
(e.g., identifying those physicians who<br />
perform the most services per patient and<br />
conducting further investigation). A plan’s<br />
data analysis should also include a specific<br />
focus on claims or risk areas associated<br />
with government-contracted claims or<br />
members.<br />
n Investigating. Depending on the size of<br />
the plan, a qualified, dedicated investigative<br />
staff may be required. The days of<br />
assigning a provider relations employee<br />
to “follow up” on allegations of provider<br />
fraud are over. The investigative function<br />
should be performed by trained personnel;<br />
the specialized skills necessary for<br />
the function are now widely recognized<br />
and accreditation is becoming the norm.<br />
Again, this is a function that could be outsourced<br />
for smaller plans. For example,<br />
using criteria of years of experience,<br />
continuing education, and an examination,<br />
the National <strong>Health</strong> <strong>Care</strong> Anti-Fraud<br />
Continued on page 60<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
59<br />
March 2009
Increased government oversight of managed care plans ...continued from page 59<br />
<strong>Association</strong> (NHCAA) has certified over<br />
200 individuals in the private and government<br />
sectors as Accredited <strong>Health</strong>care<br />
Fraud Investigators since 2002. NHCAA<br />
is a coalition of private payers and law<br />
enforcement agencies created to address<br />
health insurance fraud, Annual surveys<br />
of NHCAA member plans show that the<br />
typical respondent’s recovery-to-cost ratio<br />
is usually in the 2:1 range.<br />
n Reporting. Policies and procedures on<br />
how, when, and whom to report potential<br />
fraud and abuse in compliance with<br />
governmental expectations are essential.<br />
Establishing and documenting guidelines<br />
for reporting potential fraud by a government-contracted<br />
health plan are important<br />
parts of a compliant fraud and abuse plan.<br />
Not only should objective guidelines be<br />
put in place, the reporting function should<br />
be insulated from the influences of other<br />
business units whose interests may not<br />
be entirely congruent with respect to a<br />
provider, for example, engaged in abusive<br />
billing behavior but who otherwise is held<br />
in favor by the plan for whatever reason.<br />
n Risk prioritization. A governmentcontracted<br />
health plan should prioritize its<br />
monitoring and auditing activities based<br />
on risk assessments. This risk assessment<br />
and the resultant prioritization of auditing<br />
should be documented and should include<br />
specific reference to risk factors associated<br />
with the government plan at issue.<br />
These are the general elements of an effective<br />
outward-looking fraud and abuse function<br />
for any government-contracted health plan.<br />
CMS and state Medicaid-related agencies will<br />
undoubtedly come up with more exacting<br />
specifications, but Medicare and Medicaid<br />
health plans can anticipate that the above will<br />
comprise the core of their fraud and abuserelated<br />
compliance obligations.<br />
The independent business case<br />
There is also a business case to be made for<br />
provider-focused fraud and abuse programs<br />
by health plans. In the experience of private<br />
health insurance plans that have dedicated<br />
provider-focused antifraud programs,<br />
