Steven Baruch - Health Care Compliance Association

Volume Twelve
Number Twelve
December 2010
Published Monthly
Meet the first
CHC-F Candidate:
Steven Baruch
Compliance & Privacy Officer Sutter Health/
Alta Bates Summit Medical Center
page 14
Feature Focus:
Federal medical record
requests: Setting up a RAC
and CERT response team
page 38
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
Earn CEU Credit
www.hcca-info.org/quiz—see page 35
Mobility disabilities: A
technical assistance
manual for health care
providers
page 4
1
December 2010

Global Compliance:
Good for BusinessSM
Hotline
Solutions
Training &
Education
Expert Advice
Expert solutions and insight to
protect your organization’s integrity –
helping you avoid costly and
potentially devastating ethics
and compliance issues.
Performance &
Benchmarking
Learn more about our
complete ethics and
compliance solutions.
Contact us today at
800-876-6023 or contactus@
globalcompliance.com.
December 2010
2
www.globalcompliance.com
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org

Publisher:
Health Care Compliance Association, 888-580-8373
Executive Editor:
Roy Snell, CEO, roy.snell@hcca-info.org
Contributing Editor:
Gabriel Imperato, Esq., CHC
Editor:
Margaret R. Dragon, 781-593-4924, margaret.dragon@hcca-info.org
Copy Editor:
Patricia Mees, CHC, CCEP, 888-580-8373, patricia.mees@hcca-info.org
Layout and Production Manager:
Gary DeVaan, 888-580-8373, gary.devaan@hcca-info.org
HCCA Officers:
Jennifer O’Brien, JD, CHC
HCCA President
Medicare Compliance Officer
UnitedHealth Group
Frank Sheeder, JD, CCEP
HCCA 1st Vice President
Partner
Jones Day
Shawn Y. DeGroot, CHC-F, CHRC, CCEP
HCCA 2nd Vice President
Vice President Of Corporate Responsibility
Regional Health
John C. Falcetano, CHC-F, CIA, CCEP-F, CHRC
HCCA Treasurer
Chief Audit/Compliance Officer
University Health Systems
of Eastern Carolina
Catherine M. Boerner, JD, CHC
HCCA Secretary
President
Boerner Consulting, LLC
Daniel Roach, Esq.
Non-Officer Board Member
to the Executive Committee
Vice President Compliance and Audit
Catholic Healthcare West
Julene Brown, RN, MSN, BSN, CHC, CPC
HCCA Immediate Past President
Director of Corporate Compliance
Innovis Health
CEO/Executive Director:
Roy Snell, CHC, CCEP-F
Health Care Compliance Association
Counsel:
Keith Halleland, Esq.
Halleland Habicht PA
Board of Directors:
Urton Anderson, PhD, CCEP
Chair, Department of Accounting and
Clark W. Thompson Jr. Professor in
Accounting Education
McCombs School of Business
University of Texas
Marti Arvin, JD, CPC, CCEP-F, CHC-F, CHRC
Chief Compliance Officer
UCLA Health Sciences
Angelique P. Dorsey, JD, CHRC
Research Compliance Director
MedStar Health
Brian Flood, JD, CHC, CIG, AHFI, CFS
National Managing Director
KPMG LLP
Margaret Hambleton, MBA, CPHRM, CHC
Senior Vice President
Ministry Integrity, Chief Compliance Officer
St. Joseph Health System
Dave Heller
VP and Chief Ethics and Compliance Officer
Edison International
Rory Jaffe, MD, MBA
Executive Director, California Hospital Patient
Safety Organization (CHPSO)
Matthew F. Tormey, JD, CHC
Vice President
Compliance, Internal Audit, and Security
Health Management Associates
Debbie Troklus, CHC-F, CCEP-F, CHRC
Assistant Vice President
for Health Affairs/Compliance
University of Louisville
Sheryl Vacca, CHC-F, CCEP, CHRC
Senior Vice President/Chief Compliance
and Audit Officer
University of California
Sara Kay Wheeler, JD
Partner–Attorney
King & Spalding
Compliance Today (CT) (ISSN 1523-8466) is published by the Health Care
Compliance Association (HCCA), 6500 Barrie Road, Suite 250, Minneapolis, MN
55435. Periodicals postage-paid at Minneapolis, MN 55435. Postmaster: Send
address changes to Compliance Today, 6500 Barrie Road, Suite 250, Minneapolis,
MN 55435. Copyright 2010 Health Care Compliance Association. All rights
reserved. Printed in the USA. Except where specifically encouraged, no part of this
publication may be reproduced, in any form or by any means without prior written
consent of the HCCA. For Advertising rates, call Margaret Dragon at 781-593-
4924. Send press releases to M. Dragon, 41 Valley Road, Nahant, MA 01908.
Opinions expressed are not those of this publication or the HCCA. Mention of
products and services does not constitute endorsement. Neither the HCCA nor
CT is engaged in rendering legal or other professional services. If such assistance is
needed, readers should consult professional counsel or other professional advisors for
specific legal or ethical questions.
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
INSIDE
4 CEU: Mobility disabilities: A technical assistance manual
for health care providers By David H. Ganz and Gary W. Herschman
New guidance on the accommodations that are required when
providing accessible care for patients with disabilities.
9 RACs are coming to Medicare Advantage, Part D and
Medicaid By Gloryanne Bryant
An expansion of RAC oversight means more time and resources
will be needed and annual work plans may need revision.
10 Provider signature guidelines and solutions: Autograph
please! By Janet Marcus
Verifiable author of record signatures on medical records are key
for continuity of care and smooth claims processing.
13 Social Networking By John Falcetano
14 Meet the first CHC-F Candidate: Steven Baruch, Sutter
Health/Alta Bates Summit Medical Center
An interview by Debbie Troklus
16 Newly Certified CHCs and CHRCs
17 Letter from the CEO By Roy Snell
Whistleblower
22 CEU: The complexity of compliance basics: A CCO’s
pursuit of knowledge By H. Rebecca Ness
Compliance professionals need a wealth of knowledge and more
than ordinary management skills to succeed.
24 The evolving role of the chief compliance and ethics
officer: A survey by the HCCA and SCCE By Adam Turteltaub
Publicly traded, privately held, and non-profit entities vary widely
on factors that affect the independence of compliance professionals.
26 Physician compliance education outside of the hospital
environment By Kia R. Earp
A savvy office manager will keep compliance issues on the radar
and keep the physicians and office staff informed to prevent fraud.
29 Compliance 101: Stark and academic medical centers:
A primer By Kenneth DeVille and Joan A. Kavuru
A broad introduction to basic Stark issues to help compliance
professionals find trouble spots that require further legal assistance.
34 Health care reform and its effect on compliance
programs By Cathy Cahill-Egolf
As the regulatory landscape changes, new methods to combat
fraud, waste, and abuse may change the way we do business.
38 CEU: Feature Focus: Federal medical record requests:
Setting up a RAC and CERT response team
By Michael G. Calahan
An effective, three-step approach to help you stay ahead of the
curve as the number of record requests increases.
42 Patient visits: Reforms increase provider responsibilities
By Angela Miller
Providers are required to make more face-to-face visits and be
prepared to justify billing for services based on medical records.
44 Individual liability for health care fraud: Enforcement
agencies raise the stakes By Gabriel L. Imperato
Recent settlements demonstrate the government’s willingness to
hold individuals accountable, not just organizations.
46 Medicare beneficiaries remain vulnerable to Medicare
Advantage marketing schemes By Mark Stiglitz
CMS is working to remove agents who don’t play by the rules.
49 New HCCA Members
3
December 2010

December 2010
4
Mobility disabilities:
A technical assistance
manual for health
care providers
Editor’s note: David H. Ganz is Of Counsel to
the Sills Cummis & Gross Employment and
Labor Practice Group. David may be contacted
by telephone in Newark, New Jersey at 973/ 643-
4852 or by e-mail at dganz@sillscummis.com.
Gary W. Herschman is Chair of the Sills Cummis
& Gross Health and Hospital Law Practice
Group. Gary may be contacted by telephone at
973/ 643-5783 or by e-mail at gherschman@
sillscummis.com.
On July 22, 2010, the Civil Rights
Division of the US Department
of Justice and the Office for Civil
Rights of the US Department of Health and
Human Services issued Access to Medical Care
for Individuals with Mobility Disabilities, a
technical assistance manual designed to help
persons with mobility disabilities (such as
those who use wheelchairs, scooters, walkers,
or crutches) obtain accessible medical care.
The manual will also assist medical providers
in understanding how the Americans with
Disabilities Act of 1990 (ADA) and Section
504 of the Rehabilitation Act of 1973 (Section
504) apply to them. This article provides an
overview of the new publication, which is
comprised of four parts.
Overview and general requirements
The ADA is a federal law that prohibits
discrimination against individuals with
disabilities in everyday activities, including
access to medical services. Section 504 is
By David H. Ganz and Gary W. Herschman
another federal statute that prohibits discrimination
against individuals with disabilities
in programs or activities that receive federal
financial assistance.
Public hospitals, as well as clinics and medical
offices operated by state and local governments,
are covered by Title II of the ADA.
Private hospitals and medical offices are
covered by Title III of the ADA as places of
public accommodation. Section 504 covers
any of these facilities that receive federal
financial assistance, which can include
Medicare and Medicaid reimbursement.
Titles II and III of the ADA and Section 504
require that medical care providers provide
individuals with disabilities (1) full and equal
access to their health care services and facilities;
and (2) reasonable modifications to policies,
practices, and procedures when necessary to
make health care services fully available to
such individuals, except where to do so would
fundamentally alter the nature of the services.
The ADA sets out requirements for new
construction of, and alterations to, buildings
and facilities, including health care facilities.
These requirements may be found in the
federal regulations. 1 In addition, all buildings
(including those constructed before the ADA
became effective) are subject to accessibility
requirements. For example, under Title II, a
public entity must ensure that its program as
a whole is accessible—a requirement which
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
may entail removing architectural barriers.
Under Title III, existing facilities are required
to remove architectural barriers where such
removal is readily achievable. If barrier removal
is not readily achievable, the entity must make
its services available through alternative methods,
if those methods are readily achievable.
Frequently asked questions
The technical assistance manual answers
eleven commonly asked questions relating to
the provision of medical services to individuals
with mobility disabilities. The topics covered
by these questions are varied, but many
of the answers share a common theme—that
patients with mobility disabilities should be
treated like all other patients.
For example, one of the questions asks whether
a provider can refuse to treat a patient because
the provider does not have accessible medical
equipment. Another asks whether it is permissible
to refuse to treat a patient with a disability
because more time will be spent on his or her
exam, and a third asks whether a patient with a
disability can be made to wait until a particular
room becomes available. A fourth question
asks whether a nurse with a bad back must
nonetheless lift a patient with a disability onto
an exam table. Given that individuals with
mobility impairments are to be treated like
other non-disabled patients, the answers are
not altogether surprising.
The technical assistance manual provides that
generally no service can be denied simply
because a patient has a disability. Nor may a
patient be refused treatment simply because
the exam may take more of the provider’s
time—time which an insurance carrier may
not reimburse—or be forced to wait longer
than other patients, so that a particular exam
table becomes available. Accessibility needs can
be determined in advance so that equipment is
ready for a particular person’s appointment. As

for the nurse with the bad back, the guidance
provides that while staff should be protected
from injury, that concern does not justify the
failure to provide equal medical services to
disabled patients. Staff injuries can be avoided
by providing accessible equipment (e.g., adjustable
exam tables, patient lifts) and training on
proper patient handling techniques.
Several questions address assistants; namely,
whether a patient with a disability must bring
an assistant to the exam, and if he or she does,
whether the assistant must remain in the room
while the patient is being examined and his or
her condition is being discussed. The manual
provides that a patient with a disability can,
if he or she chooses, bring a friend or family
member to the exam, but the patient is not
required to do so. If the patient comes to the
exam alone, then the provider must provide
reasonable assistance (e.g., help with dressing
and undressing, getting on and off equipment)
so that medical care can be delivered. When
the patient brings an assistant, the provider
should address the patient. Whether the
assistant remains in the room for the exam and
ensuing discussion is the patient’s choice.
Other questions concern exam tables. For
example, can a doctor examine a patient who
uses a wheelchair in that wheelchair because he
or she cannot independently get onto an exam
table The answer is generally no, because an
examination in a wheelchair is less thorough
than an exam on a table. The technical guidance
manual makes clear that it is important that the
patient with a disability receives medical services
equal to those received by the patient without a
disability. The manual also addresses the question
of whether an office or clinic with multiple
exam rooms must have an accessible exam table
in every room. The answer is probably not,
as the number of accessible exam tables will
depend on several factors, including the size of
the practice and the patient population.
Two questions deal with the financial cost
of making exam rooms and other parts of
the office accessible to the patient with a
disability: (1) Whose responsibility is it and
(2) Are there tax benefits for making accessibility
changes The manual provides that
both tenants and landlords are responsible
for complying with the ADA, and the lease
may speak to who in particular must make an
accessibility change. As for tax breaks, both
tax credits and deductions are available to
private businesses to offset expenses incurred
to comply with the ADA.
A final question asks what a provider should
do if the staff does not know how to help a
disabled patient. Training is the answer –
training on how to operate accessible equipment,
on how to assist with transfers and positions
of disabled individuals, and on how not
to discriminate. The manual identifies several
resources where such training can be found.
Accessible exam rooms
For the patient with a mobility disability
to receive appropriate medical care, it is
critical that they are able to enter the exam
room, move around, and use the accessible
equipment provided. Features that make an
exam room accessible to the disabled patient
include:
n an accessible route to and through the
room;
n an entry door with adequate clearance
width, maneuvering clearance, and
accessible hardware;
n appropriate models and placement of
accessible examination equipment; and
n adequate floor space inside the room.
An accessible doorway must have a minimum
clear opening width of 32 inches when the
door is opened to 90 degrees. Door hardware
must not require tight grasping, tight pinching,
or twisting of the wrist in order to use it.
The hallway outside the door should be kept
clear of obstacles, such as boxes or chairs.
Once inside the exam room, a patient who
uses a wheelchair or other mobility device
must be able to approach the exam table
and other areas of the room. There must be
sufficient clear floor space next to an exam
table so that a patient with a disability can
approach the side of the table for transfer
onto it. The minimum amount of space
required is 30 inches by 48 inches.
While clear floor space is needed along at
least one side of an adjustable-height examination
table, providing clear floor space on
both sides allows one table to serve both right
and left side transfers (for those individuals
who can only transfer from the right or left
side). Where more than one accessible room
is available, a reverse furniture layout in the
additional room allows for transfers from
either side of the exam table.
Accessible exam rooms should also have
enough turning space for an individual in a
wheelchair to make a 180-degree turn, using
a clear space of 60 inches in diameter or a 60
inch by 60 inch T-shaped space. Chairs and
other objects should be moved to provide
sufficient clear floor space for maneuvering
and turning. Where portable patient lifts or
stretchers are used (as opposed to ceilingmounted
lifts), additional clear floor space will
be needed to maneuver the lift or stretcher.
Accessible medical equipment
To ensure that a person with a mobility
disability receives medical services equal
to those received by a person without a
disability, accessible medical equipment is
important. If a patient must be lying down
to be thoroughly examined, then a person
with a disability must also be examined lying
Continued on page 7
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
5
December 2010

MediRegs ® CCH ®
The
ComplyTrack Suite
Total Solutions for Enterprise
Compliance and Risk Management
Regulatory
Risk Assessment
and
Remediation
Electronic
Survey Tools
& Audit
Templates
Incident
Activity
Management
The
ComplyTrack
Suite
Policy,
Procedure &
Document
Management
RAC and
Claims-Based
Audit
Management
Contract &
Relationship
Management
MediRegs.com
Aspen Publishers
MediRegs ®

Mobility disabilities: A technical assistance manual for health care providers ...continued from page 5
down. Similarly, if an examination calls for a
specialized position, such as a gynecological
examination, then a person with a disability
must be able to access the equipment used for
that examination.
attached to the ceiling and run along one or
more tracks. Free-standing overhead lifts are
supported by a frame that rests on the floor.
They work well when the provider does not
want the lift to be permanently installed or
where the existing ceiling structure cannot
mammography machine will need to adjust
to the individual’s height in the wheelchair or
other chair. For weight scales, the technical
assistance manual recognizes the importance
of a patient’s weight for diagnostics and
treatment, but acknowledges that individuals
Traditional fixed-height tables and chairs
are too high for many persons with mobility
disabilities. Adjustable-height tables are better
suited for them. At a minimum, an accessible
exam table or chair should have (1) the
ability to lower to the height of a wheelchair
seat, 17-19 inches (possibly lower) from the
floor, and (2) features, such as rails, straps,
stabilization cushions, wedges, or rolled up
towels, which stabilize and support a patient
during the transfer and while on the table.
The ability to get on to an exam table is a
function of the patient’s capabilities and
disability, as some persons may be able to
affect the transfer without any assistance, but
others may require help from a staff member
or some other device, such as a transfer board
or patient lift.
support a ceiling-mounted lift.
In some instances, neither a portable lift nor
ceiling-mounted lift is feasible or possible.
Such is the case where, for example, the
medical equipment to be used lacks space to
accommodate a lift or the metal components
of a lift may not be compatible with some
radiologic technologies. In these circumstances,
an adjustable-height stretcher or
gurney may be used. This typically entails a
two-step process in which the patient first
transfers from the wheelchair to the stretcher,
and then from the stretcher to the table.
Radiologic technologies and equipment, such
as MRI, x-ray, CT scan, bone densitometry,
and ultrasound machines present additional
challenges. Because many of the technologies
who use wheelchairs often are not weighed
at the doctor’s office or hospital, because
the provider does not have a scale that can
accommodate a wheelchair. For this reason,
the manual recommends that medical providers
have either a scale with a platform large
enough to accommodate a wheelchair, or a
scale that is already integrated into a patient
lift, hospital bed, or exam table.
Properly trained staff
Although the technical assistance manual
focuses, in large part, on accessible equipment
for people with mobility disabilities, it also
emphasizes the importance of staff training in
helping to ensure that such patients have an
equal opportunity to receive accessible health
care services. Accessible medical equipment
can only do so much, unless staff knows
A transfer board is made of a smooth rigid
material which acts as a bridge between a
wheelchair and another surface, along which
the individual slides. A patient lift is a more
elaborate device, and generally involves a sling,
which is attached to a lift, and positioned under
the patient who is sitting in a wheelchair. Once
the person is moved to the table, he or she is
then lowered onto the table, stabilized, and the
sling is detached from the lift.
are integrated into the table, the table may
not be capable of being lowered sufficiently.
Consequently, a patient lift or other transferand-position
technique is especially important
for access to this equipment. In addition,
many of these technologies require the patient
to keep still, which may be particularly
difficult for some persons with mobility
disabilities. In such circumstances, a staff
person may need to hold on to the patient or
support them with pillows, rolled-up towels,
where it is stored and how to operate it. The
guidance suggests that when new equipment
is acquired, staff should be immediately
trained on its use and maintenance. Similarly,
new staff should be trained as soon as they
are hired, and all staff should receive annual
refresher training regarding the accessible
medical equipment.
Finally, the technical assistance manual
stresses the importance of instructing and
The most common types of lifts in medical
settings are portable lifts. These typically have
a U-shaped base that moves along the floor
on wheels. The base goes under or fits around
the exam table. Although these lifts can be
moved from room to room, they require
more maneuvering and storage space than
overhead lifts, of which there are two general
or wedges.
The technical assistance manual also provides
guidance on two others types of equipment:
mammography equipment and scales. For
mammography, wheelchair-bound patients
and individuals who cannot stand for
prolonged periods of time will have to be
encouraging staff to ask questions of the
patient, such as whether they need help and
if so, how best they can help the individual.
Because people with mobility disabilities use
devices of different types, sizes, and weights,
transfer in different ways, and have differing
levels of physical abilities, understanding
what assistance, if any, is needed and how to
types. Ceiling-mounted lifts are permanently examined while the person is seated, so the
Continued on page 8
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
7
December 2010

