Quality of the estimate. December, p. 47 - Health Care Compliance ...
Quality of the estimate. December, p. 47 - Health Care Compliance ...
Quality of the estimate. December, p. 47 - Health Care Compliance ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Volume Thirteen<br />
Number Twelve<br />
<strong>December</strong> 2011<br />
Published Monthly<br />
Meet<br />
Mary Dunaway, Hospital<br />
Revenue Cycle <strong>Compliance</strong><br />
Director, University <strong>of</strong><br />
Arizona <strong>Health</strong> Network<br />
page 14<br />
Feature Focus:<br />
Medicaid RACs: Tool <strong>of</strong><br />
transparency or torment<br />
page 44<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
Earn CEU Credit<br />
www.hcca-info.org/quiz—see page 50<br />
How to respond<br />
to a regulatory<br />
investigation<br />
page 8<br />
This article, published in <strong>Compliance</strong> Today, appears here with permission from <strong>the</strong> <strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association. Call HCCA at 888/580-8373 with all reprint requests.<br />
1<br />
<strong>December</strong> 2011
HCCA Ad<br />
SAVE<br />
THE<br />
DATE<br />
Managed <strong>Care</strong><br />
<strong>Compliance</strong> Conference<br />
February 12–14, 2012 | Scottsdale, AZ<br />
HCCA’s MAnAged CAre CoMpliAnCe ConferenCe provides essential<br />
information for individuals involved with <strong>the</strong> management <strong>of</strong> compliance at health<br />
plans. Plan to attend if you are a compliance pr<strong>of</strong>essional from a health plan (all levels<br />
from <strong>of</strong>ficers to consultants), in-house and external counsel for a health plan, internal<br />
auditor from a health plan, regulatory compliance personnel, or managed care lawyer.<br />
Learn more at hcca-managedcare-conference.org<br />
<strong>December</strong> 2011<br />
2<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org
INSIDE<br />
5 The rising tide: Recognizing your criminal<br />
prosecution risks abroad<br />
By Winston Y. Chan and Justin S. Liu<br />
Companies with international third-party<br />
distributors and resellers, consultants, and<br />
foreign clinical trials face high levels <strong>of</strong><br />
criminal enforcement scrutiny.<br />
8 CEU: Mail call: How to respond to a<br />
regulatory investigation By K Royal<br />
A step-by-step process for responding to a<br />
complaint notification letter.<br />
12 HCCAnet and Website News<br />
14 Meet Mary Dunaway, Hospital Revenue<br />
Cycle <strong>Compliance</strong> Director, University <strong>of</strong><br />
Arizona <strong>Health</strong> Network<br />
An interview by Roy Snell<br />
18 Letter from <strong>the</strong> CEO By Roy Snell<br />
Change<br />
19 Social Networking By John Falcetano<br />
Zone Program Integrity Contractor (ZPIC)<br />
20 Exhale By Shawn DeGroot<br />
Exercise a good sense <strong>of</strong> humor<br />
23 People on <strong>the</strong> Move<br />
24 CEU: Losing sleep over health care<br />
marketing arrangements<br />
By Lawrence Conn<br />
<strong>Health</strong> care providers are faced with<br />
substantial limitations and risk potential<br />
criminal liability for common marketing<br />
efforts, unlike many o<strong>the</strong>r industries.<br />
29 Regulatory compliance for research in an<br />
academic medical center<br />
By Jeffrey N. Joyce<br />
Establishing an effective research<br />
infrastructure requires coordination<br />
among many departments to develop and<br />
implement regulatory policies and processes<br />
that work for everyone.<br />
38 CIAs: A look back to <strong>the</strong> future at OIG<br />
investigations By Jamie L. Kendall<br />
A look at <strong>the</strong> government agreements with<br />
several pharmaceutical companies may<br />
predict <strong>the</strong> focus <strong>of</strong> investigations regarding<br />
sales and marketing tactics.<br />
43 Newly Certified CHC ® ; CHPC ® ; CHRC ®<br />
44 Feature Focus: Medicaid RACs: Tool <strong>of</strong><br />
transparency or torment<br />
By Rebecca Jones McKnight<br />
Providers should prepare for greater scrutiny<br />
and view claims and denial data for warning<br />
signs for greater enforcement.<br />
<strong>47</strong> Confidence and precision in claims<br />
audits: <strong>Quality</strong> <strong>of</strong> <strong>the</strong> <strong>estimate</strong><br />
By Cornelia M. Dorfschmid<br />
Understanding some common auditing<br />
terms will help you determine if an<br />