the average private payer recovers claims<br />
payments at an approximately 2:1 ratio to<br />
expenses. 26 Imputed savings (e.g., claims denials,<br />
effect of terminating a network provider<br />
for fraud) and deterrent effects further<br />
enhance the benefit side of the ratio.<br />
Another, albeit intangible, compliance-related<br />
benefit can result from a health plan’s establishing<br />
a vigorous externally-focused antifraud<br />
function. SIUs in health plans with strong<br />
antifraud programs tend to develop good<br />
working relationships with state and federal<br />
law enforcement types. Often, providers who<br />
defraud government programs simultaneously<br />
defraud private insurance plans and in<br />
a number of instances, law enforcement has<br />
included private insurance claims as part of a<br />
Medicare or Medicaid case. Those same law<br />
enforcement types in a given locality may be<br />
the ones asked to look at a health plan’s activities,<br />
when allegations of impropriety arise.<br />
A health plan’s historically strong working<br />
relationship with law enforcement can be a<br />
useful thing when it is the plan’s conduct that<br />
is under scrutiny.<br />
Conclusion<br />
In light of the converging requirements for<br />
fraud and abuse programs for governmentcontracted<br />
plans (whether Medicare or Medicaid)<br />
focused on providers and “downstream”<br />
entities, a plan’s actual performance in<br />
detecting and reporting fraud in its provider<br />
networks and beyond will soon be on the<br />
government’s compliance checklist. For<br />
instance, CMS will undoubtedly react to the<br />
GAO’s recent recommendation for increased<br />
auditing in this area and the HHS-OIG Work<br />
Plan expressly provides for reviews of plan<br />
sponsors’ fraud and abuse-related compliance.<br />
This is an evolving area of compliance and the<br />
related audit experience is minimal. Government<br />
contracted Medicare and Medicaid<br />
plans, particularly smaller to mid-sized plans<br />
that have not historically conducted robust<br />
antifraud operations, should consider whether<br />
their fraud and abuse programs are sufficient<br />
for purposes of monitoring, investigating, and<br />
reporting fraud and abuse by its providers<br />
and other downstream entities. Although the<br />
CMS and typical state Medicaid fraud and<br />
abuse requirements are a mix of the useful,<br />
the obvious, and the sometimes unreasonable,<br />
they are coherent enough such that<br />
government-contracted health plans should<br />
address these fraud and abuse issues in their<br />
overall compliance efforts in anticipation of<br />
increased audit and oversight activity in these<br />
areas and for sound business reasons. n<br />
1. See “Prosecutors Look Beyond False Claims Act to Fight <strong>Health</strong> <strong>Care</strong><br />
Fraud,” <strong>Health</strong> <strong>Care</strong> Daily Report, vol. 13, No. 66 (BNA April 7,<br />
3008).<br />
2. Pub. L. No. 108-173, 117 Stat. 2066 (2003).<br />
3. Manual § 20<br />
4. HHS-OIG FY 2009 Work Plan, at 36 (October 1, 2008). The Work<br />
Plan can be found at www.oig.hhs.gov/publications/docs/workplan/2009/WorkPlanFY2009.pdf<br />
5. Manual § 50.2.1.<br />
6. Manual § 70.1.2.<br />
7. Id. § 70.1.3.<br />
8. Id. § 70.1.4.<br />
9. Id. § 70.1.5.<br />
10. Id. § 70.1.6.<br />
11. Id. § 50.2.1.2.<br />
12. Id. § 50.2.1.2.<br />
13. GAO, “Medicare Part D: Some Plan Sponsors Have Not Completely<br />