Mobility disabilities: A technical assistance manual for health care
providers ...continued from page 7
provide that assistance will contribute to providing safe and accessible
health care for people with mobility disabilities.
HEALTH CARE COMPLIANCE ASSOCIATION’S
15 th Annual
COMPLIANCE
INSTITUTE
April 10–13, 2011
Orlando, FL
The Walt Disney World
Swan and Dolphin Resort
EARLY BIRD
REGISTRATION
Register by or on
January 6, 2011,
and save $575!
AGENDA AVAILABLE & REGISTER AT
www.compliance-institute.org
Conclusion
Access to Medical Care for Individuals with Mobility Disabilities provides
important and helpful information on how to realize the ADA’s
requirement of providing accessible health care to persons with mobility
disabilities. It provides guidance in the form of narrative explanation
and illustrated examples of accessible medical equipment, room and
office configuration, and lifting and transfer equipment and techniques.
The publication should prove to be a valuable resource to both health
care providers who treat patients with mobility impairments and to
those individuals with mobility disabilities who may have encountered
obstacles in the past.
In addition to the practical tips, the manual can also be a source of
authority, if a dispute were to land in court. For example, a mobilityimpaired
individual or the Equal Employment Opportunity Commission
may cite to the guidance in support of a claim that accessible health
care was denied. A provider of medical services may rely on the guidance
as evidence that it complied with the obligations imposed by the ADA.
Courts may also look to the technical assistance manual as support for
its interpretation of what is and is not required by the ADA. 2 However,
the guidance is precisely that—guidance. Courts can also reject it. 3
Nonetheless, the manual provides a valuable resource for health care
providers who seek to comply with the ADA and ensure that individuals
with disabilities receive equal access to care. For those wishing to review
the manual in its entirety, it may be viewed at, and downloaded from,
the ADA website. 4 n
The authors would like to thank Matthew J. McKennan, a law clerk at the
Firm, for his assistance in preparing this article. The views and opinions
expressed in this article are those of the authors and do not necessarily reflect
those of Sills Cummis & Gross PC.
1 See 28 CFR 35.151 (for Title II entities) and 28 CFR Part 36, Subpart D (for Title III entities). Available at www.
ada.gov/reg2.html and www.ada.gov/reg3a.html.
2 See, e.g., Buckley v. Consolidated Edison Co. of N.Y., Inc., 127 F.3d 270, 273 (2d Cir. 1997) (referring to EEOC’s
Technical Assistance Manual on ADA, appeals court states that “EEOC interpretive guidelines ‘while not controlling
upon the courts by reason of their authority, do constitute a body of experience and informed judgment to which
courts and litigants may properly resort for guidance.’”) (quoting Meritor Sav. Bank, FSB v. Vinson, 477 U.S. 57, 65
(1986)), vacated on other grounds, 155 F.3d 150 (2d Cir. 1998) (en banc); Shafer v. Preston Mem’l Hosp. Corp., 107
F.3d 274, 280 n.5 (4th Cir. 1997) (same).
3 See, e.g., Parker v. Metropolitan Life Ins. Co., 121 F.3d 1006, 1014 n.5 (6th Cir. 1997) (en banc appeals court
declines to adopt interpretation found in Department of Justice Technical Assistance Manual, finding that interpretation
inconsistent with regulations and text of ADA), cert. denied, 522 U.S. 1084 (1998); Soileau v. Guilford of
Me., Inc., 105 F.3d 12, n.3 (1st Cir. 1997) (“While this court has found reference to the EEOC Compliance Manual
to be helpful on occasion…the manual is hardly binding.”).
4 See http://www.ada.gov/medcare_ta.htm.
December 2010
8
2011CI_EarlyBird_halfpagevert_ad_2c.indd 1
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
11/4/2010 12:03:30 PM

RACs are coming to
Medicare Advantage,
Part D, and Medicaid
By Gloryanne Bryant, RHIA, RHIT, CCS, CCDS
Editor’s note: Gloryanne Bryant is Regional
Managing Director at HIM Northern California,
Revenue Cycle, Kaiser Foundation Health
Plan Inc & Hospitals. Gloryanne may be contacted
by e-mail at Gloryanne.h.bryant@kp.org.
Yes, the Recovery Audit Contractors
(RACs) are coming to Medicare
Advantage Part C, Part D, and
Medicaid under the oversight of the Centers
for Medicare and Medicare Services (CMS).
Section 1902(a)(42)(B)(i) of the Social
Security Act, requires states to establish programs
to contract with one or more Medicaid
RACs for the purpose of identifying underpayments
and recouping overpayments under
the state plan, and any waiver of the state
plan, with respect to all services for which payment
is made to any entity under such plan or
waiver. Keep in mind that the three-year RAC
demonstration program that was launched in
California, Florida, and New York in 2005
identified roughly $1 billion in Medicare overpayments,
according to CMS reports.
State Medicaid programs will have to contract
with one or more RACs to identify underpayments
and overpayments (and recoup overpayments),
including in-state waiver plans.
Medicaid RAC compensation will be linked
to the payment inaccuracies they are able to
identify, both over- and under-payments. The
Medicaid RAC audits will be separate from
the Medicaid Integrity Program (MIP) audits
that are already being completed by Medicaid
Integrity Contractors (MICs) in many states.
Deborah Taylor, Director and Chief
Financial Officer of CMS’ Office of Financial
Management, told a Congressional panel in
July 1 that CMS is farther ahead in implementing
RAC audits for the Medicare Part
D prescription program for seniors. The new
law requires RACs to ensure plans under
Parts C and D:
n have anti-fraud policies in effect and to
review the effectiveness of such policies;
n examine claims for reinsurance payments
to determine whether plans submitting the
claims incurred costs in excess of allowable
reinsurance costs; and
n review estimates of prescription drug plans
for high-cost beneficiaries submitted by
private plans and compare estimates with
the number of high-cost beneficiaries actually
enrolled in those plans.
The start date for these government activities
is no later than December 31, 2010 according
to the Patient Protection and Affordable
Care Act, section 6411. Thus, the health
care industry can expect to see a significant
expansion of the RAC program. Sen. Tom
Carper (D, Del.) chair of the Senate Homeland
Security and Governmental Affairs subcommittee
on Federal Financial Management,
Government Information, Federal Services and
International Security, encouraged CMS to
meet the December 31 deadline imposed by the
Patient Protection and Affordable Care Act.
Adding to this RAC expansion is that fact
that President Obama signed in July the
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
Improper Payments Elimination and Recovery
Act of 2010, and this may open the door
to more widespread private audits, industry
experts say. The law also would add sanctions
for programs that do not comply.
Your Compliance Committee, RAC Committee,
Health Information Management
(HIM), and Business Office/Billing leadership
should be aware of possible additional
external audits. Compliance staff will need
to make revisions to their annual work
plans to address this expansion as well. So,
we will need to monitor this closely and
wait patiently for the details so we can plan
accordingly. Be sure to include this topic on
the agenda for your next compliance meeting.
Either way, more time and resources will be
needed from providers in the near future. n
Resources:
Fierce Health Finance
(www.fiercehealthfinance.com)
RAC Monitor (www.RACmonitor.com)
AAPC (www.news.aapc.com)
Healthcare Finance News
(www.healthcarefinancenews.com)
Lexology (www.lexology.com)
1. Committee on Homeland Security and Government Affairs Subcommittee
on Federal Financial Management, Government Information, Federal
Services, International Security, United States Senate, July 15, 2010.
Contact Us!
www.hcca-info.org
info@hcca-info.org
Fax: 952/988-0146
6500 Barrie Road, Suite 250
Minneapolis, MN 55435
Phone: 888/580-8373
To learn how to place an advertisment
in Compliance Today, contact Margaret
Dragon: e-mail: margaret.dragon@hccainfo.org
phone: 781/593-4924
9
December 2010

December 2010
10
Provider signature
guidelines and
Editor’s note: Janet Marcus is Director of Revenue
Cycle Services at Sinaiko Healthcare Consulting,
one of the nation’s leading independent
healthc are management consulting firms. She
works with health care organizations nationwide
on a diverse range of compliance issues. For
more information, please go to www.sinaiko.
com or e-mail janet.marcus@sinaiko.com.
The Centers for Medicare & Medicaid
Services (CMS) requires providers
to authenticate the author of record
for all Medicare services provided or ordered.
The author of the entry is the individual
who provided or ordered the service.
Authentication may be accomplished through
the provision of a hand-written or an
electronic signature. CR 5971 (Transmittal
#248), effective retroactively from September
2007, was issued to prohibit the use of
stamped signatures. These requirements
are intended to apply to all providers. As
of March 2008, CMS clarified that stamp
signatures are unacceptable on any medical
record.
Providers of health care services have always
been required to append their signature
to entries in the patient’s medical record
documentation. Specifically, the CMS manual
states “documentation must be dated and
include a legible signature or identity.” The
Federal Register, 42 CFR 482.24, also makes
a similar statement.
solutions:
“Autograph, please!”
By Janet Marcus, CPC
For certain services, in addition to the signature,
the note describing the service ordered
or performed requires a notation of time.
This is particularly true for services:
n which depend on chronological order for
care over a short period of time (this is
most often seen during an acute observation
or inpatient facility stay); or
n where time is a factor for the reimbursement;
or
n to fully describe the extent to which
services were rendered.
Importance of adhering to guidelines
There are more than enough challenges in
today’s health care environment. The most
important reason the signature guidelines
exist is to support appropriate and accurate
patient care. When providers do not take
the time to append their signatures in an
acceptable format, it could potentially have
a negative impact on the continuity of care
for their patients and could also create future
“headaches” as a finding during an audit.
In addition to the challenges of patient care,
it can be difficult to follow all the documentation
and billing rules, submit a clean claim,
and collect an accurate payment for services.
So, after all that hard work, no one wants
their claim to fail an audit due to the lack
of a “proper” provider signature, and no
one wants to suffer the associated potential
consequence of lost revenue.
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
Guidelines
CMS recently published Transmittal 327,
entitled “Signature Guidelines for Medical
Review Purposes,” effective March 1, 2010,
with an implementation date of April 16,
2010. This guidance gives us an inside view
of the requirements various government claim
audit programs may utilize when they review
medical records and claims as part of an audit.
This viewpoint focuses on a claim that has
been submitted for payment and subsequently
selected for audit. The medical record is often
requested as part of that review process.
When the auditor/reviewer is determining
whether signature guidelines have been met,
they may have reason to contact the billing
provider and ask a non-standardized follow-up
question. The auditor may contact the provider
or organization that submitted the claim and
ask if they would like to submit an attestation
statement or signature log within 20 calendar
days. This is another opportunity for the
provider to meet the signature guidelines.
In summary, the guidelines, as stated in the
CMS Program Integrity Manual, Chapter
3, under section 3.4.1.1 D, “Signature
Requirements” and as outlined in Transmittal
327 include:
n Services provided and/or ordered must be
authenticated by the author. (There are
several signature guideline exceptions outlined
in the CMS Transmittal 327 which
can be found at: http://www.cms.gov/
transmittals/downloads/R327PI.pdf);
n Method used may be handwritten or an
electronic signature;
n Stamp signatures are not acceptable;
n Handwritten signatures signify that the
individual who has signed the record has
knowledge, approval, acceptance, or obligation
for the entry;
n For illegible signatures, auditors can
consider evidence in a signature log or

an attestation statement for the purpose
of identifying the author of the medical
record entry; and
n Situations where the auditor may call upon
the provider to inquire if they would like
to submit an attestation statement or
signature log.
Auditors may consider that the handwritten
signature requirement has been met if there is:
n a legible full signature;
n a legible first initial and last name;
n an illegible signature where the letterhead,
or other information on the page indicates
the identity of the signatory;
n an illegible signature accompanied by a
signature log or an attestation statement;
n the initials over a typed or printed name;
n the initials not over a typed or printed
name but accompanied by a signature log
or attestation statement; and
n an unsigned handwritten note where
other entries on the same page in the same
handwriting are signed.
CMS considers an electronic signature as
meeting the signature requirement; however,
they caution providers regarding the potential
misuse or abuse of alternate signature
methods. If your practice is utilizing an
electronic signature on medical records, it is
generally recommended, that the electronic
signature process, policy, and procedure be
reviewed by legal counsel to validate the
accuracy and appropriateness of the process.
Further, a quality review of the electronic
signature process should be conducted along
with validation that the electronic signature
process in place meets all of the required
HIPAA-related guidance.
presented; however, no indication was noted
that the name and credential on the document
was created as the result of secure user
access. In this instance, the signature was not
considered an acceptable final authenticated
signature. In other cases, no indication of the
author is found on the printed record, even
though electronic history would substantiate
the user actually made the entry themselves.
Solutions
To ensure your providers append their
signature according to the guidelines, we
recommend that you start with a review of
your current provider signature procedures.
Identify if there are providers who are
appending illegible hand-written signatures
to their medical records. Depending on the
results of your assessment, changes may need
to be implemented so that the signature
guidelines and “best practice” for your group
of providers is followed.
Developing a corresponding written policy and
procedure that is user friendly will ensure that
new providers have a document they can refer
to, and providers who may need a refresher
have an accessible, accurate policy reference
document. Implementing an internal quality
review process will go a long way to ensure that
the best practice for provider signature, policy,
and procedure are followed.
In situations where there are handwritten signatures,
illegibility has been a long-standing
issue we have observed during our medical
record and claim audits. To combat this issue
we recommend:
n implementation of an electronic medical
record;
n if this is not an option, creation of a signature
log for the “illegible” signors;
n a quality assurance review of the medical
notes for the “illegible” providers, prior
to claims submission, and you address the
issue promptly; and
n review all signature guidelines with providers
and give them an outline of what is
considered an acceptable signature and
what is not.
As Benjamin Franklin once said and, as we
say in health care, “an ounce of prevention is
worth a pound of cure.” n
COMPLIANCE REVIEWS,
CODING SUPPORT SERVICES,
UP-TO-DATE EDUCATION,
REAL RESULTS
By working together, we can help
create this picture in your facility.
Call RMC today!
In our experience, we have observed situations
where the accurate application of the
electronic signature came into question when
a printed copy of the medical record was
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
December 2010
11

ARE YOU
PREPARED
FOR THE
RAC AUDITOR
Take control with a strong defense
December 2010
12
www.compliance360.com
The RAC Auditors will soon be calling on your hospital. The RAC appeals
process is very complex and missed deadlines can result in the automatic
recoupment of your legitimate revenues. To minimize your risk of financial
losses, you need to be prepared with practical, reliable processes and
controls to ensure that critical appeals deadlines are met, with complete,
substantiated information.
Compliance 360 is the leader in compliance and risk management solutions
for healthcare. More than 300 hospitals nationwide rely on us every day to
ensure compliance with legal and industry regulations. Using our unique
software solutions, they are always “audit ready” with both proactive
defenses and the audit management tools needed to ensure successful
audit response and appeals. We are proud to help these healthcare
organizations prevent and contain compliance sanctions and we stand
ready to help you as well.
To learn more about the Compliance 360 Claims Auditor for managing
RAC audits, visit www.compliance360.com/RAC or call us at 678-992-0262
NEEDS A LO
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org

Social Networking
John Falcetano
Editor’s note: John Falcetano, CHC-F,
CCEP-F, CHRC, CHPC, CIA is
Chief Audit/Compliance Officer for
University Health Systems of Eastern
Carolina and Treasurer of the HCCA
Board of Directors. John may be
contacted by e-mail at
jfalcetano@uhseast.com.
This month, I though I would focus on another function of our social
networking site: The ability to blog and comment on particular compliance
topics. Today’s column provides some insight to the world of blogs.
Suj Shah, from Chicago recently blogged about two ways to strengthen
your employee hotline. The following are excerpts from his blog.
Two ways to strengthen your employee hotline
“Fear of retaliation for speaking up about ethical violations in the workplace
not only affects whether workers are willing to report wrongdoing
to management, it drives the level of misconduct itself,” according to a
recent study released by the Ethics Research Center. See Research Brief,
Retaliation: The Cost to Your Company and Its Employees (http://
www.ethics.org/files/u5/Retaliation.pdf).
Second, employees are less willing to report wrongdoing when it is
perceived that the report will not be taken seriously. One of the proposed
amendments to the Organizational Sentencing Guidelines also emphasizes
“taking reasonable steps” in reaction to incidents. See Amendments
to the Sentencing Guidelines: http://www.ussc.gov/2010guid/20100503_
Reader_Friendly_Proposed_Amendments.pdf.
Strengthen your employee hotline by a clear non-retaliation policy and a
commitment to appropriate and timely report follow-up.”
Web 2.0 is about the
new, faster, everyone
connected Internet.
HCCA is embracing this approach and offers you
a number of ways to build out your network,
connect with compliance professionals, and
leverage this new technology. Take advantage of
these online resources; keep abreast of the latest
in compliance news; and stay ahead of the curve.
Dozens of discussion groups and
more than 6,000 participants
http://community.hcca-info.org
Profiles of over 3,800 compliance
and ethics professionals
http://www.hcca-info.org/LinkedIn
Follow HCCA_News to keep up with the
latest compliance news and events
http://twitter.com/HCCA_News
To participate in the discussion, review the comments, or just talk
with your peers, you can access the Social Network site by going to the
following link: www.hcca-info.org/sn n
Connect with compliance and ethics
professionals on Facebook
http://www.hcca-info.org/Facebook
Each resource is 100% dedicated to
compliance and ethics management.
So sign up for whichever one works
best for you, or for all four if you’re
already living the Web 2.0 life.
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
HCCASocialNetworking_halfpage_301nK_CTad.indd 1
December 2010
13
9/2/2010 9:36:00 AM

feature
article
Meet the first CHC-Fellow Candidate:
Steven Baruch, CHC, MA, MPA
Compliance & Privacy Officer
Sutter Health/Alta Bates Summit Medical Center
December 2010
14
Editor’s note: This interview with Steven
Baruch, the first CHC-F Candidate, was
conducted in late summer by Debbie Troklus,
President of the Compliance Certification Board
and Assistant Vice President, Health Affairs/
Compliance, University of Louisville Health Sciences
Center. Steven may be contacted by e-mail
at baruchs@sutterheatlh.org. Debbie Troklus
may be contacted by e-mail at debbie.troklus@
louisville.edu.
DT: Steven, please tell our readers a little
bit about yourself, your background, and
how you got involved in the compliance
profession.
SB: Having completed graduate degrees
in both biological science and health care
administration, I had a long interest in
working in health care operations. Early in
my career, I managed various outpatient and
health care programs. Through that work, I
gained a great deal of experience in reviewing
documentation related to regulatory and
billing requirements.
I later led a project focused on CMS and
OIG documentation at a hospital affiliate
of a health care network. My responsibilities
evolved into leading the implementation of
a comprehensive compliance program at the
hospital. Network leaders recommended
and supported joining HCCA, attending the
academies, and obtaining my certification. I
joined Sutter Health in January 2009.
DT: Tell us about Sutter Health and Alta
Bates Summit Medical Center and its compliance
program.
SB: Alta Bates Summit Medical Center is
the San Francisco East Bay’s largest private,
not-for-profit medical center. Our multicampus
medical center has more than 1,000
beds, 5,000 employees, and 1,000 physicians.
Alta Bates Summit Medical Center is part
of Sutter Health, a not-for-profit health care
network. With 24 affiliated hospitals, relationships
with 5,000 physicians, home health
and hospice services, and education, training,
and research centers, the Sutter Health family
serves patients in more than 100 Northern
California cities and towns.
The Sutter Health compliance program is
always evolving and improving. A 2007 internal
analysis supported significantly expanding
the program. Sutter Health recruited full time,
dedicated compliance officers for the entire
network’s affiliated hospitals and medical foundations,
and expanded staff and resources at
the system level to further advance consistency
and support throughout the organization.
DT: What resources did you use to develop
your compliance program
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
SB: I am fortunate to have a variety of
resources and subject matter experts to call
upon for information and support. I can
reach out to my peer group of compliance
officers and resource support in the Sutter
Health network. I can also contact experts
in HCCA. I regularly access the Health Care
Compliance Professional’s Manual, the CMS
and OIG websites, and documents and strategies
I’ve developed over the years. And, I still
reference my Compliance 101 manual and
Compliance Academy material periodically.
DT: What are some recent successes you have
experienced with your compliance program