Implemented Fraud and Abuse Programs, and CMS Oversight Has<br />
Been Limited,” (GAO-08-760) (August 2008).<br />
14. Id. at 6-7.<br />
15. HHS-OIG, “Oversight of Prescription Drug Plan Sponsors <strong>Compliance</strong><br />
Plans,” Report OEI-03-08-00230, available at www.oig.hhs.gov/w-new.<br />
asp (10-31-08 reports) (accessed November 4, 2008).<br />
16. Id., Appendix II (Letter from CMS to GAO) (“[T]here have not been<br />
sufficient additional resources to allow the MEDICs to engage in the<br />
types of audit oversight activities originally envisioned at the onset of the<br />
program.”).<br />
17. Fed. Register Vol. 72, No. 233 at 68706.<br />
18. Id.<br />
19. Guidelines, at 39-40.<br />
20. Id. at 40.<br />
21. Id.<br />
22. See 42 U.S.C. § 1396d.<br />
23. GAO Medicare Part D: CMS Oversight Report (GAO-08-760), at 22.<br />
24. Manual § 20 (Overview). Id.<br />
25. HHS-OIG, “Medicare Drug Plan Sponsors’ Identification of Potential<br />
Fraud and Abuse,” Report OEI-03-07-0380, available at www.oig.hhs.<br />
gov/w-new.asp (10-31-08 reports) (accessed November 4, 2008).<br />
26. NHCAA Annual Survey, available to members.<br />
March 2009<br />
60<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
New HCCA Members<br />
The <strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong><br />
welcomes the following new members and<br />
organizations. Please update any contact<br />
information using the Member Center on the<br />
Web site, or e-mail Karrie Hakenson<br />
(karrie.hakenson@hcca-info.org) with<br />
changes or corrections.<br />
Hawaii<br />
n James F. Kahler, MBA PT COSC, Hale<br />
Makua<br />
n Patricia Lee, Kaiser Permanente<br />
n Ernest J.T. Loo, Goodsill Anderson Quinn<br />
& Stifel LLP<br />
Idaho<br />
n Steven Bradley Pitts, Attorney, Law Office<br />
of Steven Pitts, P.A.<br />
Ilinois<br />
n Judith Blacklidge, Loyola Univ <strong>Health</strong> Sys<br />
n Vivian Downing, BroMenn <strong>Health</strong>care<br />
n Phyllis Gedzun, Midwest Physicians<br />
Alliance<br />
n Ellen S. Green, RHIA CCS-P, Rush<br />
University Med Ctr<br />
n Karen A. Hawthorne, Children’s<br />
Memorial Hospital<br />
n Agnes Hernandez, RHIT, Rush University<br />
Med Ctr<br />
n Sarah D. Hocking, JD, Carle Foundation<br />
Hospitol<br />
n Kelly Barar Keeler, MPPA, Alexian<br />
Brothers <strong>Health</strong> System<br />
n Erin M. Kinahan, Lake Forest Hospital<br />
n Susan Kramer, Heart <strong>Care</strong> Centers of IL<br />
n Brad Masterson, RHIA, Southern Illinois<br />
<strong>Health</strong>care<br />
n Chris F. Palazzolo, CVS-<strong>Care</strong>mark<br />
n Joyce Shannon, MetroSouth Medical Center<br />
n Jeffrey N. Teske, JD, Advocate <strong>Health</strong><br />
<strong>Care</strong><br />
n Cozette Trela, Heart <strong>Care</strong> Centers of IL<br />
n Margaret Zonca, MS, MBA, JD,<br />
Northwestern University<br />
Indiana<br />
n Ms. Mary Pat McCallister, CPC MCS-P<br />
PCS, University Radiological Assoc<br />
n Lisa P. McDonough, CPC CCP, Humana<br />
n Kimberly Patton, DePuy Orthopaedics Inc<br />
n Ms. Faith L. Pottschmidt, IN Univ<br />
Iowa<br />
n Kathy Bamman, Genesis <strong>Health</strong> System<br />
n Suzie A. Berregaard, JD, NHA, SPHR,<br />
Hospice of Central IA<br />
Kansas<br />
n Shannan Flach, Wamego City Hospital<br />
n Terri Gehring, Memorial Hospital, Inc.<br />
n Denise L. Klimek, MT ASCP, Mercy<br />
Regional <strong>Health</strong> Center<br />
n Dan Roehler, Argus <strong>Health</strong> Systems<br />
Kentucky<br />
n Donna T. Astudillo, MBA CPC CCP<br />
MHP, Humana<br />
n Jamie A. Burnett, RN, Univ Physician<br />
Associates<br />
n Terri L. Clark, BA MHP, Humana<br />
n <strong>Care</strong>y Coleson, Humana Inc.<br />
n Shelly Denham, BSN, Univ Physicians Massachusetts<br />
Associates<br />
n Beth R. Belt, Deloitte & Touche<br />
n Derek Dennison, CPA, MBA, Twin Lakes n Kate Bolland, <strong>Health</strong> Dialog<br />
Regional Med Ctr<br />
n Rosa Chiacchierarelli, CHC, <strong>Health</strong>drive<br />
n Tracy Farley, Jewish Hospital & St. Mary’s Medical & Dental Practices<br />
<strong>Health</strong><strong>Care</strong><br />
n Helen G. DeRosa, Fresenius Medical <strong>Care</strong><br />
n Rhonda Hoffman, Jewish Hospital & St. NA<br />
Mary’s <strong>Health</strong><strong>Care</strong><br />
n Deborah Drexler, UMass<br />
n Sharon E. Jones, NHC, Norton<br />
n Sheila Murphy Fireman, Harvard Pilgrim<br />
<strong>Health</strong>care<br />
<strong>Health</strong><strong>Care</strong><br />
n Anthony Leachman, Jewish Hospital n Judith Flynn, Partners Home <strong>Care</strong><br />
n Jeffrey T. Lewandowski, MBA MHP, n Eileen Gibbons<br />
Humana Inc<br />
n Linda S. Hanna-Casey, Caritas Christi<br />
n Ed Miller, Jewish Hospital & St. Mary’s <strong>Health</strong>care System<br />
<strong>Health</strong><strong>Care</strong><br />
n Luke Igweobi, Dana-Farber Cancer<br />
n Elizabeth L. Muse, RN, BSN, CPC,<br />
Institute<br />
Norton <strong>Health</strong>care<br />
n David McLoon, Franciscan Hospital for<br />
n Stephanie L. Redfern, U of L Hospital Children<br />
n Ann Shircliff, CPC CCP PCS, Humana<br />
Continued on page 62<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org<br />
n Furqan Siddiqui, MD, Univ of Louisville<br />
Hospital<br />
n Trinia Simmons-Hill, University of<br />
Louisville<br />
Louisana<br />
n John J. Finn, Ph D, Self-Client<br />
Comm<strong>Care</strong> Corporation<br />
n Byron Johnson, Navigant Consulting, Inc<br />
n Phyllis Krebs, Lafayette General Med Ctr<br />
n Larry Smith, United Medical Rehab Hosp<br />
Maryland<br />
n Shallie Bryant, MedStar <strong>Health</strong><br />
n Andrea B. Cherenzia, <strong>Care</strong> First BCBS<br />
n Mary Flanery, CPC, Medstar<br />
n Kristen Geissler, Navigant Consulting<br />
n Margaret E. Henry, Practice Dynamics Inc<br />
n Frederick R. Herman, Univ of MD<br />
Medical Center<br />
n Mark Loper, Coventry Hlth <strong>Care</strong> Inc<br />
n Shari LoPresti, Harford Primary <strong>Care</strong><br />
n Sharon McNamara, BSN, JD RN,<br />
Erickson Retirement Communities<br />
n Michelle Russell, Catalyst Rx<br />
61<br />
March 2009
New Members ...continued from page 61<br />
n Laurie A. Richard, BS CHC, Univ MA<br />
Med School<br />
n Michael P. Taylor, RN MS, Shaughnessy<br />
Kaplan Rehab Hosp<br />
Michigan<br />
n Laurel Berends, CHC, Spectrum <strong>Health</strong><br />
United Hospital<br />
n Kathleen Carolin, Karmanos Cancer<br />
Center<br />
n Colleen C. Cohan, Blue <strong>Care</strong> Network of MI<br />
n Joyce DeNooyer, Bronson Methodist Hospital<br />
n Frances E. DeVos, Henry Ford <strong>Health</strong> Sys<br />
n Kim Dorotinsky, CPC, Spectrum <strong>Health</strong><br />
n Allie Galovich, Lakes Surgery Center<br />
n Nancy J. Hay, Henry Ford <strong>Health</strong> System<br />
n J Fabiana Johnson, BA, University of<br />
Michigan<br />
n Allison Reynolds, J.D., Residential Home<br />
<strong>Health</strong>, LLC<br />