SB: I am the first full-time, dedicated
compliance officer at Alta Bates Summit
Medical Center. I am focused on building
strong relationships with employees and
leaders and establishing the Compliance
department as a resource and partner in
supporting the goals of the medical center.
Ensuring that the Compliance department is
included in the planning stages of a project
often can help ensure that goals are achieved.
DT: What do you find to be the most challenging
about your work as compliance officer
SB: Aside from expected workload and
budget challenges, it can also be challenging
while analyzing an issue to ensure that all
stakeholders have the opportunity to share
their thoughts and concerns. A focus on
fostering strong relationships can ensure that
Compliance is considered a partner and a
resource in activities.
DT: What do you see as the most important
traits for a compliance officer to be successful
in the role
SB: I am asked this question frequently by
others considering a career in Compliance. I
believe the most important trait for a compliance
officer is the ability to build relationships
across the large spectrum of people you
will encounter within an organization.
Almost anyone can learn the basics of
compliance laws and regulations; however,
the compliance officer must have the skills to
translate and facilitate the implementation of
these laws and regulations at an operational
level.
Compliance officers must effectively communicate
with executives, business leaders,
clinical teams, and general employees. Each
of these audiences may operate uniquely and
have different goals and expectations.
Although Compliance may not always be
the most popular voice in an organization,
building and maintaining our relationships
with our stakeholders is the key to a successful
compliance program.
DT: Let’s talk for a moment about HCCA.
Why did you join
SB: While I had been doing a lot of compliance
activity early in my career, I had no idea
that there was a dedicated profession and title
for this work. When a previous employer
identified the title and supported joining
HCCA, it was a logical move to support my
career interests.
DT: What benefits has HCCA brought
about for you
SB: I have found tremendous value in
HCCA’s Compliance Academies. These
courses provided important perspective and
education, as well as practical tips that have
helped advance my career as a compliance
officer. HCCA also provides unique opportunities
to network with other compliance
professionals, allowing me to learn from their
experiences, tap their knowledge, share ideas,
and continue to learn and grow professionally.
DT: You have earned your Certification in
Healthcare Compliance (CHC). How has
that helped you in your current role
SB: I believe that compliance, as an
organized profession, continues to grow.
Additionally, health care, as an industry, is
in the midst of a massive transformation.
Earning my certification in health care
compliance establishes my expertise in this
evolving field. The certification also lends
credibility as I work to build strong partnerships
and support the strategic goals of my
hospital and health system. People are often
surprised to learn that there is a professional
organization and certification available for
health care compliance.
DT: Did you attend a Compliance
Academy or study for the CHC on your own
SB: Fortunately, I attended HCCA’s
Compliance Academy to prepare for the
certification exam. The opportunity to spend
five days with knowledgeable professionals
and peers, focusing solely on all aspects of
compliance to study for the exam, was a great
experience. I strongly advocate this approach
with colleagues and others I mentor. I believe
it is the best way to prepare for the exam.
DT: You are the first CHC-F Candidate;
Please tell us what prompted you to apply for
status of Certified in Healthcare Compliance-
Fellowship
SB: I have always sought ways to challenge
myself and continue learning. My family
especially encouraged me to reach for this
goal. Although I was intrigued when the
fellowship was announced, I gave it quite
some thought before choosing to move
forward with the application. Ultimately, the
enthusiasm for our profession I enjoyed after
attending the annual Compliance Institute
each year prompted me to complete the application
process and become more involved
with HCCA.
DT: What was the process of being accepted
into the CHC-F candidate status like for you
SB: I learned that there were no previous
candidates immediately after I had submitted
my application. I was both excited and nervous
about that prospect. I was excited that I
would be challenged by the process and be in
a position to set a standard. At the same time,
I was not certain that I would be accepted. It
was very exciting and a great honor to receive a
telephone call from Roy Snell informing me I
had been accepted as a candidate.
DT: Tell us what you see in the future for
compliance professionals
SB: Compliance departments typically
operate on lean budgets. Given the changes
Continued on page 16
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
December 2010
15

Meet the first CHC-F Candidate: Steven Baruch
...continued from page 15
coming with health care reform, I anticipate
a great deal more scrutiny in health care
compliance. Keeping up with the changes and
the growing workload will be a tremendous
challenge for all compliance officers. I’m
also interested to learn how reform will truly
impact all health care operations budgets in
the next few years.
DT: What advice do you have for individuals
interested in a career in health care
compliance
SB: Talk to a compliance officer! I’d also
definitely consider attending an HCCA
Academy. A clinical, legal, or health care
administration degree doesn’t hurt either.
DT: What do you enjoy most about your
job
SB: I truly enjoy the variety of tasks
that come my way. Very few positions in a
hospital allow you to become involved in
so many aspects of hospital operations. I’m
never bored. I also get to work with many
interesting people, with different backgrounds,
education, and knowledge. I learn
new things every day about clinical issues,
hospital operations, regulations, and laws. n
The CCB offers
certifications in
Healthcare Compliance
(CHC), Healthcare
Research Compliance
(CHRC), and the
Certified in Healthcare
Compliance Fellowship
(CHC-F).
Certification benefits:
n Enhances the credibility
of the compliance
practitioner
n Establishes professional
standards and status for
compliance professionals
in Healthcare and
Healthcare Research
n Heightens the credibility
of compliance practitioners
and the compliance
programs staffed by these
certified professionals
n Ensures that each certified
practitioner has the
knowledge base necessary
to perform the compliance
function
n Facilitates communication
with other industry
professionals, such as
physicians, government
officials and attorneys
n Demonstrates the hard
work and dedication
necessary to succeed in the
compliance field
CCB
The Compliance
Professional’s
Certification
The Compliance Certification Board (CCB)
compliance certification examinations are
available in all 50 states. Join your peers and
demonstrate your compliance knowledge by
becoming certified today.
Congratulations! The following individuals
have recently successfully completed the CHC
certification exam, earning their certification:
Claire A. Arcamone Debbi Mark
Christine W. Austin
Kimberly L. Brandt
Aja M. Brooks
Tracey A. Conley
Paul G. Daniels
Joanne De Sarlo
Annemarie Engelhardt
Amy E. Freitas
Lisa A. Hylton
Angie Iturrino
Terry P. Matherne
Kimberly A. McGuire
Kourtney K. Nett
Jacqueline S. Petro
Joshua L. Proffitt
Carla A. Russo
Kenneth R. Smoot
Brenda Turner
Patrick R. Z. Wilder
Rachel E. Williams
Congratulations! The following individuals
have recently successfully completed the CHRC
certification exam, earning their certification:
Diane M. Bauer
Julia M. Campbell
Paula Carney
Kimberly Dupage
Linda M. Gonia
S. Rebecca Holland
Sheri D. Lindsay
James William Luca
Stephanie G. Madrigal
Blanca A. Malagon
Michael K. Meeks
Gregory A. Pesely
Susan M. Torok-Rood
Bruce A. Uveges
Kenneth F. Winter
Emily B. Wood
For more information about certification, please call 888/580-8373, email
ccb@hcca-info.org, or visit our website at www.hcca-info.org.
December 2010
16
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org

If you have any questions that you would like
Roy to answer in future columns, please e-mail
them to: roy.snell@corporatecompliance.org.
Whistleblower
I had an interesting phone call from another association that wanted
help telling the government about all the problems associated with
the whistleblower provisions of the Dodd-Frank bill. The bill says
that whistleblowers can receive large cash bonuses for turning in a
company, if there is a prosecution. Their concern was that the bill
would cause people to bypass the in-house anonymous reporting
mechanism, because the government was offering money. My first
reaction was one of agreement. Then I realized that we already had a
lot of experience with this situation and something didn’t smell right.
But, we talked quite a bit before it hit me.
I told them that we try to spend the majority of our time helping our
members set up compliance programs to find and fix ethics, policy, and
regulatory problems, so we don’t really get into regulatory lobbying. I also
said that we don’t really want to come down in favor of, or in opposition
to, a regulation we may need to enforce. I mentioned how independence
is the key to our success, and we really need to be impartial.
Then I talked a little about their concerns with her. I really had not
thought about their concerns, so it was interesting. At one point I
said, you know that those who contract with the government have
had this for 150 years, with the False Claims Act. It was set up to fine
those who billed the government for horses but delivered donkeys
during the Civil War (true story). If you pointed out a false claim,
you got bucket loads of money. The False Claims Act was not used for
years, and then an enterprising prosecutor dusted off the 150-year-old
law. Soon there were hundreds of prosecutors using it. For the last
16 years, the government had been actively using the False Claims Act
to fine those who have billed them for things that they didn’t deliver,
such as toilet seats, hammers, and medical services. In fact, so far this
year, the government has received several billion dollars in fines and
penalties with the use of the False Claims Act. Much of that could
have had a significant payout to whistleblowers, if the government
started the case on a tip. The reward is typically in the mid-teens to
low twenty percent range. A couple of
cases resulted in payments to whistleblowers
in the tens of millions of dollars. I told
my caller that we have a lot of experience
with this, but that something didn’t seem
right about their concern that this caused
people to go to the government first. We
have had a lot of experience with the
potential problems associated with paying whistleblowers, and what
impact it has had on the use of internal reporting mechanisms.
The conversation that followed was quite interesting. I said that
although all industries have not had this experience, many have. I told
her, off the top of my head, that few people have ever complained about
the problem of bypassing the internal reporting mechanism. I told her
that I think most people would say that most employees give them a
chance before they report to the government. I said that almost all the
stories I hear about a whistleblower who went to the government came
with a tearful story about how the company ignored them, or worse.
I’ll share a story I had as a consultant. I got a call from someone
who wanted me to educate their leadership. I wanted the job, so I
sent them a price so low that they couldn’t refuse. They refused. Ten
months later I got a call to come to them ASAP. I did. After I did the
training, they said, “Help us implement a better compliance program
ASAP.” I did. While I was there, I inquired as to the reason for the
about–face, and I asked where the person was who originally called
me. They said that the government had announced that they were
going to start an investigation over a potential fraud issue. The person
who picked up the compliance job had been going through the desk
of the recently departed employee and found my proposal. They told
me she left because they would not fix some problems. They told me
she went to the government. They ended up being found guilty of
fraud and paid a $2 million fine. It was a small company, and the fine
had a big impact. Before going to the government, she begged them.
She pleaded with them. She went so far as to ask them to go through
training so maybe then they could understand her concerns. This is
by no means an isolated case. Many whistleblower stories begin with
internal discussions and some receive poor treatment. It’s easy to call
these people names. But before you do, you might think about what
situation we have put them in.
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
ROY sNELL
Can you imagine knowing about the fraud, wondering if maybe the
government would come in and accuse you of knowing about the
Continued on page 18
December 2010
17

Letter from the CEO ...continued from page 17
December 2010
18
problem and not fixing it She might have been thinking that if there
was trouble, her company could decide to throw her under the bus.
Did she really have a choice At the very least, she needed to quit.
You beg, you plead, and sometimes they ignore you. They make you
feel like you are at risk personally and financially for failing to fix the
wrongdoing. Think about it. When you are in the midst of fraud, and
even if the people who don’t “get” your concerns are good people, you
get concerned. You start thinking, “What if I get wrapped up in this”
People in this position panic. They start seeing things very grimly. They
think that they have to go on record as not being a part of this. And if
their leadership won’t stop the problem or listen to them, or worse yet,
starts treating them poorly, they feel they are left with no option.
Because the False Claims Act (with a bounty) has been used extensively,
I called a former OIG agent. I asked him what percentage of
whistleblowers had reported internally first He said, “75%.” I have
since talked to a whistleblower attorney who, remarkably, reported
the exact same percentages. I also talked to another OIG agent. All of
these people deal primarily with cases that are eligible for a bounty and
prefer cases that were reported internally first. They were emphatic
that the reported case was much easier to prove/win. That means that
of the people I talked to, more than 75% of cases that are pursued are
reported internally first.
I also found a special report by the New England Journal of Medicine
entitled “Whistle-Blowers’ Experiences in Fraud Litigation against
Pharmaceutical Companies.” 1 They reported that of the 22 cases they
studied, 18 whistleblowers had given their company a chance first.
Some were ignored. Some were ordered to continue doing what they
were told to do (12 of 22). Wherever you look, the data indicates
that our problem is not that a bounty will cause the undermining of a
compliance program; the problem is that we are ignoring people.
There are many reasons to go to the government that have nothing to
do with money. We can pretend it is the money. We can hope it’s the
money. We can explain away our own failure by saying it’s the money;
but is it really about the money I think the money is a secondary
reason, but the primary reason people do this sort of thing is the way
we treat them and the concern they have about being accused by the
government as being part of the problem.
There are a ton of these stories. In cases like this, almost every whistleblower
story starts with “They were ignored.” Many start with “I was
ignored,” and then they describe the retaliation, shunning, isolation,
and occasionally, firing. After seeing all this, it is very difficult to
understand the concerns about the Dodd-Frank Bill. At first blush, I
would say that the money might cause people to bypass their internal
reporting mechanisms; but upon reflection, it’s really not what I have
seen after 16 years of very close observation.
Here is an excerpt from an interview that Adam Turteltaub, our Vice
President of Membership Development, did with Eric Havian, a
prominent qui tam lawyer.
AT: What motivates people to go outside the company and knock
on your door There’s a supposition that money is the main driver.
EH: The prospect of receiving enough money to replace the lost
income from being blackballed can give a reluctant whistleblower
the incentive to come forward, but money is typically not the main
driver. A number of our clients who have received millions have given
most of it away. The primary motivator for most people is frustration.
By the time a potential client arrives in our office, they typically feel
humiliated and insulted. From their point of view, they have taken
difficult steps to bring a possible violation to light, tried their best to
resolve it—all at great personal risk to their careers. They followed the
Employee Manual. The problem arises when nobody else does.
Initially, their supervisors might not take them seriously. When an
employee persists—a risky decision that is often agonizing—a supervisor
might respond more aggressively, suggesting that the employee won’t
advance or indicating his/her career will end if the employee continues
to pursue the matter. Eventually, word spreads among co-workers that
the employee is a troublemaker. Then he/she is socially isolated. The
employee may become so preoccupied with the matter and so ostracized
from co-workers that the employee’s performance indeed suffers. That
failure may be a sign of strong integrity, not weak capability.
By the time these potential clients arrive in our office, they are so
grateful to have someone who will listen to them with an open mind,
without defensiveness, that they feel renewed and want to stop the
fraud in any way they possibly can. Whistleblowers are often the best
clients. They are respectful and willing to work hard on their cases, and
they scrupulously follow instructions. The reason they come to us is
not just for a potential reward; it’s our willingness to hear what they are
saying. But, the money certainly doesn’t hurt.
AT: What have the whistleblowers typically done internally at their
companies to get their story heard before they come to you
EH: Almost all of them have elevated the issue up the reporting
chain. It is rare that they have not gone at least two levels above their
immediate direct report. Typically they have also approached someone
in Compliance or Human Resources. q
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org

I called Joe Murphy, and before I told him my view, he jumped in and
said that government “bounties” really don’t prevent people from asking
their company to fix the problem first. He said people go to the government
because, when they complained, they were ignored; or that when
they complained, they encountered retaliation. Joe has been promoting
compliance programs prior to any record of compliance programs
existing. He is a very honest man. He is very realistic. I haven’t seen
whistleblowers go to the government first. Joe hasn’t seen it. I’m thinking
that this is a problem that doesn’t exist. It’s a red herring. It’s a shell
game. People are trying to convince us that the Dodd-Frank bill is the
problem, when the problem actually might be.... us.
We should probably spend as much time on following the rules as we do
complaining about them. And the other association is now lobbying against
a regulation that they claim will do something that we have some evidence
that it doesn’t do. What they could be doing is telling their members the
truth. But alas, as the other great genius, Jack Nicolson said, some people
can’t handle the truth. That association’s members are no more likely to
listen to her than they are to listen to their employee who has concerns.
Please excuse the sweeping generalization, but don’t excuse the message.
Many people raise concerns that get addressed. The point is that too
many–far too many–are ignored. They don’t go to the government because
of Dodd and Frank. They are going to the government because of us.
I decided to call this other association back and tell them the truth.
I could have skirted around the issue but I told them that it would
be difficult for us to complain that Dodd-Frank would usurp the
in-house hotline when we have experience to the contrary. Wouldn’t
be too ethical and all that. I was straight with her. She seemed bright
and caring. I said you know, if you really want to make a difference,
you should not go tell Dodd-Frank they are wrong; you should
probably go back and tell your members they are wrong. If you really
wanted to help companies, you should tell them to stop ignoring, or
worse yet, stop treating whistleblowers so poorly.
The ironies here are fascinating. The compliance profession doesn’t
lobby, in part because we feel there is enough lobbying. In fact, if we
spent half of the money that we spend telling the government that they
are wrong on compliance, we just might not get all the regulations we
are getting. It’s bizarre really. We spend billions telling them we don’t
need the regulations they are writing. Back at the office, we break
another law or do something unethical. Then
the government writes a longer law or a new
law. Instead of putting in an effective process
for finding and fixing problems (a compliance
program) we lobby some more, and we fail to
follow the law, because we are distracted with
lobbying, which results in more regulations and
more lobbying, and we miss more problems that
result in more laws and more lobbying and....
Albert Einstein once said, “The definition of
insanity is doing the same thing over and over
again and expecting different results.” If we
want fewer regulations, we should probably stop
doing unethical things and breaking the laws.
Lobbyists have been in DC for eons, and the
government is running out of paper.
Stop spending money trying to get the government to listen to you.
Spend some money on trying to get your management to listen to
your employees. They don’t make themselves whistleblowers – we
make them whistleblowers. To some, whistleblowing is distasteful.
What is really distasteful is making them do it. You will most likely
get a chance before they go to the government; maybe not much of a
chance, but a chance none-the-less. These people are often shy and
fearful. They may not be the best communicators. They probably
don’t have much authority. You really have to be a good listener to
make up for their shortcomings. Most of all, if you are not going to
listen, you really should be sure that they are not treated poorly. It
may not be the money that causes them to go to the government. You
can get the Dodd-Frank bill repealed and you may not have solved the
problem. The money the employee may get really isn’t the problem.
The problem is that you end up paying big fines and taking a huge
public relations hit. It’s in our best interest to listen. n
1. Aaron S. Kesselheim; David M. Studdert; and Michelle M. Mello: Whistle-Blowers’ Experiences in Fraud
Health Care Auditing & Monitoring Tools
More than 100 sample policies,
procedures, guidelines, and forms to
enhance your compliance auditing
and monitoring efforts. Updated
biannually with new tools.
For more information, visit
www.hcca-info.org/books,
or call 888-580-8373.
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
December 2010
19

Data Breach Resolution
RISK ASSESSMENT IN A HITECH WORLD
Navigating your way
through a successful
healthcare data breach
resolution can be a
challenge. The key is
being prepared.
Experian ® can help.
With a proven track record of servicing
over 1,600 data breach incidents in
virtually every industry, Experian has
the experience and resources to help
you steer the way to calm waters.
Risk Defined
Risk is a function of the likelihood of a given threatsource’s
exercising a particular potential vulnerability,
and the resulting impact of that adverse event on the
organization. 1 This is a concept that has long been
wrestled with at many levels of business and government.
Unfortunately, it is a hard concept to grasp…until it
grasps you. It’s all too human to dismiss risk as an
amorphous and intangible possibility, rather than a
very real probability if ignored. This is the crossroad
that we find ourselves at with HITECH and healthcare
privacy and security today.
Why Conduct a Risk Assessment
If one asks themselves why conduct a HITECH Risk
Assessment, today, the answers are surely more
poignant than 5 or more years ago. Whether it is the
increased fines of up to $1.5 million, or the fact that
the State Attorney General can bring a civil action to
your doorstep, or that the Office for Civil Rights (OCR)
is now mandated to conduct audits, there is certainly
a greater air of seriousness and more teeth behind the
legislation.
Conducting a HITECH Risk Assessment
The risk assessment process varies according to an
organization’s particular business needs and available
skills.
However, at its core, the most basic risk assessment
process must answer the questions: What is at risk
What can go wrong What is the probability that it
would go wrong What are the consequences if it
does go wrong
December 2010
20
Risk assessment processes require the definition
and inventory of systems and the business processes
they support; an assessment of potential vulnerability
and threat; a decision to act or not; evaluation of the
effectiveness of the action; and communication about
decisions made.
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org