Minnesota<br />
n Gary A. Danisch, BCBS Northern Plains<br />
Alliance<br />
n Bethan Davies, Medica<br />
n Camilla Emmans<br />
n Joey Filipiak, Summit Orthopedics LTD<br />
n Carrie A. Hogan, BCBS of MN<br />
n Susan Humiston, Leonard Street and<br />
Deinard<br />
n Lisa M. Kampa, Gillette Children’s<br />
Specialty <strong>Health</strong>care<br />
n Marcia Miller, <strong>Health</strong> Law Institute,<br />
Hamline University School of Law<br />
n Sue Ricker, VA Medical Center<br />
n Paul Rosol, CFSA, CISA, CFE, Jefferson<br />
Wells<br />
n Michael J. Rugani, JD, Fairview <strong>Health</strong><br />
Services<br />
n Sherrie Schiebe, Zimmer Spine, Inc<br />
n Mary Ward, Mille Lacs <strong>Health</strong> System<br />
Mississippi<br />
n Mary Curtis, Curtis Management Services<br />
n Gregory Olivier, MHA, Hancock Medical<br />
Center<br />
Missouri<br />
n Rose Dennis, RHIT, Saint Luke’s<br />
Northland Hosp<br />
n Ms. Christie M. Holm, MS, Tri-County<br />
Mental Hlth Svc, Inc<br />
n Ms. Linda A. Jesberg, RN, BSN, CPC,<br />
Barnes-Jewish Hospital<br />
Montana<br />
n Haley B. Denzer, Great Falls Clinic<br />
North Carolina<br />
n Fran Anderson, Rutherford Hospital,Inc.<br />
n Kimberly Ashburn, Novant Medical<br />
Group<br />
n Karen A. Cole, MBA CPC CCP, HMR Inc<br />
n Kathryn Dever, Carolina’s Medical Center<br />
n Vivian Ette<br />
n Nancy Hall, Novant Medical Group<br />
n Veronica Hodges, Novant Medical Group<br />
n Adriane B. Jarvis, Novant <strong>Health</strong><br />
n Laura Leonard, Novant Medical Group<br />
n Ronald May, MD, Craven Regional Med<br />
Center<br />
n Tiffany McCluney, Novant Medical<br />
Group<br />
n Deborah Pondexter, Novant Medical<br />
Group<br />
n Lorraine Schumacher, Novant Medical<br />
Group<br />
Your HCCA Staff<br />
Sarah Anondson<br />
Graphic Artist<br />
sarah.anondson@hcca-info.org<br />
Gary DeVaan<br />
IT Manager/Graphic Artist<br />
gary.devaan@hcca-info.org<br />
Margaret Dragon<br />
Director of Communications<br />
margaret.dragon@hcca-info.org<br />
Darin Dvorak<br />
Director of Conferences<br />
and Exhibits<br />
darin.dvorak@hcca-info.org<br />
Wilma Eisenman<br />
HR Director/Office Manager/<br />
<strong>Compliance</strong> Officer<br />
wilma.eisenman@hcca-info.org<br />
Nancy G. Gordon<br />
Managing Editor<br />
nancy.gordon@hcca-info.org<br />
Melanie Gross<br />
Conference Planner<br />
melanie.gross@hcca-info.org<br />
Karrie Hakenson<br />
Receptionist<br />
karrie.hakenson@hcca-info.org<br />
Elizabeth Hergert<br />
Certification Coordinator<br />
elizabeth.hergert@hcca-info.org<br />
Patti Hoskin<br />
Member Relations<br />
patti.hoskin@hcca-info.org<br />
April Kiel<br />
Member Relations<br />
april.kiel@hcca-info.org<br />
Meghan Kosowski<br />
Receptionist<br />
meghan.kosowski@hcca-info.org<br />
Caroline Lee Bivona<br />
Project Specialist<br />
caroline.leebivona@hcca-info.org<br />
Shawn Leonard<br />
Webmaster/Privacy Officer<br />
shawn.leonard@hcca-info.org<br />
Amy Macias<br />
Member Services<br />
amy.macias@hcca-info.org<br />
Patricia Mees<br />
Communications Editor<br />
patricia.mees@hcca-info.org<br />
Jennifer Power<br />
Conference Planner<br />
jennifer.power@hcca-info.org<br />
Marlene Robinson<br />
Audio Conference Planner<br />
marlene.robinson@hcca-info.org<br />
Beckie Smith<br />
Conference Planner<br />
beckie.smith@hcca-info.org<br />
Roy Snell<br />
Chief Executive Officer<br />
roy.snell@hcca-info.org<br />
Charlie Thiem<br />