Once these steps are completed, the process should be
repeated on a regular basis to ensure that the decisions
made and controls implemented remain effective in
reducing risk and meeting business needs and goals.
The Risk Assessment Phases include:
Phase I: Inventory of Systems and Processes
Phase II: Threat and Vulnerability Assessment
Phase III: Evaluation of Controls
Phase IV: Decision
Phase V: Communication and Monitoring
The Incident Preparedness Plan
With the risks as high as they are in some cases, it is
vital that healthcare organizations conduct Incident
Preparedness Planning in conjunction with the Risk
Assessment Plan. This plan should be re-evaluated on
an annual basis. Here are some key considerations for
what should be included in your organization’s Incident
Preparedness Plan:
• Create an Incident Response Team
• Conduct Breach Preparedness Training
• Engage an experienced Data Breach Service
• Choose a provider that will be prepared to handle
the following when a data breach occurs:
3 Handle notification of the breach
3 Conduct Fraud Resolution
3 Provide Call Center Support
3 Provide Reporting
3 Provide Credit Monitoring/Identity Protection
Products and Solutions that include things
such as: Internet Scan and Lost Wallet
solutions that help consumers report,
cancel and reissue items such as, credit, debit
and medical and dental insurance cards
To read the whitepaper in its entirety, please go to
www.experian.com/dbhcca.
Know the Facts
Of the 385 organizations that experienced data
breaches so far this year, 113 were in healthcare. 2
How will your company respond if it happens to you
Know Who to Call
Twenty-five percent of the breaches we have
serviced this year alone have been in healthcare.
With a proven track record of servicing over 1,600
data breach incidents, Experian has the experience
and resources to help you steer the way to calm waters.
READ MORE visit our website
www.experian.com/dbhcca
CALL 866 751 1323 for a FREE consultation
RISK ASSESSMENT IN A HITECH WORLD Written in Collaboration By:
1: NIST Risk Management Guide for Information Systems Special
Publication 800-30
2: Identity Theft Resource Center’s report for July 28, 2010
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
December 2010
21

December 2010
22
The complexity of
compliance basics:
A CCO’s pursuit of
Editor’s note: H. Rebecca Ness is a health care
professional with specific expertise in governance
and compliance. She has 25 years of senior level
management experience in health care and
higher education. As a Compliance Officer and
Governance Director, she designed, developed,
and implemented governance infrastructures,
board education programs, and a corporate
compliance program. Rebecca may be reached at
becness@myfairpoint.net.
Have you ever stopped to think
about the complexity of compliance
basics Pick up any copy of
HCCA’s Compliance Today or other corporate
compliance journal and read the table of
contents. You will find a daunting list of topics
that you as the corporate compliance officer
(CCO) must possess a commanding knowledge
of to keep your organization informed
about current trends, maintain an effective
compliance program, and stay on top of the
proliferation of changes in state and federal
law, as well as all the regulatory agencies that
have a say in running the health care system.
The foundation
First, let’s go back to the starting line where every
CCO professional begins the knowledge quest
marathon. You must be familiar with and have
a working knowledge of the Federal Sentencing
Guidelines (FSG), 1998 OIG Program
Guidance, the 2005 Supplemental Guidance, the
OIG seven elements of an effective compliance
program, and the current OIG Work Plan.
knowledge
By H. Rebecca Ness
The Federal Sentencing Guidelines define
an effective compliance program as one
that “shall be reasonably designed, implemented
and enforced so that the program
is effective in preventing and detecting
criminal conduct.” 1 The two OIG compliance
guidance documents are filed in the Federal
Register, February 23, 1998 2 and January 31,
2005. 3 These documents provide a roadmap
for compliance officers to design an effective
program customized to their organization and
to conduct ongoing evaluation of compliance
program effectiveness. Originating in
the FSG, the seven elements of an effective
compliance program are incorporated in
the OIG 1998 program guidance. These
elements are the essential building blocks for
a compliance program. OIG publishes an
annual Work Plan that outlines a summary of
prospective government initiatives. The OIG
Work Plan, available online, 4 is an essential
tool for individual organizations to identify
and prioritize risk areas within their organization
and develop their own work plan.
The Federal Sentencing Guidelines are a
good example of how government guidance
is a moving target that requires the diligence
of the CCO to remain current with amendments
and recommendations. Created by the
US Sentencing Commission in 1987, the
FSG established uniformity in sentencing
ranges for individual defendants. In 1991,
Congress established sentencing guidelines for
organizations which apply to public, private,
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
and not-for-profit entities. Fines were created
for federal crimes, and this change brought
an enhanced focus on effective compliance
programs to mitigate penalties. In 2004,
further amendments to the FSG impacted
compliance programs through the development
of standards increasing governing body
and executive leadership accountability for
knowledge and oversight of the compliance
program. Additional 2004 amendments focus
on sufficient resources to operate the compliance
program, monitoring and auditing for
effectiveness, as well as communication and
training. In 2005, the US Supreme Court
declared the FSG unconstitutional. Although
mandatory sentencing was overturned, the
FSG are still used to advise the determination
of sentences. The most recent amendments,
which went into effect November 1, 2010,
contain new implications for compliance
programs. Key focus areas include remediation
and restitution as well as establishment of a
direct reporting obligation to the governing
authority.
If you have made it through the above
foundational documents, you are ready to
move into the regulatory environment. Major
compliance regulations that all CCOs must be
familiar with include the Deficit Reduction Act
(DRA), the False Claims Act (FCA), Stark Law,
Anti-kickback Statute (AKS), Health Insurance
Portability and Accountability Act (HIPAA
Privacy and Security), Sarbanes-Oxley Act, the
Emergency Medical Treatment and Labor Act
(EMTALA), Fraud Enforcement Recovery Act
of 2009 (FERA), and IRS Form 990. The complexity
lies in both understanding these basic
regulations and ensuring that your organization
complies with the letter of the law.
The next step for the CCO is to learn the
impact on these regulations of the recently
enacted Health Care Reform Law made up of
the Patient Protection and Affordable Care Act

of 2010 (PPACA) and the Health Care and
Education Reconciliation Act of 2010. In addition,
compliance basics would not be complete
without the numerous fraud and abuse recovery
initiatives and programs that are currently
underway.
While dealing with these external government
and regulatory demands you must develop,
implement, and perform an ongoing review
and update of the operational documents
for your compliance program: the compliance
plan, policies and procedures, code of
conduct, annual risk assessment, and annual
compliance work plan.
Knowledge management
The laws and regulations mentioned above are
all essentials in compliance basics. Developing
this baseline understanding is Compliance 101,
preparing you to implement your own
program. After reading through a recent issue
of Compliance Today, 5 the following topics
are just a few that were discussed:
n Professional coding and “Incident To”
n Fraud and abuse laws
n Meaningful use for electronic health
records (EHRs)
n HIPPA / HITECH compliance
n Hospice care
n Recovery Audit Contractors (RACs)
n Research and clinical studies
n Anti-kickback Statute
n Stark Law
n False Claims Act (FCA)
n Medicaid Integrity Contractors (MICs)
n Internal investigations
n CMS Conditions of Participation
What does this say about the profile of
today’s CCO Should you have a law degree
Should you have formal education in health
care administration, public policy, nursing,
finance, or business administration Should
you be certified in coding, internal audit, risk
management, business ethics, accounting, or
project management The reality of the dayto-day
activities of a CCO suggests that you
need a working knowledge of all the above.
You may be reading this and thinking it is just the
old adage “preaching to the choir.” You already
know the daily myriad of issues waiting to be
addressed when you go to work each day. Apart
from stating the obvious to seasoned CCOs, this
suggests that among the core competencies of
your job description the most important may be
missing – knowledge management.
Knowledge management, a discipline in its
own right, has been discussed and written
about for years. A good summary of this field
is found in the book, Working Knowledge,
How Organizations Manage What They
Know. 6 In addition to distinguishing the
difference between data, information, and
knowledge, the authors discuss the concepts
of knowledge as a corporate asset and linking
knowledge to economic value, business strategy,
work processes, organizational culture,
and employee behavior. Herein is another
complexity faced by today’s CCO: You have
to master the art of linking and leveraging
knowledge of an overwhelming breadth of
content in order to implement and maintain
an effective compliance program, and ensure
the sustainability and enhancement of your
health care organization, as required by
government and regulatory agencies.
Further examination of the CCO profile
reveals the necessity of being an effective
manager. Required management skills include
good communication skills, problem solving,
facilitating change, and analytical thinking.
Developing effective lines of communication
is one of the OIG’s seven elements and one
of the greatest challenges in the basics of
compliance. Because of the varied audiences
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
a CCO addresses, the ability to communicate
through written material, oral presentations,
and listening to others are critical skills to
success. Are you able to summarize the constant
changes in the regulatory environment
to the board of trustees in a succinct manner,
providing the understanding necessary for
them to execute their fiduciary duties, but
not overwhelming them with details Are you
able to present at new employee orientation
or management training sessions in a manner
that makes compliance real and relatable to
the diverse education level of employees
Effective lines of communication also lead
to establishing a culture of compliance that
reaches all employees. Once this compliance
culture is in place, the CCO can more easily
facilitate the organizational changes required
to keep pace with the proliferation of new
laws and regulations.
The ability to think in a methodical and
discerning way, identify cause and effect
patterns, analyze data, and develop the right
solution to a problem defines analytical thinking.
This skill serves the CCO in the role of
change agent when initiating appropriate
processes resulting from an internal audit or
newly enacted federal law.
Successfully navigating compliance basics and
the tidal waves of change in the health care regulatory
environment necessitates the complexity
found in the profile of a successful CCO.
A profession of honor
At the foundation of this complexity of laws,
regulations, plans, policies, and procedures
that make up an effective compliance program,
there is one simple basic premise. Compliance
is living out the value of integrity.
Yes, CCOs have surely seen and heard the
phrase “Compliance is integrity in action.”
Continued on page 47
December 2010
23

December 2010
24
The evolving role of
the chief compliance
and ethics officer
A Survey by the HCCA and SCCE
For more than 15 years, the role of the compliance
and ethics officer has been growing.
What was once an area of responsibility for
a few individuals has grown to a full-fledged
profession.
80%
70%
60%
50%
40%
30%
20%
10%
0%
75%
70%
None
46%
Recent changes to the Federal Sentencing
Guidelines are elevating the importance of
the compliance officer even higher. Under
provisions that went into effect on November
1, 2010, organizations may now receive a
reduction in fines and other penalties, even if
senior executives are involved in the wrongdoing.
However, to obtain that reduction,
“individuals with operational responsibility
for the compliance and ethics program [must]
have direct reporting obligations to the organization’s
governing authority or appropriate
subgroup thereof.”
By Adam Turteltaub CHC, CCEP
12%
7% 8%
9%
This latest change provides governmental
encouragement for the compliance officer to
have a direct line to the board, elevating the
importance of the compliance professional.
Yet, this also raises the risks for compliance
Figure 1
Severance package by type of organization
Less than three
months salary
20%
13% 12%
8% 8%
6%
3% 3%
3 – 6 months
salary
Severance Package by type
Non -profit
For profit, privately held
For profit, publicly traded
7 months to a
year’s salary
More than one
year’s salary
officers. To senior leadership, a compliance
officer may appear to be a potential challenge
to their control of what the board sees.
At the same time, there has been a growing
movement, led in many ways by the US
government, to move compliance out of
the General Counsel’s office and make it a
separate function. Such has been the case
with several high profile settlements.
To assess the impact that these forces have
had on the Compliance office, and the
protection being afforded to the compliance
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
officer, the HCCA and SCCE jointly fielded a
survey of compliance and ethics professionals.
The research focused on the protection
accorded through severance agreements. It
also examined where in the organizational
chart the compliance officer is located.
Findings
Despite the increased emphasis on compliance
and the growing understanding of the
risks associated with the roles, compliance
officers enjoy scant protection when it comes
to severance. Of the more than 800 chief
ethics and compliance officers (CECO)
who responded to the survey, 71% have no
severance package. Of those who did have
a package, roughly one third had just three
months or less.
The story was very different, though for those
working at publicly traded companies. More
than half (54%) of respondents from publicly
traded companies reported having a severance
package, compared with 25% at non-profits and
30% at privately-held organizations (figure 1).
For about a quarter of companies, the
compliance program is housed in the General
Counsel’s office, but here, too, the company
type and industry played an important role.
Figure 2
Compliance is housed in
the General Counsel's office
90%
80%
70%
60%
50%
40%
30%
20%
10%
0%
21%
Non-profit
For profit, privately held
For profit, publicly traded
27%
51%

100% Why is Compliance not a part of the General Counsel's office
90%
80%
70%
60%
50%
40%
30%
20%
10%
0%
86% 85%
50%
Never has been
in GC’s office
8% 7%
21%
Moved some
time ago
Figure 3
7%
1% 1%
Non-profit
Moved because of
FSG requirements
For profit, privately held
For profit, publicly traded
Moved because
of Pfizer CIA
8%
5%
Other
21%
Conclusions and Implications
To act in a truly independent manner, more
compliance and ethics professionals will need
severance packages. Serving as a CECO
requires a great deal of integrity and the
willingness to ferret out wrongdoing wherever
it may occur. That can, at times, include
taking on senior executives and challenging
well-established business practices. This puts
the CECO at risk for termination, or calls for
him or her to resign. The lack of adequate
severance packages leaves compliance and
ethics professionals at great risk, if their
integrity and the company’s plans collide.
Overall, 26% of respondents reported that
compliance was housed in the GC’s office,
but for non-healthcare companies, the figure
was 42%, compared to just 20% for healthcare.
Likewise, publicly traded companies
were much more likely to make compliance
a part of the GC’s office, with 51% reporting
this as the structure. (figure 2).
Just because the compliance function was
located in the GC’s office did not necessarily
mean the CECO was also the GC. Only
about one quarter (26%) of those who
reported that compliance was located in the
GC’s office also reported that the CECO was
the GC as well.
Despite a growing consensus that Compliance
should be independent from the GC’s office
—and despite several settlements requiring
it—companies that run Compliance out of
the GC’s office generally plan on continuing
to do so. Most of them (93%) report that
they have no plan to move Compliance.
For non-profits where Compliance is not a
part of the GC’s office, the separation is not a
recent phenomenon. A large majority (86%)
of those surveyed reported that Compliance
had never been a part of the GCs office, and
another 8% reported that it had moved out of
it that office some time ago (figure 3).
For publicly traded companies, only one half
reported that compliance had never been a
part of the GC’s office. This is a much lower
percentage than either non-profit or privately
held organizations. And, for publicly traded
companies in which Compliance had moved
out of the GCs office, several reported it
had done so because of a corporate integrity
agreement.
EOE/AA. Women, minorities, veterans and persons with
disabilities are encouraged to apply.
© 2010 NAS
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
(Media: delete copyright notice)
Compliance Today
Despite several indications that the US
government is not pleased with compliance
officers reporting to the General Counsel,
there seems to be little movement to change
the organizational chart. Companies that
have Compliance reporting to the General
Counsel appear content to let things remain
as they are. n
To view the complete survey results, visit www.
www.hcca-info.org/EvolvingRole
WE’VE BUILT OUR REPUTATION AS AN
EXCELLENT EMPLOYER, ONE PERSON AT A TIME.
The benefi ts of working at VCU Health System, one of the nation’s top teaching hospitals, are clear. We’re
a Magnet ® hospital and one of Working Mother’s 100 Best Companies. A great place for work/life balance,
we provide outstanding benefi ts that include child and elder care, fl exible work options, extensive medical
benefi ts, competitive pay and prepaid tuition.
HOSPITAL COMPLIANCE AUDITOR
This position will lead the initiative in designing, implementing and performing audits for hospital billing
within VCUHS Compliance Service’s Auditing and Monitoring Program. This position will report to the Director
of Compliance Services, and be responsible for annual work plan proposals based on his/her analysis of
information from the OIG, external enforcement and ongoing risk assessment.
To qualify, you must have:
• Bachelor’s degree in a related fi eld, preferably with a clinical background
• Coding certifi cation
• 3-5 years' experience in a medical center environment
To apply and learn more, please visit our website
www.VCUHS.jobs or contact Tricia Spencer at
tspencer@mcvh-vcu.edu.
December 2010
25

December 2010
26
Physician compliance
education outside
of the hospital
environment
Editor’s note: Kia R. Earp is a Revenue Cycle
Consultant, Revenue Cycle Solutions for Dell
Services, USA. Kia may be contacted by
telephone in Boston, Massachusetts at 617/276-
4025 or by e-mail at Kia_Earp@dell.com.
has become one
of the most frequently used
“Compliance”
terms in health care today—
especially within the hospital environment.
Hospitals are faced with ever increasing challenges
of remaining up to date on all aspects
of health care compliance. This includes all
facets of compliance (e.g., billing, research,
human resources, all Office of Inspector
General focuses, Recovery Audit Contractors,
etc). The full list could take up the remainder
of this page. The role of the compliance officer
and the Compliance department within
the acute care facility is vastly different from
that of the information that is received by
physicians, physician group practices, and
private physician practices.
Fortunately, larger physician group practices
have ties to the medical centers with which
they have relationships. This typically allows
these groups to receive formal compliance
training, and hopefully, the appropriate
required education as well. Unfortunately,
more often than not, physicians only receive
the basics of compliance during their
orientation period, or during a mandatory
annual Compliance session that frequently
only covers the highlights of the aspects of a
By Kia R. Earp, CHC, CCS, CCS-P
well-functioning compliance program. Very
rarely do these educational sessions go into
great detail about how easy it could be for
one of them to commit a simple act of fraud
or abuse.
Independent physician practices with no
“formal” ties to hospitals/health centers are
a population at greatest risk for exposure of
violating compliance rules and regulations.
There are several reasons why this is the case,
many of which could be easily avoided. The
primary reason is lack of communication.
Physician practices, as with most clinicians,
have a primary goal to provide outstanding
patient care. This is the primary concern of
the clinician, as well it should be. In today’s
age of scorecards, dashboards, and physician
measures, there is a competitiveness that
exists, not just between hospitals to provide
excellent care, but for physicians as well. All
of this information is readily available on the
Internet at the click of the mouse, if a patient
decides to conduct research on Dr. Jones
before his/her visit.
As we visualize an independent physician
practice, there is typically some form of
office manager, there may be nursing staff
or medical assistants, possibly phlebotomy
staff, and then physicians. After treatment of
the patient is completed, the next priority in
these smaller offices is collecting money. This
is accomplished by getting claims out the
door as quickly as possible. Unfortunately,
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
documentation may not always support the
medical necessity for the visit level being
billed, or there may be unbundling of procedures
being performed within the setting.
These staff are not trained compliance professionals
and often do not have the knowledge
to know where to search. Subscribing to
periodicals or joining organizations such as
HCCA will allow the office staff to remain
up to date with new rules and regulations as
they are disseminated from the regulatory
authorities. Failure to do so can be interpreted
as fraud and/or abuse. Unfortunately for the
physician, “I didn’t know better” is not a valid
reason for billing for services that were not
performed or appropriately documented.
A savvy office manager can make excellent
use of the office budget by joining HCCA
or other similar, non-medical professional
organizations. I have seen, over the years,
that only a handful of medical professional
organizations/societies do a commendable
job of keeping their membership updated
with rules and regulations as they pertain
to billing, compliance, fraud, and abuse.
By establishing that connection with a
group such as HCCA, Healthcare Financial
Management Association (HFMA), American
Association of Healthcare Administrative
Management (AAHAM), or Medical Group
Management Association (MGMA), the connection
is made, and the individual running
the operations of the office is now tapped into
a wealth of information that might not be
otherwise available to the clerical and clinical
staff. The decision would then need to be
made regarding how and when this information
is distributed to the physicians within
the practice. Even a confident office manager
who subscribes to ten publications and is a
member of five organizations is only as good
as the information that is disseminated to the
clinicians within the practice.