Chief Financial Officer<br />
charlie.thiem@hcca-info.org<br />
Allison Willford<br />
Accountant<br />
allison.willford@hcca-info.org<br />
Adam Turteltaub<br />
VP Member Relations<br />
adam.turteltaub@hcca-info.org<br />
Julie Wolbers<br />
Accountant<br />
julie.wolbers@hcca-info.org<br />
6500 Barrie Road, Suite 250<br />
Minneapolis, MN 55435<br />
Phone 888-580-8373<br />
Fax 952-988-0146<br />
www.hcca-info.org<br />
info@hcca-info.org<br />
March 2009<br />
62
Case<br />
Management<br />
& Quality<br />
Coding,<br />
Charge<br />
Capture &<br />
Billing<br />
BESLER<br />
BRIDGE SERVICES<br />
Connecting Everyone<br />
To Support Medical<br />
Necessity & Revenue<br />
Enhancement<br />
Physicians &<br />
Clinical Staff<br />
(Clinical<br />
Documentation)<br />
© 2009 Besler Consulting<br />
The BESLER Bridge<br />
Each admission is medically appropriate. Clinical documentation accurately reflects the patient’s<br />
condition and each claim is billed accurately. How is this possible? It’s the unique BESLER Bridge.<br />
And it could be your solution as well for bridging case management, clinical documentation<br />
improvement and coding with physicians and clinical staff. No gaps. Just optimum results.<br />
Can we build one for you?<br />
BESLERCONSULTING.COM • 877.4BESLER
Corporate<br />
<strong>Compliance</strong><br />
& Ethics Week<br />
May 3–9, 2009<br />
Acting With Integrity<br />
Corporate <strong>Compliance</strong> & Ethics<br />
Week has moved—it will be<br />
celebrated the fi rst full week<br />
in May going forward.<br />
Co-sponsored by HCCA and<br />
the Society of Corporate<br />
<strong>Compliance</strong> and Ethics (SCCE),<br />
the fi fth Corporate <strong>Compliance</strong><br />
& Ethics Week will be celebrated<br />
May 3–9, 2009.<br />
HCCA and SCCE have a number<br />
of items available for purchase to<br />
help spotlight compliance and<br />
ethics in your organization. Place<br />
your order by Friday, April 17, to<br />
ensure delivery before this event.<br />
Order at www.hcca-info.org or<br />
www.corporatecompliance.org, or<br />
call the <strong>Compliance</strong> Week Order<br />
Fulfi llment Center at 877 646 9226.<br />
Official poster for Corporate<br />
<strong>Compliance</strong> & Ethics Week<br />
20" x 28" glossy color poster<br />
$6.25 ea. (min. order 10)<br />
Six colorful glossy posters, 20" x 28",<br />
each showcasing a different ethical<br />
message. New this year, the Corporate<br />
<strong>Compliance</strong> & Ethics Week logo is on<br />
a perforated strip that can be easily<br />
removed once the celebration week is<br />
over (1 each per 6-pack) $40 per 6-pack<br />
2.5" jelly-smacker stress ball<br />
$4.75 ea. (min. order 5)<br />
Extra-large 3.5" x 3.5"<br />
magnetic star-shaped clip<br />
$2.75 ea. (min. order 20)<br />
Mini 2.5" flashlight with retractable<br />
tether and snap-link ring<br />
$3.50 ea. (min. order 20)<br />
2" x 3.5" solar calculator<br />
$3.50 ea. (min. order 20)<br />
Magnifier bookmark<br />
$1.95 ea. (min. order 20)<br />
Stainless steel mug; insulated<br />
with screw-on, spill-resistant lid<br />
and 15 oz. capacity<br />
$5.50 ea. (min. order 5)<br />
Tri-stic widebody pen (black ink)<br />
$1.99 ea. (min. order 20)<br />
3.5" x 5.25" jotter pad with pen<br />
and business-card sleeve<br />
$4.50 ea. (min. order 5)<br />
Order at www.hcca-info.org or www.corporatecompliance.org<br />
Order before April 17 to ensure delivery by <strong>Compliance</strong> Week!