Routine meetings should be set up so that
any important information can be reviewed
with the staff. This is always done best during
downtime when the office has a “slow” day,
rather than a typical busy Monday morning
or “leave early” Friday afternoon.
Physicians have an obligation to not only
remain current and up to date on the latest
medical technology that applies to their
specialty, but to remain current on any issues
that impact their practice—this includes
Compliance. One only needs to pick up a
newspaper and read about a physician being
arrested for some fraudulent or abusive activity.
The majority that we read about in our weekly
updates from HCCA are purposeful and truly
fraudulent. However, there are those who honestly
do not know any better. This population of
clinicians may be attributed to the independent
physician office practice and the true lack of
communication and knowledge that exists
regarding compliance rules and regulations.
One item that every billing clinician should
routinely be required to do is review the
back page of the CMS-1500 Form. 1 There
is a statement that clearly reads “Any person
who knowingly files a statement of claim
containing any misrepresentation or any false,
incomplete, or misleading information may
be guilty of a criminal act punishable under
law and may be subject to civil penalties.”
This is one of the greatest mistakes that
physicians can make. Because the majority of
all billing is completed electronically now, the
physicians’ name is printed in the appropriate
box on the claim form—but by doing so, the
clinician is attesting that all services listed on
the form were performed by him/her. Routine
reminder of that statement brings the physician
staff back to reality very quickly.
A well-informed office can easily accomplish
any of these tasks. As with any compliance
communication or research, time is involved.
An enormous amount of time is spent
reviewing material and clarifying information
contained therein. This is where smaller
independent physician practices may lack the
necessary resources in order to accomplish
this task. Unfortunately, there are several
larger acute care health care systems that can
also make this statement as well. However,
this cannot be used as an excuse to exempt
one self of the obligations of health care
compliance. The information is available.
In addition to organizations and societies,
there are social networking sites available
as well. And of course, we cannot forget
something as simple as “Google©.” Several of
our readers probably lack sophisticated tools
at their facility and may begin their research
just by using Google to begin steering them
in the appropriate direction.
And finally, there is always room for interpretation.
In several areas of compliance, the
answer is as gray as the sky on a cloudy day.
In those instances, additional research must
be conducted. If your research is complicated,
never utilize your initial find. Confirm your
findings by completing additional research.
It is time consuming, but well worth the
outcome if it will avoid fines, exclusion from
CMS programs and more importantly, jail
time for fraud.
There are even more areas where the rules are
extremely specific. Locating them may prove
challenging, however, CMS has an amazing
number of manuals for readers to peruse to
research a myriad of issues during their leisure
time. The best starting point is always the CMS
website. As disorganized as the newly designed
home page may appear to be, it is simple to
navigate, and once you are in the correct section
of the website, locating your information may
prove easier than initially thought.
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
Additionally there is the notorious Federal
Register. Each year the font of the Federal
Register appears smaller and smaller as the
regulations become lengthier and more complex
to manage. This is far more complicated
to dissect than any manual, due in part to the
fact that there are proposed rules and final
rules. If you mistakenly select the proposed
rule, then your hours of research may have
been in vain and your outcomes incorrect.
So, network with other organizations. There
is no shortage of them, but make certain if
you do join one, that it is a reputable one that
provides sound and accurate information.
Also local, regional, and national conferences
can be attended. These are not always 100%
compliance-related, nor should they be for
the smaller office practitioner. Conferences
offer the attendee an excellent opportunity to
learn a great many things regarding clinical
information, fraud and abuse cases, as well as
how to operate more soundly within a rapidly
changing health care environment.
Office managers must communicate with the
physicians in the practice. Failure to communicate
is one of the number one problems,
not just in health care, but in everyday life.
We must communicate clearly, concisely,
and in a manner that does not to confuse
the audience. Hopefully, by improving upon
some of these practices, it will sharpen the
compliance knowledge within the physician
practice that operates outside of the hospital
environment. It will also allow them to gain
greater insight into the “big tornado plus
a typhoon” that we all know and love as
Compliance. n
1 Centers for Medicare and Medicaid Services, C. f. (2008, December
1). CMS-1500 Claim Form Instructions. Retrieved 08 21, 2010, from
CMS-1500 Claim Form Instructions. Available at http://www.medicarenhic.com/providers/pubs/CMS_1500_Claim_Form.pdf
December 2010
27

Essential Insight
According to the American Health
Lawyers Association’s membership
rankings, King & Spalding is the largest
healthcare law firm in the United States.
We achieved this by delivering value and
security to our clients every day.
www.kslaw.com/health

COMPLIANCE
101
Stark and academic
medical centers: A
primer
By Kenneth DeVille, PhD, JD, CIP, CHC,
CHRC; and Joan A. Kavuru, JD, RN
Editor’s note: Kenneth DeVille is a Professor in
the Department of Bioethics and Interdisciplinary
Studies at Brody School of Medicine at East Carolina
University in Greenville, North Carolina. He
serves as the university’s Ethics Liaison to the North
Carolina State Ethics Commission and is an adjunct
member of the Department of Public Health.
He has served as the Chief Compliance Officer for
the School of Medicine, as the university HIPAA
Privacy Officer, and as the Administrative Director
of the university and medical center Institutional
Review Board. He may be contacted by e-mail at
devillek@ecu.edu.
Joan A. Kavuru practices health care regulatory
law and most recently held the position of
Health Care Regulatory Specialist at The Brody
School of Medicine at East Carolina University.
Previously, she founded and served as the
Director of the Office of Compliance as well as
the HIPAA Privacy Officer at East Carolina
University. She recently relocated to the Philadelphia
area and may be contacted by e-mail at
jkavuru@gmail.com.
The Stark federal self-referral statute 1
is well known to experienced compliance
officers and health law attorneys.
Under Stark’s basic tenet, physicians
cannot refer patients for a “designated health
service” (DHS), payable by Medicare, to a
health care “entity” with which the physician
or an immediate family member has a financial
relationship. The referral prohibition is
absolute in the absence of meeting one of a
limited list of specific, and sometimes technical,
statutory exceptions.
Practicing within an academic setting or
faculty practice plan (FPP) does not immunize
practitioners and institutions from the Stark
proscriptions. Indeed, in 2008, Memorial
Health University Medical Center, a teaching
hospital headquartered in Savannah, Ga., agreed
to pay $5.08 million to settle Stark allegations. 2
But, an early revision of Stark created a special
exception for academic medical centers (AMCs)
to account for their unique practice arrangement
(hereinafter “AMC exception”). 3
Teaching hospitals, medical schools, physicianfaculty,
and FPPs are typically linked in an
intricate, ongoing, symbiotic relationship
involving a myriad of leases, service contracts,
research support agreements, shared projects,
and financial transfers. Teaching hospitals
sometimes subsidize the teaching, research,
and service missions of the AMC by providing
grants, subsidies, or other transfers to the
associated medical school. Or, the teaching
hospital may employ faculty physicians to
serve as medical directors or in other administrative
roles. These activities and others that
involve financial relationships between entities
providing DHSs and referring physicians
raise potential Stark concerns and require
the satisfaction of a specific Stark exception.
However, if the elements of the AMC exception
are met, all such financial arrangements
may be permissible under this exception.
Unfortunately, some AMCs and FPPs will not
meet the AMC exception, thereby requiring an
analysis of other Stark exceptions.
This commentary describes the elements of the
Stark AMC exception and outlines the analysis
that practitioners and entities within an AMC
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
will have to pursue when that exception is not
satisfied. Stark remains a complex, highly-technical
statute, and institutions should always rely
on qualified legal counsel to analyze individual
fact patterns. This discussion provides only a
broad introduction to the standard issues and
nomenclature so that compliance officers can
spot issues, develop appropriate policies, create
relevant data bases, and highlight potential
concerns for leadership and their own legal
counsel to address in more detail.
Basic framework of Stark
Stark I, a provision of the Social Security Act,
became effective on January 1, 1992. Narrowly
drawn, it prohibited physicians and other
identified providers from referring Medicare
patients for laboratory services in which the
referring physicians or their immediate families
held a “financial interest” in the lab. So-called
Stark II expanded the law and prohibits
referrals for DHSs to any “entity” in which
the referring physician, dentist, oral surgeon,
podiatrist, ophthalmologist, or chiropractor
has a financial relationship, either through
investments or through compensation.
For purposes of Stark, “compensation” is
construed broadly and includes any remuneration,
payment, discount, or in-kind
benefit paid to the referring physician by the
DHS provider. “Entity” includes the health
provider’s own practices, as well any other
public or private partnership, corporation,
or foundation that provides DHS in return
for CMS reimbursement. DHSs are specifically
delineated and include anything from
laboratory and radiological services, to durable
medical equipment, to home health services
and outpatient prescription drugs. 4 Fines for
Stark violations can reach $15,000 for each bill
submitted to Medicare on a prohibited DHS,
and both providers and entities can be subject
to exclusion from the Medicare and Medicaid
Continued on page 30
December 2010
29

Stark and academic medical centers: A primer ...continued from page 29
December 2010
30
programs. Stark Phase III is the most recent
articulation of the federal anti-referral statute. 5
The Stark Law identifies a number of specific
financial arrangements that may qualify as
“exceptions” to the basic anti-referral prohibition.
It is important to note that these exceptions
are based on very detailed requirements
that must be met precisely in order for the
referral relationship to be deemed legitimate
under Stark. This list of exceptions includes
the AMC exception. 6
Academic medical center exception
Four basic elements must be satisfied to meet
the AMC exception under Stark. First, in
order to constitute an AMC under the exception,
the entity must include:
n an accredited medical school;
n an FPP that is organized as a tax-exempt
organization or is the part of a tax-exempt
organization; and
n a hospital in which the majority of medical
staff are physician-faculty members and in
which a majority of admissions are made
by physician-faculty.
Second, the referring physician who works
within the qualified AMC must be a bona
fide employee of a component of the
academic health center, hold a bona fide
faculty appointment at the medical school,
and provide “substantial” academic or clinical
teaching services for which the faculty receives
compensation. The “substantial” requirement
is met if the physician devotes a minimum
of 20% or 8 hours of the work week to academic
activities, which may include research,
classroom, or clinical teaching responsibilities.
The referring faculty physician’s compensation
must be “set in advance,” not exceed
fair market value (FMV), and not take into
consideration the volume or value of referrals
to any of the components of the AMC.
Additional and specific regulatory guidance
exists on the “set in advance” and FMV
requirements under Stark.
Third, transfers of money not based on
services provided or leases from one entity
within the AMC to another entity or faculty
physician within the AMC must support
the missions of teaching, research, indigent
care, or community service. The relationship
between/among the entities within the AMC
must be articulated in writing and adopted by
the governing bodies of each of the relevant
entities in the AMC. Money paid to a
physician for research by an entity within the
AMC must be used solely to support research.
Fourth, the money transfers made from
one entity to another, or to a referring
faculty physician, may not violate the federal
Anti-kickback Statute. 7 Thus an independent
anti-kickback analysis must also be conducted
before an arrangement can be deemed to meet
the AMC exception. 8 There is very little litigation
or appellate precedent exploring the AMC
exception. But, a federal district court in U.S.
ex. rel. Villanfane v. Solinger et al. has taken a
“relatively flexible approach to interpreting the
various requirements of the AMC exception”
and suggested that the exception will not be
held to “hypertechnical” requirements. 9
Impact and limitations of the AMC exception
The AMC exception, when satisfied, allows
medical schools, FPPs, and affiliated hospitals
to work together to meet the common goal
of teaching, research, and clinical care for
the community without running afoul of
a complicated and frequently burdensome
Stark analysis that otherwise would have to be
resolved on a project-by-project, contributionby-contribution
basis. Quite simply, if the
AMC exception is met, Stark does not apply
to referrals made by AMC physicians to AMC
components. As importantly, satisfaction of
the AMC exception will allow the granting of
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
funds for mission purposes from one entity (a
teaching hospital) to another (typically a medical
school). Although obvious, it is important
to emphasize that Stark requirements still
must be satisfied when faculty physicians
establish financial relationships with entities
outside of the AMC or when components of
the AMC establish financial relationships with
physicians outside the AMC.
Despite the exception’s relatively clear elements
and the suggestion from Solinger that
future courts may take a “flexible” approach
in its application, many AMCs will be unable
to take advantage of its benefits. In some
cases, the teaching hospital will not meet the
requirement that faculty physicians constitute
the threshold 50% of the hospital’s medical
staff. In other AMC arrangements, faculty
physicians will not account for 50% of the
hospital admissions census. This may prove true,
especially in teaching hospitals with open staff
arrangements. Or, faculty physician admissions
in a particular AMC setting might satisfy the
50% threshold for a teaching hospital in a given
year, but fluctuate up and down in subsequent
years. In such settings, if the financial arrangement
between two or more AMC components
(e.g., a teaching hospital, medical school, or
FPP) is based on a multi-year contract, the failure
to satisfy the 50% threshold during any year
of the term could constitute a Stark violation.
Much depends, as well, on the precise nature
of the legal and financial organization of the
FPP. The FPPs that most resemble traditional
private group practice arrangements with
profits distributed to the physician membership
will obviously be the least likely to meet the
exception; but plans that rely on salaried faculty
physicians will typically be permitted.
FPP arrangements that distribute bonuses to
physicians based on performance measures
should be scrutinized in order to ensure that
they do not violate the requirement that the

total compensation of the referring physician
be “set in advance.” But, performance
incentives for faculty physicians may be
allowable if they do not represent compensation
for increasing referral volume or value.
Consequently, FPP bonuses for teaching,
research, quality, administrative activities,
publication, and cost improvements may all
be legitimate. Similarly, the AMC exception
may not apply if the referring faculty physician
is paid directly by the AMC entity (i.e.,
the teaching hospital) as an “independent
contractor” instead of as a requirement and/or
consequence of his or her employment with
the medical school or FPP. 10
Stark analysis when the AMC exception
cannot be met
Congress undoubtedly intended to provide a
“bright-line rule,” a clear test, so that faculty
physicians and the components of AMCs would
be free to pursue their joint missions together,
but no AMC can be assured that it automatically
meets the requirements of the exception.
Some clearly will not. Given this reality and
the complicated nature of the AMC exception
analysis itself, attorneys and compliance advisors
should be prepared to explore other means of
ensuring that the overlapping and symbiotic
associations in AMCs do not violate Stark
prohibitions. As a result, many AMCs have
found it either necessary, or prudent, to analyze
the financial arrangements involving their component
entities under other Stark exceptions,
especially the exception earmarked for “indirect
compensation” arrangements.
Direct compensation relationships
under Stark
In absence of a valid AMC exception, the
key to evaluating the Stark implications of a
financial arrangement in an AMC setting is the
determination of whether a “direct compensation
relationship” or an “indirect compensation
relationship” exists between the referring
physician and the DHS entity. Distinct exceptions
must be met for “direct” versus “indirect”
compensation relationships. If neither a “direct”
nor an “indirect” compensation arrangements
exists, then Stark does not apply, and meeting
an exception is not required.
A “direct compensation relationship” is
deemed to exist if payments are made to
the referring faculty physician (or his or her
immediate family member) by the DHS entity
without any intervening person or entity. 11 A
“direct” relationship will also exist when the
referring physician has an ownership interest in
the DHS entity to which patients are referred.
Direct compensation relationships, as discussed
above, are required to satisfy the highly
restrictive and technical exceptions. It is true
that teaching hospitals and other AMC entities
contract for the services of faculty physicians
who refer patients inside the AMC for DHSs.
But, such contracts are typically with the
medical school, FPP, or physician organization,
rather than with the individual physicians
themselves. For that reason, direct compensation
relationships with faculty physicians are
rare. Some faculty physicians may establish
“direct” relationships with providers of DHS
outside the AMC, and will therefore be
required to meet one of the Stark exceptions in
those settings, but that is usually not the case
within the AMC. As a result, the majority of
AMC financial arrangements will be analyzed
under the “indirect” compensation test.
Indirect compensation relationships
under Stark
In contrast to “direct” relationships, “indirect compensation
relationships” are deemed to exist if:
n there exists an unbroken chain of persons
or entities that have financial relationships
between the referring physician and the
DHS provider;
n the referring physician receives compensation
from that DHS provider that varies
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
with the volume or value of referrals to
that DHS provider; and
n the DHS provider has actual knowledge
or acts in reckless disregard or deliberate
ignorance of the nature of its financial
relationship with the referring physician.
If an “indirect compensation” relationship
exists, the indirect compensation exception
must be met. 12 Although somewhat less onerous
than the direct compensation exceptions,
the application of the indirect exception is
complex too, and requires knowledge of the
special “unit-based compensation” rules under
Stark and, as always, the advice of qualified
legal counsel. 13 Again, if the arrangement
meets the definition of neither a direct nor
indirect relationship, Stark does not apply.
Indirect compensation and Stark Phase III
revisions
Prior to the implementation of the 2007 Phase
III Stark regulations, many AMCs relied heavily
on the indirect compensation relationship to
justify mission support payments between
components of the AMC. In a common AMC
arrangement, an FPP and/or its associated
medical school employs faculty physicians who
refer patients for care to DHS providers (e.g.,
teaching hospitals) within the AMC. Many
AMCs took the position that mission support
payments for teaching, research, community
service, and indigent care from a teaching
hospital to the FPP or medical school did not
meet the definition of an indirect compensation
relationship—the compensation paid to
the referring physicians did not vary with or
otherwise reflect the volume or value of referrals
by the referring physician to the DHS entity.
Under this line of reasoning, because there
was also no “direct” financial relationship, the
arrangement was not subject to Stark and was
not required to conform to any of its exceptions.
Continued on page 32
December 2010
31

Stark and academic medical centers: A primer ...continued from page 31
The “stand in the shoes” doctrine
The foregoing justification for many financial
arrangements in the AMC setting was
profoundly complicated by the 2007 Phase III
revisions of Stark and the introduction of the
so-called “stand in the shoes” doctrine. Simply
stated, the “stand in the shoes” doctrine declares
that a referring physician will be deemed to
have a “direct compensation arrangement” with
a DHS provider if the only intervening entity
between the physician and the DHS provider is
his or her “physician organization.” 14
As a practical matter, this revision could have
meant that a “physician organization” (whose
physician members referred patients to a
DHS provider within an AMC) could not
accept reimbursement or compensation of any
sort without meeting one of the stipulated
direct compensation exceptions—an onerous,
impractical, and sometimes impossible task in
an AMC setting. Mission support payments
from DHS providers to FPPs and medical
schools appeared especially vulnerable, because
there was no direct compensation exception
applicable to mission support payments made
for general teaching, research, community
service, and indigent care purposes. Other
financial arrangements between the FPP/
medical school, too, might be analyzed as
direct compensation relationships, because the
referring faculty physician might be deemed as
having the same direct compensation relationship
as the physician organization. 15
Final “stand in the shoes” regulations
After multiple delays, extensive commentary,
competing proposals, and deliberation, CMS
amended the “stand in the shoes” requirements
in the 2009 Final Hospital Inpatient Prospective
Payment System (IPPS) rules. 16 These
most recent revisions clarify the operation of
the “stand in the shoes” doctrine for AMC
entities that wish to analyze their internal
financial relationships with faculty physicians.
Simply stated, CMS declared that a physician
will be deemed to “stand in the shoes” of
his or her physician organization only if the
intervening entity between the physician and
the DHS provider is a physician organization
and the physician has an ownership or investment
interest in that physician organization. 17
The revised definition of “ownership and
investment interest” is pivotal. The revised
rule emphasizes that physicians whose ownership
interests are merely nominal, or titular,
in nature will not stand in the shoes of their
physician organization. These arrangements
include ownership or investment interests in
which the referring physician does not receive
the benefit of such an interest, such as distribution
of profits, dividends, proceeds of sale,
or other types of returns on investments. 18
The impact of these changes and clarifications
is significant, especially for AMCs,
Stark Act
The Stark Act, 42 U.S.C. § 1395nn, is one of the most complex statutes, including
interpretive regulation, that prohibits a physician from referring to a designated
health entity if the physician has a financial arrangement with such entity.
Designated health services include the following: clinical laboratory, physical and
occupational therapy, radiology, radiation therapy and supplies, durable medical
equipment, parenteral and enteral nutrition, prosthetics orthotics and prosthetic
devices, home health, outpatient prescription drugs, and inpatient and outpatient
hospital. Further, financial arrangements include both compensation arrangements
and investment or ownership arrangements.
If a physician has a compensation arrangement with an entity that bills for
designated health services, the physician cannot refer to such entity unless the
arrangement meets all components of an exception. There are numerous
exceptions that apply to the Stark Act, some of which apply only to
investment/ownership arrangements, some that apply only to compensation
arrangements, and some that apply to both ownership/investment arrangements
and compensation arrangements. Each financial arrangement will need to be carefully
analyzed to make sure that either the Stark Act does not apply, or all components of an
applicable exception are met.
Complicating such arrangements further, physicians, under the Stark Act, include all of
the following family members related to the physician: husband or wife; birth or
adopted parent, child, siblings; stepparent, stepchild, stepbrother, or stepsister;
father-in-law, mother-in-law, son-in-law, daughter-in-law, brother-in-law or
sister-in-law; grandparent or grandchild; and spouse of a grandparent or grandchild.
Thus, even if a designated health service entity, like a hospital, is not contracting directly
with a physician, the Stark Act may be implicated if the party with whom the hospital is
contracting is related to a referring physician. The restrictions imposed by the Stark Act
are not eliminated, therefore, merely by contracting with a family member of a .
If you would like more information, visit the Captain Integrity website at
http://www.captainintegrity.com or contact a representative at 1.866.222.0706.
December 2010
32
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org

teaching hospitals, medical schools, and
FPPs in which there are no physician owners.
Payments from a DHS entity to a physician
organization in which the member physicians
have no ownership interests may once
again be analyzed under the more forgiving
indirect compensation relationship rules. As a
consequence, payments from a DHS provider
(like a teaching hospital) to a non-physician
owned physician organization or medical
school, in the form of mission support funds,
may be permitted under Stark provided that:
(1) the relationship does not satisfy the basic
definition of indirect compensation relationships;
or, (2) if they are considered indirect
compensation relationships, the payments,
remunerations, compensation or benefits satisfy
the exception for indirect compensation
relationships. Recall however, that payments
between DHS entities and physician-owned
physician organizations—inside or outside of
AMCs—may still be deemed direct compensation
relationships under the “stand in the
shoes” doctrine and will be required to meet
one of direct compensation exceptions.
Despite the latitude the recent changes have
given AMCs, CMS has not given a blanket
green light to all manner of mission support
payments. In response to a commenter in
the final regulations who contended that a
physician organization’s non-owner physician
employees would be highly unlikely to benefit
from “infusion of capital” or a mission support
payment to the physician organization, CMS
cautioned that there might still be scenarios in
which excessive reimbursement would undermine
the indirect compensation protection:
…[W]e are aware of situations where
non-owner physician employees and
contractors have compensation arrangements
that are not based on fair market
value and benefit from payments made to
their physician organizations from entities
to which the physician employees and
contractors refer patients for DHS. 19
In addition, CMS has noted in previous commentary
that even fixed aggregate compensation
may sometimes constitute a prohibited
direct or indirect compensation relationship if
such compensation exceeds fair market value
or has been inflated to reflect the volume
or value of referrals the physician makes to
the DHS entity. 20 As such, even when there
are no physician owners within a physician
organization—which is often the case in FPP
arrangements—it is still important to ensure
that physician salaries are fair market value and
are not otherwise inflated in ways that may
reflect the volume or value of referrals to the
DHS entity. Finally, as noted above, it is vital
to understand that although certain mission
support payments between a DHS entity and
a non-physician owned physician organization
may fall outside of Stark, those arrangements
will also need to be analyzed under the federal
Anti-kickback Statute, an additional reason
why FMV analyses continue to play a central
role in FPP compliance due diligence.
Finally, it is important to note that in addition
to the indirect compensation relationship exception,
other exceptions may be helpful to AMCs
with respect to the various business relationships
among the AMC entities. For example,
the physician recruitment exception under
Stark has been helpful in allowing certain types
of physician salary support and incremental
overhead expense allowances to FPPs. 21
Additionally, the personal services exception
may be used to protect relationships, such as
medical director arrangements or other services
that faculty physicians may provide to the DHS
entity. Again, however, if there are no FPP physician
owners, the personal services exception
(which is a direct compensation relationship
exception) will likely not be necessary to protect
the financial arrangement under Stark.
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
Conclusion
Stark Law requirements pose a special
challenge in the AMC setting in which a
multiplicity of entities, institutions, practitioners,
and missions co-exist and interact.
The AMC exception was specially crafted to
allow affiliated medical schools, physician
faculty, and teaching hospitals to follow
together their broad and multifaceted goals
of teaching, research, clinical care, and community
service. Where the AMC exception
is satisfied, the component parts of the AMC
will be granted broad latitude to pursue their
joint missions. AMCs that do not meet the
exception may still work together, but will
have to seek protection under other, narrower
Stark exceptions. In either instance, every
factual scenario and every AMC arrangement
is unique, and the highly technical provisions
require that each be analyzed on a case-bycase
basis by competent legal counsel before
determining that the specific relationship is
allowable under Stark. n
1 The Stark “self referral” statute appears at: 42 U.S.C. § 1395 et seq.
The accompanying regulations issued by the Centers for Medicare and
Medicaid Services (CMS) appear at: 42 CFR §411.350 – §411.389
(2010)
2 US Department of Justice, Press Release: Savannah’s Memorial Health
University Medical Center to Pay U.S. $5.08 Million to Resolve Fraud
Allegations. April 28, 2008. Available at http://www.justice.gov/usao/
gas/pr/2008/45_08MemorialHealthUniv.pdf
3 The AMC exception now appears at 42 C.F.R. §411.355(e)
4 Centers for Medicare and Medicaid Services: Code List for Certain
Designated Health Services (DHS). Available at https://www.cms.
gov/PhysicianSelfReferral/40_List_of_Codes.asp
5 Charles B. Oppenheim, Jenni Rosenberg: Compliance 101: An
introduction to the Federal Anti-Kickback Statute and Stark Law.
Compliance Today, November 2008, pp. 54-56
6 See 42 U.S.C. § 1395 (b)-(e)
7 42 C.F.R. § 411.355(e)(1)(i-iv)
8 Federal Anti-Kickback prohibitions may be found at 42 U.S.C §
§ 1320a–7b (2000)
9 U.S. ex rel. Villanfane v. Solinger at al., 543 F. Supp. 678 (W.D. Ky.
2008); and Anjana D. Patel, Robert J. Senska: Court analyzes first case
under Stark’s academic medical center exception. Compliance Today,
September 2008, pp. 11-13
10 Gerald M. Griffith: Pros, Cons and Further Questions on the AMC Exception.
Health Lawyers Weekly (AHLA), May 2008;6(20), p. 32; and
Frances Fernald, ed: A Guide to Complying with Stark Physician Self
Referral Rules. Washington, DC: Atlantic Information Services, 2010,
1322.1.5; and Mark R. Fitzgerald: Financial Support Arrangements
Between Academic Medical Centers and Faculty Practice Plans. Powers,
Pyle, Stutter and Verville, Newsletter, March, 2003. Available at http://
www.ppsv.com/news-publications-29.html.
11 42 C.F.R. § 411.354(a)(2)(i)
12 42 C.F.R. § 411.354(c)(2); and 42 C.F.R. § 411.357(p)
13 42 C.F.R. § 42 C.F.R. 411.357(e)
14 42 C.F.R. § 411.354(c)(1)(ii)
15 73 Fed. Reg. 48434, 48691 (Aug. 19, 2008)
16 73 Red. Reg. 48434 (Aug. 19, 2008)
17 73 Fed. Reg. 48434, 48693 (Aug. 19, 2008)
18 42 C.F.R. § 411.354(c)(3)(ii)(C)
19 73 Fed. Reg. 48694
20 69 Fed. Reg. 16054, 16059 (March 26, 2004)
21 42 C.F.R. § 411.357(e)
December 2010
33

December 2010
34
Health care reform
and its effect on
compliance programs
Editor’s note: Cathy Cahill-Egolf is the Chief
Compliance and Regulatory Officer, Clinical
Practice Management Plan, State University of
New York at Stony Brook. She may be contacted
by telephone at 631/444-8026 or by e-mail at
Cathy.Cahill@sunysb.edu.
Recent health care reform has brought
significant changes to the American
health care system. It is arguably the
most important—yet controversial–legislation
in the history of health care in our country
since President Lyndon Johnson signed the
Social Security Act in 1965, which established
the Medicare and Medicaid programs.
The Patient Protection and Affordable Care
Act (PPACA), as amended by the Health
Care Reconciliation Act of 2010, contains
expansion of access and health insurance
coverage for up to 32 million Americans.
The cost of this legislation is estimated by the
Congressional Budget Office (CBO) at $938
billion. Part of the legislation increased federal
funding to fight fraud and abuse by more
than $200 million over 10 years. The CBO
anticipates $1.75 in savings for every $1 spent
to fight fraud. 1 The cost will be largely funded
through various taxes and fees. For health
care compliance professionals, the statute
offers new challenges requiring compliance
programs to be revised and updated.
It has long been the goal of the federal government
to combat waste, fraud, and abuse
by health care providers. Numerous mechanisms
to combat fraud and abuse are already
in place. In the past, the Office of Inspector
By Cathy Cahill-Egolf
General (OIG) provided guidelines for model
compliance programs that identified potential
health care fraud and assisted health care
organizations in initiating risk assessments.
Criminal and civil penalties have been in
effect for those health care providers who have
committed fraud against a federal health care
program. One of the most frequently used
tools to combat fraud and abuse is the False
Claims Act, which prohibits an individual
from knowingly and willfully making a false
statement in relation to a claim for payment
for items or services furnished under a federal
health care program. Under the Health Care
Fraud Statute, the term “knowingly” doesn’t
require a person to have actual knowledge of
the law or intent to violate the law. 2
With the advent of health care reform, the
Health and Human Services (HHS) Secretary
will have expanded authority for enforcement
to reduce fraud and abuse. The Secretary will
be able to utilize the Civil Monetary Penalty
Statute to prohibit excluded individuals from
ordering services and will require reporting
and refunding any overpayments to Medicare
and Medicaid within 60 days of identifying
the overpayments. 3 In addition, the Secretary
will now have the authority to suspend a
provider’s payments pending an investigation
of any credible allegation of fraud and abuse
against that provider. 4 The Secretary will
share data with other agencies in an effort to
identify potential fraud. 5
PPACA made changes to the Federal
Sentencing Guidelines (FSG). 6 The FSG
were enhanced by requiring the United States
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
Sentencing Commission to ensure that:
n The FSG and policy statements reflect the
serious harms associated with health care
fraud, and in appropriate circumstances,
provide increased penalties for persons
convicted of health care offenses;
n As part of the review, consultation occurs
with individuals or groups representing
health care fraud victims, law enforcement
officials, the health care industry, and
federal judiciary;
n Reasonable consistency exists with other
relevant directives and with other guidelines
under the FSG;
n Any aggravating or mitigating circumstances
that might justify exceptions be
accounted for, including circumstances
for which the FSG provide sentencing
enhancements;
n Any necessary conforming changes to the
FSG are made; and
n The FSG adequately meet the purposes of
sentencing.
The ultimate goal of changing the FSG is to
substantially increase the penalties for individuals
who commit a federal health care offense
that results in more than $1 million in losses.
There have already been steep penalties for
making false statements; a $10,000 penalty per
offense could be imposed with potential triple
damages. 7 Under PPACA, the OIG may now
impose a $50,000 civil monetary penalty per
violation to those who knowingly make false
statements. 8 Also, monetary penalties may be
imposed on any person, organization, agency,
or other entity that fails to grant timely access to
books and records when requested by the HHS
Inspector General for auditing and inspection
purposes. 9
Provider screening is another method the government
is using to reduce the risk of fraud,
waste, and abuse. Beginning in March 2011,
procedures will be in effect to screen new

providers who participate in the Medicare,
Medicaid, and CHIP programs. Providers
already participating in these programs will be
subject to these procedures in March 2012.
The level of screening will be conducted
commensurate with the category of provider
and the potential risk of fraud for this
type of health care provider. The screening
must include a licensure check, which may
include licensure validation across multiple
states. Depending on the level of risk for the
category of provider, additional screening
levels may include a criminal background
check, fingerprinting, unscheduled and unannounced
site visits (including pre-enrollment
site visits), database checks, as well other
screening as determined by the Secretary. 10
Additional safeguards have been put in place to
protect the Medicare and Medicaid programs
against fraud and abuse. As a condition of
enrollment, some providers will be required to
establish a compliance program. 11 Any physician
who renders services or refers a patient
for services must be enrolled in the Medicare
Internet-based Provider Enrollment, Chain
and Ownership System (PECOS) program. 12
The Secretary has the authority to exclude
from participation any health care provider
who makes a false statement on an enrollment
application or any other documents submitted
to a federal health care program. Effective
January 1, 2011 suppliers and providers of
medical services or equipment who qualify
for a National Provider Identifier (NPI) must
include this NPI number on all claims. 13
Over the past few years, Recovery Audit Contractors
(RACs) were hired by the government
to investigate Medicare fee-for-service
claims to identify past improper payments.
PPACA has expanded their jurisdiction to
include claims associated with the Medicare
Advantage plans and the Medicare Part D
programs. 14 We can expect these audits to
ramp up before the end of the year. With the
increase in jurisdiction will come an increase
in government scrutiny. In response to a
report issued by the Government Accountability
Office in March of 2010, CMS has
adopted numerous measures to oversee the
accuracy of RAC claims’ reviews.
Compliance professionals need to keep ahead
of the curve. The following are some steps
a compliance officer may take to maintain
their commitment to compliance, identify
potential vulnerabilities, and reduce their risk
of fraud and abuse:
n Provide annual training to the board of
directors regarding changes in the law
and their responsibility in overseeing the
compliance program;
n Review your current Code of Conduct and
incorporate the FSG changes into your
compliance program,
n Ensure that annual risk assessments are
done to identify areas of potential vulnerabilities
by reviewing the OIG’s annual
Work Plan and by monitoring articles
published by your MAC to announce
forthcoming prepayment reviews;
n Ensure that the organization routinely
checks the government exclusion lists for
all current and prospective employees;
n Ensure that providers and staff receive
ongoing training; and
n Audit medical record documentation and
provide regular feedback to physicians.
Conclusion
Health care reform will take years to implement.
HHS intends to aggressively expand
their efforts to reduce fraud, waste, and abuse.
Compliance officers will need to carefully
examine the many facets of PPACA. They will
need to keep abreast of–and even participate
in–the regulatory process. Assessing how
these changes will impact the organization
will be crucial. Compliance officers must
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
take the lead and be proactive. The analysis
of the potential impacts of health care reform
and sound strategy will ensure that the
organization is prepared for these changes.
A comprehensive compliance program will
always be the most effective tool in managing
the regulatory landscape ahead. n
1. See “Affordable Health Care for America Act; Preventing Waste, Fraud,
and Abuse,” Fact Sheet Prepared by the House Committees on Ways
and Means, Energy and Commerce, and Education and Labor; October
29, 2009, available at http://edlabor.house.gov/documents/111/pdf/
publications/AHCAA-FRAUDABUSE-102909.pdf.
2. 31 U.S.C. § 3729(b); The Patient Protection and Affordable Care Act $
10606 (Pub.L. No. 111-148)(2010), amending 18 U.S.C. § 24(a).
3. PPACA § 6402.
4. Id. at § 6402(h)(1).
5. Id. at §§ 6402, 6403 and 6504.
6. PPACA § 10606.
7. The False Claims Act, 31 U.S.C. §3729.
8. PPACA § 6402(d).
9. Id. at § 6408.
10. Id. at § 6401.
11. PPACA at §6401
12. Id. at § 6405(a)
13. Id. at § 6402(a).
14. Id. at § 6411(b).
Be Sure to Get
Your CHC CEUs
Articles related to the quiz in this issue of
Compliance Today:
n Mobility disabilities: A technical
assistance manual for health care
providers—By David H. Ganz and
Gary W. Herschman, page 8
n The complexity of compliance basics:
A CCO’s pursuit of knowledge—By
H. Rebecca Ness, page 20
n Federal medical record requests: Setting
up a RAC and CERT response team—
By Michael G. Calahan, page 39
To obtain one CEU per quiz, go to www.
hcca-info.org/quiz and select a quiz.
Fill in your contact information, read
the articles, and take the quiz online. Or,
print and fax the completed form to CCB
at 952/988-0146, or mail it to CCB at
HCCA, 6500 Barrie Road, Suite 250,
Minneapolis, MN 55435. Questions
Please call us at 888/580-8373.
Compliance Today readers taking the
CEU quiz have one year from the
published date of the CEU article to
submit their completed quiz.
December 2010
35

December 2010
36
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org

Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
December 2010
37

focus
feature
Federal medical record requests:
Setting up a RAC & CERT Response Team
By: Michael G. Calahan, PA, MBA
December 2010
38
Editor’s note: Michael G. Calahan is currently the Director of Physician
Services at Kforce Healthcare, Inc., working in the Washington, DC Metro
area. He specializes in compliance, revenue cycle management, clinical
documentation improvement, coding, and billing in the facility and physician
arenas. He may be contacted by e-mail at mcalahan@kforce.com.
There was no avoiding it: a federal RAC request for medical
records (called an Additional Documentation Request
or ADR) had arrived in the afternoon mail. The letter was
passed around the office, starting with the mail clerk and then to
the lead coder, next to the coding manager who propped it up on
her monitor as a reminder to hand it off to the clinic director, until
finally it ended up in the director’s inbox several days later. The director
had known this was imminent, but did not anticipate having to
handle the scenario today, while three key staff were out on vacation,
the clinic physicians were busy with full schedules as usual, and her
most trusted administrative assistant was fulfilling his last day of
employment in the clinic. In a rush to get the request completed and
returned (“out of sight, out of mind”), she hastily pulled the requested
records herself, decided which medical record (MR) notes were to be
copied, passed off the copying to the unit secretary and, within 30
minutes, completed the entire task. She affixed a stamp to the return
envelope and dropped the “audit package” into the outgoing mailbox.
Whew, that was that! Or was it Let’s start at the beginning.
Facilities and physician practices are inundated with requests for
medical information of every nature: clinic visit notes, health insurance
authorizations, managed care referrals, handicap parking certificates,
forms to sign, forms to copy, forms to fax, etc. It is a never-ending cycle
of administrative requests, all based on the foundation of the health care
encounter: medical record (MR) documentation. Whether paper-based
or in electronic form, MR documentation is critical to the long-established
and far-reaching responsibilities of modern health care providers.
Coincidentally, MR documentation is also the source used by oversight
entities that work with the Centers for Medicare and Medicaid
Services (CMS) to audit providers and ultimately approve or deny
services, take back monies, suspend claims in pre-payment reviews,
perform probe audits, levy fines, and even prosecute providers. In
an arena where so much MR documentation is created, processed,
and maintained, it is a surprise to find that judgments such as “no
documentation was submitted,” “documentation was not received by
the due date,” “missing documentation in support of services billed,”
and/or “documentation does not indicate medical necessity” tend to
be the most prevalent reasons for provider service denials and stern
repayment demands.
The demand for reviewing MR documentation is only set to increase.
The high profile initiative called the Comprehensive Error Rate Testing
(CERT) program oversees each Medicare Administrative Contactor’s
(MAC’s) payment history and originates MR demands to providers.
The MACs likewise perform pre-payment and post-payment reviews,
requesting MR copies for everything from complicated inpatient stays
to non-physician practitioner (NPP) office visits. More recently, the
Recovery Audit Contractor (RAC) initiatives have become a familiar
part of the health care landscape. Providers should expect RAC
requests for MRs to be a part of the norm going forward, with such
requests being issued as often as every 45 days and reaching back to
services provided as early as Oct. 1, 2007. The ceiling limits for MR
requests are dependent on the type/size of the facility or physician
practice (in volume of claims or in number of providers). All of these
oversight programs promise to increase as the government tightens its
grip on fraud, waste, and abuse.
Unfortunately, the track record for success under these mounting
documentation requests is less than stellar, if official reports by local
MACs and the CERT bodies are correct. The RAC enterprise is
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org

ecognized now by the federal government as capable of causing and/or
uncovering potential high-risk areas of organizational “vulnerability”
because of the enormous quantities of MR demands set to be sent to
providers. To this extent, responses to RAC requests have recently been
addressed in part by CMS in an article via the Medicare Learning Network.
1 Although it is addressed to inpatient hospital and skilled nursing
providers, the article has implications and lessons for all providers.
Addressing “RAC high dollar improper payment vulnerabilities,” CMS
issued warnings that provider vulnerabilities lie in (a) non-compliance
with timely submission of requested medical documentation and/or in
reply to a RAC request that (b) insufficient documentation … did not
justify services billed, [did not justify the] medically necessary and/or
[were not] correctly coded/billed.” The situation can still be remedied,
however.
Providers must ensure that specific internal administrative structures
or ADR response mechanisms are set up to process, track, and manage
the numerous federal MR requests. Now, with the RACs gearing up
for full-blown facility and physician medical necessity and complex
reviews (thereby set to increase the number of MR requests), providers
must take this opportunity to establish an internal MR request
management system.
How does the typical provider, whether a facility, clinic, or physician
practice, set up such a system Establishing a simple but effective
three-step approach to manage the requests is tantamount to success.
The three steps are:
n Establish straightforward, methodical protocols for the receipt,
processing, tracking, and fulfillment of all official MR requests;
n Appoint a flexible MR request “response team” to handle and manage
these requests; and
n Perform post-fulfillment “impact” analyses of each request’s outcome,
reviewing the final adjudication of the cases audited to assess
fiscal impact on clinical operations (e.g., improved documentation),
technical processes (e.g., more accurate coding), as well as any negative
impact on revenue.
Establishing methodical protocols
Whether set up via electronic health record (EHR) software (with
automatic chart flagging/tracking functions) or via a paper-based system,
oversight protocols should be established to respond to all official
MR demands. Protocols should administer various aspects of the
fulfillment process in a premeditated and thoughtful way, avoiding a
pervasive reflexive response that might adversely influence staff when
processing these MR requests. Such knee-jerk responses can cause
personnel to fulfill the MR demands in a hurried manner (e.g., the
opening example in this article) just to get them completed, perhaps
overlooking critical pieces of documentation that might otherwise
save the claims from being downcoded or denied with resultant repayment
demands. The oversight protocols should include steps for:
n receipt and logging of all official MR demands;
n retrieval of charts and culling of pertinent date-of-service (DOS)
information;
n inspection and final verification of the information to be copied
and sent;
n copying the documents; and
n mailing the requested information by certified means.
An important consideration for facilities, clinics, and physician
practices with multi-locations is centralization: Will this fulfillment
process be centralized (working through one appointed MR request
response team), or will there be a team in place at each of the facility
locations Once the requests have been fulfilled, a plan of action for
communicating audit results back to a central point within the health
care system or within the multi-office physician practice might be
essential for fiscal controls.
A flexible MR request response team
From any perspective, forming a MR request response team to exert
control over federal MR demands simply reverberates with intelligence.
Even in the smallest of physician practices, in which the physician
would play an active role on the team, a highly effective team
can be created. Four main appointments of a MR response team, with
various assigned duties that can be mixed and matched, should be
accomplished:
n Clinic director or practice manager – responsible for overseeing
the entire process and ensuring internal compliance as well as
performing post-fulfillment analyses;
n Administrative leader – responsible for ensuring all administrative
personnel assigned to the team perform their functions and for
performing final inspection and verification of all submitted audit
packages;
n Clinical leader – responsible for reviewing all culled clinical data to
ensure appropriateness and accuracy (e.g., demonstration of medical
necessity and inclusion of prior visit documentation influencing
the date-of-service under audit, etc.,); and
n Unit secretary, file clerk, or medical secretary – responsible for
opening and logging the official MR demands from the mail, pulling
charts, performing an initial round of culling the identified MR
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
Continued on page 41
December 2010
39

Managed Care
Compliance Conference
February 6–8, 2011
Scottsdale, AZ | FireSky Resort
HCCA’s Managed Care Compliance Conference provides essential
information for individuals involved with the management of compliance
at health plans. Plan to attend if you are a compliance professional from a
health plan (all levels from officers to consultants), in-house and external
counsel for a health plan, internal auditor from a health plan, regulatory
compliance personnel, or managed care lawyer.
learn more at www.hcca-managedcare-conference.org
Improving Governance Practices
Audit &
Compliance
committee conference
February 7–8, 2011 | Scottsdale, AZ
Learn more at
www.auditcompliancecommittee.org
This conference is designed for
board members and members of
a board audit and/or compliance
committee of not-for-profit health
care organizations. Compliance
officers may attend with their
board member(s). CEOs, CFOs,
and other senior officers are also
welcome to attend.
The Audit & Compliance Committee Conference is jointly sponsored by the
Health Care Compliance Association (HCCA) and the American Hospital
Association’s (AHA) Center for Healthcare Governance
December 2010
40

Federal medical record requests: Setting up a RAC & CERT Response Team ...continued from page 39
documents from the chart, routing the chart to the next level (i.e.,
a clinical leader for clinical data verification), and receiving, after
final approval for copying and certified mailing, the various chart
documents selected to fulfill the official MR request. This person, if
he/she is responsible for opening/routing the practice mail, will also
direct all post-fulfillment adjudication notices to the clinical director
or practice manager for appropriate follow up.
Obviously, if other persons are responsible for various duties along
the way, then those persons would be injected into this process at the
appropriate points. Alternates should be appointed in the case of staff
vacations, absences, etc. This is a highly flexible arrangement of roles
and responsibilities, and it can be constructed in many different ways,
depending on the size, staffing, and physical location(s) of its various
team members.
decisions, which should be carried out if the encounters in question
have been misjudged or assessed prematurely in some crucial way (e.g.,
specific documentation was not available and therefore was left out of
the original audit package, a signature log or physician attestation is
needed to authenticate the documents after-the-fact, etc.) The various
audit types (e.g., CERT, RAC) will lumber under different assessment
rules and appeal rights for the provider; the facility and practice leaders
should be familiar with these rules and rights. Negative impact on
revenue should be viewed with a critical eye and questions asked, such
as: Are the MR requests resulting in denials with attached repayment
demands for simple services that, if documented with higher quality
levels or coded more accurately, would be approved and paid Opportunities
for operational improvement and growth may not always be
obvious, but even minor documentation and/or coding changes can
potentially save the facility or practice thousands of dollars annually.
Performing impact analyses
Post-audit analysis of each case must be performed; it is essential that
the facility, clinic, or physician practice leaders view each final ruling
by the oversight entity (e.g., CERT, MAC or RAC) as an opportunity
for growth and possible restructuring or clarification of duties. This
can include necessary modifications in documentation (e.g., EHR
training, documentation and/or dictation techniques, establishing
process points to be followed, and/or enhancing data integrity/quality),
coding education and fortification, improved billing standards, or
all of these actions. This might also include opportunities to appeal the
The ubiquitous and ever-growing number of federal MR requests sent
to providers should be treated the same way an IRS tax audit would
be treated: with great care, attention to detail, and inspection of all
documents to be forwarded. Once the requested records have been
mailed to the entity, providers should anticipate receipt of final results
on every case and perform appropriate follow up actions to correct
functional inadequacies in administration, clinical operations, or
coding and billing. n
1 CMS: Medical Learning Network: MLN Matters SE1024 “Recovery Audit Contractor (RAC) Demonstration
High-Risk Vulnerabilities – No Documentation or Insufficient Documentation Submitted” revised July 14,
2010. Available at http://www.cms.gov/mlnmattersarticles/2010mman/itemdetail.aspitemid=CMS1237489.
The Health Care Compliance
Professional’s Manual
With Annual Subscription Service
• Hard-copy subscribers receive quarterly updates
• Internet subscribers receive updates as soon as they are issued
Published by CCH and HCCA Members: $369/year Non-members: $409/year
The Health Care Compliance Professional’s Manual gives you all the tools you need to plan and execute a customized
compliance program that meets federal standards. Available via print or the Internet, the Manual walks
you through the entire process, start to finish, showing you how to draft compliance policies, build a strong
compliance infrastructure in your organization, document your efforts, apply self-assessment techniques,
create an effective education program, pinpoint areas of risk, conduct internal probes and much more.
To order, visit the HCCA website at www.hcca-info.org, or call 888-580-8373.
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
December 2010
41

December 2010
42
Patient visits:
Reforms increase
Editor’s note: Angela Miller is President of
Medical Auditing Solutions LLC. She may be
contacted by telephone in Dallas at 972/459-
1508 or by e-mail at angela@MedicalAuditing
Solutions.com.
Physician practices must prepare for
a number of changes brought about
by the health care reform law passed
earlier this year. The following are four regulatory
changes that physician practices need
to consider:
1. Physicians must see all Medicare patients
(face to face) within 30 days prior to initial
orders for durable medical equipment
(DME) and home health agency (HHA)
service and, in some cases, between 61-90
days after the service is set up.
2. Physicians must provide copies of medical
records for services they order, or risk
having their National Provider Identifier
(NPI) number revoked for 12 months.
3. Only a Medicare provider can order
services covered by Medicare, for example
DME, HHA, pharmacy, etc.
4. All health care providers are required
to have a seven-element compliance
program.
All of these changes are in the health care
reform legislation 1 signed in March 2010,
but the Centers for Medicare and Medicaid
Services (CMS) has not published the requirements
yet. However, this article will provide
the effective dates from the legislation. It does
provider
responsibilities
By: Angela Miller, CHC
take some time to get a rhythm and training
synchronized in an office setting, so let’s
start now.
Providing medical records or NPI is shut off
It would be to the physician’s benefit to
provide a copy of the medical record at the
time a referral is made, rather than waiting
until Medicare or another provider requests
it. It will save staff time. (Not what you want
to hear, I know.) The physician’s office should
obtain copies of hospital records that justify
billing for services to patients in the hospital
setting. The hospitals have not provided those
records in past audits, and subsequently, the
physician was dinged with an overpayment.
Failure to provide records upon request for
the services ordered will result in a revoked
NPI number for a minimum of one year for
physicians. This will impact Medicare and
commercial payer contracts as well, because
physicians must maintain good standing with
Medicare to keep those contracts in many
cases. This went into effect February 23, 2010.
The penalty of a revoked NPI number may
impact the hospital in the future.
Some physician’s offices only fax these
medical records and referral orders and don’t
make phone calls. The referral order is already
being faxed or “e-transmitted” to the servicing
provider; the chart is typically there with the
order being faxed. It will save the staff time
to provide a fax copy of the chart notes and
physician’s order at the time of the referral.
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
Face-to-face requirements
There is good news! Medicare will also
require a face-to-face visit by the physician
for all initial orders of DME, home health,
and hospice. CMS requires a face-to-face
within 30 days on some items now, so we
may expect one within 30 days of initial order,
across the board. Medicare currently requires
some follow-up visits between 61 and 90 days
(primarily for respiratory equipment) and
annual renewal orders within 90 days prior
to renewal of all services. This has not been
required for all DME and all HHA orders, but
with the Health Care Reform bill, it is. Back
in the early 1990s, Medicare required an initial
“date last seen” within 30 days, and it had
to be provided on the Certificate of Medical
Necessity (CMN), when most services required
a CMN. So, the good news is that physicians
get to increase their revenue through office
visits prior to ordering or renewing services.
Renewal is more applicable to DME than
HHA, but physicians will want to see those
patients periodically as well. At this point,
every dollar you can add to the bottom line
is a benefit. When CMS gives you lemons;
make lemonade! This was effective January 1,
2010. Some services already have a published
requirement for face-to-face evaluations prior
to order or “setup.” This will expand the current
requirements to all DME, home health,
and hospice initial setup and recertifications.
Keep in mind, this includes existing patients
who may have home health care, but now
need a walker. A physician must meet face to
face with the patient to order the walker. This
also includes homebound patients as well,
and CMS has not made any clarification as
to how these patients will be handled for the
face-to-face situation. No exceptions have
been made at this point.
Also, remember that every time a practitioner
sees the patient, a review must be made of the

medication and services previously ordered protocol (which also includes repeat visits
as part of the history and physical. The practitioner
also has to document the patient’s well as full history and physical), can receive
within a set time frame, based on disease as
continued need for those medications or a 1%-2% annual bonus. This may not be a
services. Medicare is looking for documentation
of continued need in the chart notes past reimbursement cuts.
large bonus, however, it will help replace the
the initial order date. CMS wants to make
sure the practitioner is managing the patient’s Electronic medical records requirements
disease state and Medicare are not paying for EMR is an expensive dirty “word” for many
services that are not needed.
physicians; however, the EMR (if used and
set up appropriately) can help them manage
I never said the points were going to make all of these points automatically:
sense. In the past, physicians may have called n The appointments can be scheduled at the
in limited services for the patient without an time of visit.
office visit, which does save Medicare money. n Appointment reminders can be automated.
Check to see if the EMR has the
We can hope that CMS will issue further
clarification on this topic.
capability to send voice mail messages to
remind patients of their appointment one
Ordering services for Medicare patients week and one day before the appointment.
No more keeping the Medicare patient base This may be extra, but weigh costs against
as cash patients and ordering any time for time for someone to run a report, make
service, medication, etc., because Medicare the calls, leave a message, and repeat again.
will no longer pay for those services if the n EMR systems can be set up to manage
physician is not a Medicare provider. This disease states, but I have heard complaints
became effective July 1, 2010. This will be about how cumbersome it is.
managed and monitored via the National Plan n EMR systems can integrate fax receipt of
and Provider Enumeration System (NPPES), lab work or download of labs and other
NPI, and the Provider Enrollment, Chain records. Give it at least 6 months before
and Ownership System (PECOS) database you give up.
websites. CMS will not confirm that overpayments
will not be assessed for orders by physicians
who have not registered by July 1, 2010. $25K and going up. They all require commit-
There are excellent systems starting around
CMS has extended the deadline to January 3, ment, change, strategic conversion planning,
2011; however, CMS is saying they could still and dedication!
recoup paid claims between July 1, 2010 and
January 3, 2011. It is critical to register in Conclusion
PECOS as soon as possible.
As you can see, many of these requirements
go hand in hand. These new requirements
Quality of Care bonus program
should be part of the newly required
All of these processes will help you with seven-element compliance program. The
quality of care as well. Providers have an compliance program will be instrumental in
opportunity for a Medicare and Medicaid keeping health care providers in compliance
Quality Data Set annual bonus. Physicians with all the requirements discussed. The
who are following disease management requirements may not always make sense;
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
however, physicians have to operate within
those guidelines to maintain a successful
business. Unfortunately, complaining about
it only makes us feel better, but the elephant
is still in the room. The best strategy is to
complain through constructive comments to
your elected officials, while working toward
implementation before the remaining “drop
dead” effective dates are published. This will
allow health care providers time to budget
and plan as well as to perfect the office
processes. n
1 Patient Protection and Affordable Care Act
Helpful Links
You can reference the full Health Care
Reform bill text at http://www.cbsnews.
com/htdocs/pdf/Senate_health_care_
bill.pdf
The amendments are at http://www.
cbsnews.com/htdocs/pdf/House_reconciliation_package_031810.pdf
A compliance program has been
required for providers collecting $5 million
or more per year in Medicaid funds
collectively since 2006. More information
is available at http://www.cms.gov/
smdl/downloads/SMD121306.pdf
New York Office of Inspector General
implemented state requirements
for effective compliance program
10/1/2009, available at http://
www.omig.state.ny.us/data/content/
view/79/1/
December 2010
43

December 2010
44
Individual liability
for health care fraud:
Enforcement agencies
raise the stakes
Editor’s note: Gabriel L. Imperato is the Managing
Partner of the Fort Lauderdale office of
Broad and Cassel. He is certified as a specialist
in health law and is a former member of the
Board of Directors for the Health Care Compliance
Association. Mr. Imperato represents individuals
and organizations accused of criminal or
civil health care fraud and handles compliance
matters for health care organizations. He may be
contacted by telephone at 954/745-5233 or by
e-mail at gimperato@broadandcassel.com.
The legacy of health care fraud
enforcement has primarily targeted
organizations for criminal, civil,
and administrative liability for fraudulent
and abusive practices. These enforcement
efforts continue in all sectors of the health
care industry; however, a trend in actions
against individuals has surfaced in a number
of recent cases. An increasing number of
management, operational, and even legal
personnel of organizations have been held
individually accountable in direct enforcement
actions or through assumed obligations
under Corporate Integrity Agreements (CIA)
with the Office of Inspector General (OIG)
of Health and Human Services (HHS).
These developments more than adequately
reflect what government officials have been
saying for some time about holding individuals
responsible and using it as a highly
effective method to deter future health care
fraud. This article will discuss several recent
examples of enforcement actions that resulted
By Gabriel L. Imperato, Esq., CHC
in individual accountability for health care
fraud against federal health programs.
Individual accountability and recent CIAs
In recent years, the government has ratcheted
up its efforts to prosecute and prevent health
care fraud. As a result, an increased number
of health care organizations have entered into
CIA’s. A CIA is the alternative to excluding
a health care provider or supplier organization
from participating in federal health
programs. In September of 2009, Pfizer, Inc.
(Pfizer) entered into a five-year CIA with the
OIG-HHS concerning off-label promotion
of several drugs, including Bextra. However,
Pfizer’s CIA contains several requirements not
previously seen in other CIA’s. The Pfizer CIA
designates the type of authority which the
chief compliance officer (CCO) must have
and the specific responsibilities to be carried
out by the CCO. The CIA requires the CCO
to be a member of senior management and
to report to the chief executive officer (CEO)
of Pfizer. The CIA specifically prohibits the
CCO from being subordinate to Pfizer’s
General Counsel or chief financial officer
(CFO). Furthermore, the CIA requires that
an Audit Committee of the board of directors
be established to meet quarterly and review
the effectiveness of the CIA. Additionally,
the CCO is required to be the chairman of
the Compliance Committee, which must
support the CCO in fulfilling duties under
the CIA. The CCO must also have authority
to report compliance matters directly to the
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
Audit Committee of the board of directors
at any time deemed appropriate. The CIA
also explicitly requires the CCO to enforce
practices, policies, and procedures to ensure
compliance with federal health programs and
Food and Drug Administration requirements
and the obligations under the CIA. The
CCO is also to monitor daily activities of the
organization and to make quarterly reports
to the Audit Committee and the board of
directors of Pfizer.
The terms of the CIA designate individual
business unit managers and certain employees
to monitor and oversee the compliance
activities under the CIA and to certify compliance.
The CIA requires these business unit
employees to certify to specific statements
that they have:
n reviewed reports from an internal group
within Pfizer formed to conduct promotional
quality assessments;
n reviewed summary reports of speaker
programs, advisory boards, consultant
payments, and travel and entertainment
expenses;
n reviewed sales compensation exclusion
criteria;
n reviewed corporate compliance group
statistics, and also
n that they are not aware of any violations of
law, regulation, or of Pfizer policy, or the
requirements of the CIA.
Furthermore, the CIA requires that if there
is an issue identified, any potential violations
will be referred to the Corporate Compliance
group or a member of the Pfizer Legal division
for further review and follow up.
In April of 2010, AstraZeneca Pharmaceuticals
LP and AstraZeneca LP (AstraZeneca) also
entered into a five-year CIA with OIG-HHS
concerning the illegal marketing of a drug
for off-label uses. AstraZeneca’s CIA contains

individual accountability provisions not
unlike the provisions contained in Pfizer’s CIA
from 2009. Section III of AstraZeneca’s CIA
delineates which members of AstraZeneca’s
management team have accountability and
certification responsibilities under the CIA.
The requirements of the AstraZeneca CIA
parallel the Pfizer CIA regarding compliance
officer authority and responsibilities,
establishment of a Compliance Committee
for US operations, and also detail specific
compliance responsibilities for the board
of directors. The AstraZeneca CIA requires
certain business unit managers and employees
to monitor, oversee, and certify compliance
with the CIA and overall compliance by the
organization. The CIA also obligates members
of the board of directors to explicitly oversee
the organization’s compliance program and
to resolve and attest to the organization’s
compliance effectiveness.
Although the management accountability and
certification requirements under the Pfizer
and the AstraZeneca CIAs are not identical,
the same underlying theme is present under
each agreement: individual responsibility and
accountability for passive or active noncompliance
within the certifying employee’s area
of authority. The message is clear—management
and other high ranking employees who
are responsible for compliance can no longer
turn their backs on noncompliance within
an organization. Corporate employees may
well have to answer to the government for the
noncompliance of their organizations.
Individual liability for aiding in health care
fraud
In September of 2007, the government
charged Christi Sulzbach, a Tenet Hospital
System (Tenet) Compliance Officer and
General Counsel, under the False Claims
Act in a case in the Southern District of
Florida. The allegations against Sulzbach
were related to a CIA she signed on behalf of
Tenet Healthcare in 1994, which remained
in effect until 1999. The Complaint alleged
that Sulzbach made a sworn declaration in a
compliance report, which was prepared under
her direction and authority, that Tenet was
in conformity with its CIA, when in fact,
Sulzbach had personal knowledge this was
not the case. Sulzbach allegedly had reviewed
several contracts between Tenet and physicians
in which physicians’ salaries were based
on the number of referrals they garnered for
the facility, a clear violation of the Stark Law.
Because Sulzbach signed off on the compliance
report, and it was her responsibility to
oversee compliance, and she allegedly acted
in dereliction of her duties, the government
filed a complaint against her for causing the
submission of false claims. However, the
government brought suit against Sulzbach ten
years after her purported misdeeds. The court
ultimately found that the government had
enough knowledge earlier during its investigation
of the matter to trigger the three year
post-knowledge statute of limitations period.
Thus, the court dismissed all claims against
Sulzbach on her summary judgment motion
because the government’s complaint against
Sulzbach was untimely. Nevertheless, the case
underscores the extent to which the Department
of Justice will go to hold individuals
accountable for health care fraud.
OIG-HHS is not far behind and, in October
of 2009, it entered into a settlement agreement
with Michael Baskt, PhD to settle
suspected violations of the Stark Law and
Civil Monetary Penalties Law (CMPL). Baskt
was accused of violating the federal Stark Law
and CMPL in connection with his duties as
CEO of Community Memorial Hospital in
California. The accusations stemmed from
Baskt’s personal involvement with arrangements
that constituted kickbacks and resulted
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
in false Medicare claims. Baskt denied all
suspected violations in his settlement agreement,
but agreed to pay $64,000 to resolve
the action.
And, OIG-HHS is also aggressively holding
physicians accountable for violations of
the Stark Law and Anti-kickback Statute.
A recent settlement involving a physician’s
relationship with two different medical device
companies was premised on the contention
that the consulting agreements between the
physician and the medical device companies
violated the federal Anti-kickback Statute.
The merits of the OIG’s contention are debatable,
but the settlement signals the intent to
aggressively pursue physician liability, as well
as organization liability, for violations of the
self-referral and anti-kickback laws.
Conclusion
Although neither Baskt, Sulzbach, nor
Montijo were ever held civilly or criminally
liable, the allegations filed against each of
them are important, because they reflect
the government’s willingness to prosecute
individuals who aid in the commission of
health care fraud. No longer will those engaging
in fraud be shielded from liability by the
government’s tendency to focus accountability
on health care organizations. As the
government continues to step up its efforts
to prevent health care fraud, individuals
involved in compliance and supervision need
to tread carefully. When individuals who are
responsible for compliance sign their names
on a document or become personally involved
in illegal transactions, they can face civil and
criminal liability, whether or not they were
actively engaged in fraud.
The author would like to acknowledge the
contributions of Elizabeth Hertz, a summer
associate in the Fort Lauderdale office of Broad
and Cassel.
December 2010
45

Medicare
beneficiaries remain
vulnerable to
Medicare Advantage
marketing schemes
By Mark Stiglitz
of 2008 (MIPPA) in which it prohibited or
limited certain sales and marketing activities
by sales agents and organizations that offer
MA plans. In general, MIPPA’s provisions
were intended to ensure that sales agents
enroll Medicare beneficiaries “based on the
plan that best meets their health care needs.”
Specifically, MIPPA required CMS, for
example, to issue regulations that limit sales
agent compensation. MIPPA also required
sales agents to pass an annual marketing test
and to be state licensed.
December 2010
46
Editor’s Note: Mark Stiglitz is a Team Leader
with the Office of Evaluation and Inspections
(Region V), Office of Inspector General, U.S.
Department of Health and Human Services. The
author may be contacted by telephone in Chicago
at 312/353-9867 or by mail at 233 N. Michigan
Ave., Suite 1390, Chicago, IL 60601.
The Medicare program offers beneficiaries
the option of enrolling in
private insurance plans under
Medicare Advantage (MA) or remaining in
original (fee-for-service) Medicare. Between
January 2008 and July 2010, enrollment in
MA plans increased from just over 9 million
to nearly 12 million, about of a quarter of all
Medicare beneficiaries.
Over several years, beneficiary complaints
about inappropriate marketing practices used
to enroll beneficiaries in MA plans reached
Congress and the Centers for Medicare &
Medicaid Services (CMS), the federal agency
charged to oversee Medicare. These complaints
included reports that sales agents had marketed
MA plans without licenses, portrayed
themselves as Medicare employees, or misled
Medicare beneficiaries about MA plan benefits.
Protecting enrollees from inappropriate
sales agent marketing practices is critical to
ensuring that Medicare beneficiaries enroll
in plans that meet their health care needs.
Most beneficiaries must remain enrolled in
one plan throughout the year. Therefore, if
beneficiaries enroll in plans that do not best
meet their needs, they may have to remain in
these plans until the following year.
Background
MA plans are health plans offered to
Medicare beneficiaries by private companies
approved by CMS. MA plans must cover
all the services that original Medicare covers,
except hospice care. In addition to these
services, MA plans may offer extra coverage,
such as vision, hearing, dental, or health and
wellness programs. Most MA plans also
include Medicare outpatient prescription
drug coverage.
MA plans may contract with independent
sales agents or employ sales agents to
market their plans to Medicare beneficiaries.
Independent sales agents may market MA
plans on their own, or as employees of field
marketing organizations (FMO) that typically
provide sales agents with enrollment leads
and marketing assistance. MA plans pay
independent sales agents directly or through
an FMO.
In July 2008, Congress enacted the Medicare
Improvements for Patients and Providers Act
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
OIG evaluation
OIG analyzed six selected MA organizations
(MA organizations are companies that offer
one or more MA plans), focusing on their
compliance with three MIPPA marketing
provisions: (1) compensation of sales agents,
(2) annual training and testing of sales
agents, and (3) use of state‐licensed sales
agents. These three provisions are critical to
protecting Medicare beneficiaries, because
they address sales agents’ financial motivation
and their qualifications to market MA
plans. OIG purposively selected the six MA
organizations based on their size and the rate
of marketing complaints they received. 1
Beneficiaries remain vulnerable to sales
agents’ marketing
OIG found that the five MA organizations
using independent sales agents (one MA organization
did not use independent sales agents)
had compensation practices that resulted in
inappropriate financial incentives. These five
MA organizations’ compensation practices
may have led sales agents to enroll Medicare
beneficiaries in MA plans that did not best
meet beneficiaries’ health care needs.
Three of the five MA organizations made
payments to agents in excess of the amount
approved by CMS. In addition, three of the
five made payments to FMOs that may have

created inappropriate financial incentives to
encourage sales agents to enroll Medicare
beneficiaries in MA plans that paid more.
One MA organization did both. This may
have occurred because CMS regulations lack
specificity concerning payments to FMOs.
OIG also found that five of the six selected
MA organizations did not ensure that all sales
agents were qualified under CMS’s regulations.
These MA organizations used unqualified
sales agents who either had not passed
the required annual marketing test or were
not licensed at the time they took Medicare
beneficiaries’ enrollment applications.
In OIG’s random sample of 30 sales agents
per organization, there were 12 unqualified
sales agents, the majority of whom had not
passed the annual marketing test. Each
organization had systems in place to ensure
that only qualified sales agents submitted
enrollment applications. However, in most
instances these systems failed to detect applications
taken by unqualified sales agents in
our sample. In addition, no MA organization
had a policy to contact Medicare beneficiaries
discovered to have been enrolled by an
unqualified sales agent to ensure that they
knew of their enrollment or understood the
plans’ rules. MA plans are required to have
systems in place to confirm that beneficiaries
are aware of their enrollment and that they
understand the plans’ rules.
OIG recommendations to protect
beneficiaries
Each of the six selected MA organizations
failed to follow at least one of the marketing
regulations concerning sales agent compensation
and qualifications. Such instances
represent gaps in organizations’ oversight and
implementation of the sales agent marketing
rules. In addition, results from CMS’s
oversight of marketing activities indicate that
compliance concerns are not limited to the six
selected MA organizations we reviewed.
As a result, OIG recommended that CMS:
n take appropriate actions regarding the
specific instances of noncompliance documented
in the report;
n audit MA organizations and include an
assessment of the vulnerabilities identified
in the OIG report;
n issue additional regulations concerning
FMO payments;
n issue regulations requiring MA organizations
to contact all new enrollees to ensure
that they understand plan rules; and
n issue guidance clarifying that MA organizations
should immediately terminate
unlicensed sales agents upon discovery.
In response to the final report, CMS provided
an action plan describing how it will address
all of OIG’s recommendations. In fact, CMS
has sent warning letters or notices of noncompliance
to five of the MA organizations
identified in the OIG report. CMS stated
that it recognizes the importance of taking
Need a quick and cost-effective
way to earn CEU credits
Want the latest news on breaking
issues and best practices
All of this from the convenience
of your own office
the appropriate compliance and enforcement
actions against sales agents who inappropriately
market to Medicare beneficiaries. n
1. The OIG report, Beneficiaries Remain Vulnerable to Sales Agents’
Marketing of Medicare Advantage Plans, OEI-05-09-00070, can be
found on the OIG Web site at http://oig.hhs.gov/oei/reports/oei-
05-09-00070.pdf.
The complexity of compliance basics: A CCO’s pursuit
of knowledge ...continued from page 23
An effective compliance program promotes
the proper and ethical manner of conducting
the business of health care. While mastering
the complexity of compliance basics, you may
feel mired in the tedious details of the regulatory
environment. However, remember that
compliance is a profession that focuses on
critical values, and you are contributing to the
mission of high-quality patient care delivery
by facilitating an organizational culture that
is grounded in ethical behavior. The profile of
today’s accomplished corporate compliance
officer is truly a profession of honor. n
1 Federal Sentencing Guidelines §8B2.1(a) (2)
2 Federal Register Vol. 63, No. 35, Feb. 23, 1998, 8987
3 Federal Register Vol. 70, No. 19 Jan. 31, 2005, 4859
4 www.oig.hhs.gov/publications
5 Compliance Today, Volume Twelve, Number Eight, August 2010
6 Thomas Davenport and Laurence Prusak: Working Knowledge: How
Organizations Manage What They Know (Boston: Harvard Business
School Press, 1998, 2000).
Try one of HCCA’s
upcoming Web
Conferences, and
earn 1.2 CEU credits.
It doesn’t get any easier.
learn more about
upcoming web
conferences and
register at
www.hcca-info.org/
webconferences
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
TryWebConf_quarterpage_CTad.indd 1
7/8/2010 9:15:55 AM
December 2010
47

HCCA Recognizes and Thanks Its Corporate Members
H
HAYES
MANAGEMENT
CONSULTING
HealthNow
HealthNow New York Inc.
Liberty
®
December 2010
48
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org

New HCCA Members
n Coquette O’Rourke, Wichita Clinic, PA
Illinois
n Deborah Bielanski, Norwegian American
Hospital
n Ellen M. Bower, Southern Illinois Healthcare
n Joan Davis, Greenville Regional Hospital
n Lee Ehrlichman, LifeWatch Services, Inc
n Cheryl Felchner, HSHS Medical Group
n Dinita S. Galvez, Carle Foundation Hospital
n Linda M. Gonia, OSF Healthcare System
n Sheryl Y. Head, SwedishAmerican Health
System
n Gregg F. McAllister, Centers for Medicare &
Medicaid Services
n Rebecca L. Morgan-Boyd, Carle Foundation
Hospital
n Wendy Neuman, McHenry County Mental
Health Board
n Susan O’Neill, Tenet
n Gregory Pesely, OSF Healthcare System
Indiana
n Loretta E. Babbitt, Health Venture Management
n Mary Kopp, Clarian Health Partners
Iowa
n Caroline Giddings, Mercy Medical Center
Kansas
n Jean C. Dean, Trego County Lemke Memorial
Hospital
Kentucky
n Aleetha Ellis, Fresenius Medical Care North
America
n Frances Meserve, Hospice of Western Kentucky
Louisiana
n Byron Johnson, Kohler HealthCare Consulting
n Stacy Perron, Blue Cross and Blue Shield of
Louisiana
Maine
n Douglas Jennings, Jennings Law Office
n Megan M. Rochelo, Univ of New England
n Jennifer Sweet, Athenahealth, Inc.
n Jan Trott, Maine Medical Center Research Inst
Maryland
n Merri-Ellen James, CMS
n Bobbie Knickman, CMS
n Lynn Merritt-Nixon, CMS
n Judi L. Olinger, Humanim
Massachusetts
n Eileen Beaulieu, Milton Hospital
n Fran Helms, Pro Sports Therapy
n Connie Sexton Herbstman, CMS
n Robin Morin, HealthAlliance Hospitals, Inc
Michigan
n Ryan Ruzziconi, Diplomat Specialty Pharmacy
Minnesota
n Michelle Dugas, ActivStyle, Inc.
n Lisa Howard, Amethyst Consulting Services
n Karen Matz, UMPhysicians
n Shirley Qual, United Health
n Tammy J. Ree, CHAN Healthcare Auditors
n Christina Rich, Medtronic, Inc
n Eric Riensche, Felhaber Larson Fenlon & Vogt
n Maggie Weyrens, UCare
Mississippi
n Christy E. Roberts, Georgia Regional Health
System
Missouri
n Denise Berger, Des Peres Hospital
n Kathy M. Crites, BJC HealthCare
n Keith Daniels, St John’s Hospital - Aurora
n Regina Everett, Grace Hill Neighborhood
Health Centers
n David Feess, Liberty Hospital
n Mary Lee Harlan-Newberry, University of
Missouri Health Care System
n Katherine Hartman, Heartland Health
n Kathleen M. Radcliff, Hedrick Medical Center
n Homer G. Robinson, Barnes-Jewish Hospital
n Michael W. Wardlow, St. John’s Regional
Medical Center
Continued on page 50
Thank You
To the more than 1,670 attendees of the Compliance Institute
more than 850 attendees of HCCA’s other National Conferences
more than 670 attendees of Compliance Academies
more than 1,450 participants in our Regional Conferences
more than 115 attendees at both the Privacy and Research Academies
more than 1,690 participants in our Web Conferences
more than 6,700 HCCAnet members
more than 4,200 LinkedIn members
more than 11,000 Twitter followers
more than 500 Facebook fans
And, most of all, thank you to our more than 6,700 HCCA members
for helping advance the Health Care Compliance and Ethics profession in 2010.
We look forward to serving you in 2011 and for many more years to come.
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
December 2010
49

New Members ...continued from page 49
Montana
n Julie Ouzts, Intermountain Children’s Home
Nebraska
n Louise A. Notson
Nevada
n Alice Wong, Sunrise Hospital and Medical Center
New Hampshire
n Jean Courteau, Littleton Regional Hospital
n Joyce McCormick, Catholic Medical Center
n Erin L. Pettigrew, Core Physicians
New Jersey
n Tina M. Adams, Meridian Health
n Garineh Dovletian, The Medicines Company
n Susan Torok-Rood, Univ of Medicine &
Dentistry of NJ
New York
n Inga H. Back, Oswego County Health Dept
n Junior Bazzey, NYU College of Dentistry &
Nursing
n Jacqueline Bravo, The Brooklyn Hospital Center
n Alex Chang, Columbia Univ Medical Center
n Jane F. Collins, CVPH Medical Center
n Nicole Downer, City of New York
n Necia Doyon, Cobleskill Regional Hospital
n George Fatoush, MediSys Health Network
n Frances Gardner
n Kathleen Owens, ENT & Allergy Associates LLP
n Lynn Reno, ARCS
n Ann Rooney, County of Onondaga
n James Shannon, Wilson Elser Moskowitz
Edelman & Dicker LLP
n Daniella Volcy, Evelyn Douglin Center
Ohio
n Jeanine Fisher, Licking Memorial Health System
n Christina Laskovski, Summa Health Systems
Oregon
n Laurinda S. Andrist, Oregon Imaging Centers
n Beth Lori, Pacific Retirement Services, Inc.
Pennsylvania
n Dana A. Borghi, Mercy Health System
n Thompson Boyd, Hahnemann Univ Hospital
n Ellen Capone, Children’s Hosp of Philadelphia
n Stacey Carr, St. Joseph Medical Center
n Kevin Dill, Pepper Hamilton, LLP
n Rodney Farley, LW Consulting
n Paul Flanagan, Hahnemann Univ Hospital
n Robert A. Gongaware, Indiana Regional
Medical Center
n Cheryl A. Kettinger, Magee Rehab Hospital
n Philip Munkacsy, Elan Pharmaceuticals Inc
n Lisa Schorr, Wesley Spectrum Services
n Jay Stollak, Elan Pharmaceuticals
n Catherine T. Sullivan, Integrity First Consulting
Rhode Island
n Kara Butler, Quality Partners of Rhode Island
South Carolina
n Hunter Kome, Oconee Medical Center
Tennessee
n Adam C. Baggett, Tract Manager, Inc
n Rick Diaz, Psychiatric Solutions, Inc.
n Cheryl M. Fairley, Memorial Health Partners
n Sara E. Hall, Meditract Inc/Tract Manager
n Kmily Manns, Tenet
n Vicki Moody, State of Franklin Healthcare
Associates
n Katy J. Thomas, Tract Manager
Texas
n Christine Ackerson, Baylor Health Care System
n Vanessa Benavides, Tenet Healthcare
n Michelle Castro, Doctors Hospital at White
Rock Lake
n Russell N. Fail, Baptist Healthcare System
n Joan Marine
Vermont
n Susan Purcell Montiel, Southwestern Vermont
Healthcare
Virginia
n Laura Bracis, Inova Health System
n Thomas Coker, Georgetown University Hospital
n Kristin Murphy, Inova Health System
Washington
n Michael G. Huppe, Kadlec Clinic
n Jennifer Rogalla, Health Care Data
Management Government Services
n Michelle Solomon
West Virginia
n Terri Bonasso, Fairmont General Hospital
Wisconsin
n Pamela Brunner
n Shawn M. Halcsik, Evergreen Rehabilitation
n Jane M. Quinn, HospiceCare Inc
Switzerland
n Tamara Tubin, CareFusion Switzerland 317
SARL n
Update Your HIPAA Training
with Coastal Training Technologies’ employee training
DVDS, newly updated to cover mandates of the Health
Information for Economic and Clinical Health (HITECH)
Act.
Each video is less than 20 minutes,
and comes with 10 participant handbooks to
test comprehension.
To order, visit the HCCA
website at www.hcca-info.org, or call
888-580-8373.
December 2010
50
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org

• Internal Audit
• Litigation Support
• Denials Management
• Compliance Consulting
McBee Associates’ uncompromising commitment to compliance with health care policy and
regulations is an integral part of all phases of client engagements. The firm helps clients establish,
update, and review compliance programs to ensure regulatory, financial, and operational integrity.
McBee Associates believes that compliance is good business.
McBee Associates is your total solution firm.
Uncompromising
Commitment to
Compliance
Performance. Profitability. Partnership.
Contact Frank Smith
800.767.6203
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
December 2010
51

HCCA’s 2011 events
HCCA offers first-class education, resources, and networking opportunities for everyone
in the health care compliance field. Whatever your focus, HCCA has a conference for you.
NatioNal CoNfereNCes
Managed Care
Compliance Conference
February 6–8 | Scottsdale, AZ
Audit & Compliance
Committee Conference
February 7–8 | Scottsdale, AZ
Compliance Institute
April 10–13 | Orlando, FL
Research Compliance
Conference
June 12–15 | Austin, TX
Physician Practice/Clinic
Compliance Conference
October 16–18 | Philadelphia, PA
DAtes AnD loCAtions
Are subjeCt to CHAnge.
for upDAtes, visit
www.hcca-info.org
BasiC CompliaNCe aCademies
February 7–10
San Francisco, CA
March 14–17
San Antonio, TX
June 6–9
Scottsdale, AZ
August 8–11
New York, NY
september 19–22
Chicago, IL
October 24–27
Las Vegas, NV
november 14–17
Orlando, FL
December 5–8
San Diego, CA
researCH
BasiC CompliaNCe aCademies
January 31—February 3
San Francisco, CA
August 15–18
Las Vegas, NV
HealtH Care privaCy
BasiC CompliaNCe aCademies
March 28–31
Orlando, FL
October 3–6
San Francisco, CA
WeB CoNfereNCes
Explore current hot topics for compliance
professionals with instant and up‐to‐date
education from the convenience of
your own office. New conferences are
announced regularly, and prior sessions are
available for purchase on CD‐ROM. Visit
www.hcca‐info.org for the latest updates.
regioNal CoNfereNCes
southeast
January 21 | Atlanta, GA
south Atlantic
January 28 | Orlando, FL
southwest
February 18 | Dallas, TX
Alaska
February 24–25 | Anchorage, AK
Upper north Central
May 6 | Columbus, OH
Upper northeast
May 20 | New York, NY
Pacific northwest
June 10 | Seattle, WA
West Coast
June 17 | Los Angeles, CA
new england
September 9 • Boston, MA
Upper Midwest
September 16 • Minneapolis, MN
Midwest
September 23 • Kansas City, KS
north Central
October 3 • Indianapolis, IN
east Central
October 14 • Pittsburgh, PA
Hawaii
October 21 • Honolulu, HI
Mountain
October 28 • Denver, CO
Mid Central
November 4 • Louisville, KY
south Central
November 11 • Nashville, TN
Desert southwest
November 18 • Phoenix, A