<strong>estimate</strong>d overpayment amount is<br />
reasonable or should be contested.<br />
51 Accountability is <strong>the</strong> key to compliance<br />
effectiveness<br />
By Jane A. Obert<br />
An independent review <strong>of</strong> your compliance<br />
program by an outside consultant may<br />
lead to a culture <strong>of</strong> continuous quality<br />
improvement.<br />
56 CEU: <strong>Compliance</strong> 101: Pay now or pay<br />
later By Joyce Freville<br />
Time and effort spent on prevention practices<br />
can pay <strong>of</strong>f better than money spent fixing a<br />
regulatory problem after that fact.<br />
60 How internal controls support compliant<br />
business practices: Part 1<br />
By Kelly Nueske<br />
The five components <strong>of</strong> internal controls<br />
and how <strong>the</strong>y support “doing it right <strong>the</strong><br />
first time.”<br />
68 Documenting fair market value for<br />
physician contracting By Penny Stroud<br />
Using <strong>the</strong> right tools and knowing what<br />
and when to document can help ensure<br />
your facility is paying comparable rates for<br />
comparable services.<br />
73 New HCCA Members<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
3<br />
<strong>December</strong> 2011
DON’T GO<br />
HALFWAY.<br />
GO 360.<br />
MANAGE CLAIMS AUDITS WITH TOTAL CONFIDENCE. Multiple audits, hundreds<br />
<strong>of</strong> claims, dozens <strong>of</strong> team members, zero free time. Miss one date and you forfeit hard-earned revenue. With so<br />
much complexity – and so much at stake – only <strong>Compliance</strong> 360 <strong>of</strong>fers <strong>the</strong> confidence <strong>of</strong> a 24x7 Virtual Audit<br />
Coordinator that manages every step <strong>of</strong> every audit in one central system. No gaps, no guesses, no gotchas.<br />
Visit www.compliance360.com/ClaimsAuditor to learn how we’re helping thousands <strong>of</strong> providers protect <strong>the</strong>ir<br />
revenues – and <strong>the</strong>ir peace <strong>of</strong> mind. GET THE 360° VIEW.<br />
<strong>December</strong> 2011<br />
www.compliance360.com<br />
4<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org
The rising tide:<br />
Recognizing your<br />
criminal prosecution<br />
risks abroad<br />
By Winston Y. Chan and Justin S. Liu<br />
Editor’s note: Winston Y. Chan is<br />
Of Counsel in Gibson, Dunn &<br />
Crutcher’s San Francisco <strong>of</strong>fice.<br />
Winston may be contacted by e-mail<br />
at wchan@gibsondunn.com.<br />
Justin S. Liu is an Associate in<br />
Gibson, Dunn & Crutcher’s Los<br />
Angeles <strong>of</strong>fice. He may be contacted<br />
by e-mail at jliu@gibsondunn.com.<br />
In recent years, US law<br />
enforcement authorities have<br />
demonstrated an increasing<br />
willingness to scrutinize <strong>the</strong><br />
health care industry for criminal<br />
conduct. A new academic study, 1<br />
released on August 17, 2011<br />
by Syracuse University, starkly<br />
quantifies this trend, finding that<br />
health care fraud prosecutions<br />
by <strong>the</strong> Department <strong>of</strong> Justice<br />
(DOJ) during <strong>the</strong> first eight<br />
months <strong>of</strong> 2011 numbered more<br />
than 900 cases, representing a<br />
brisk prosecutorial pace that is<br />
85% greater than last year, 157%<br />
greater than five years ago, and<br />
115% greater than 10 years ago.<br />
Immediately on <strong>the</strong> heels <strong>of</strong> <strong>the</strong><br />
study—as if on dramatic cue—<br />
<strong>the</strong> Department announced on<br />
September 7, 2011, that it had<br />
charged 91 health care pr<strong>of</strong>essionals<br />
across eight cities for <strong>the</strong>ir<br />
alleged participation in schemes<br />
that falsely billed more than $295<br />
million. 2 Just three weeks later,<br />
on September 26, 2011, Assistant<br />
Attorney General Lanny A. Breuer<br />
announced that “[t]he civil rights,<br />
criminal, and civil divisions <strong>of</strong><br />
<strong>the</strong> Department <strong>of</strong> Justice are all<br />
working toge<strong>the</strong>r to fight health<br />
care fraud.” 3<br />
As part <strong>of</strong> this escalation in<br />
government resources directed<br />
against health care fraud, <strong>the</strong><br />
DOJ has not hesitated to examine<br />
<strong>the</strong> conduct <strong>of</strong> <strong>the</strong> health<br />
care industry globally, primarily<br />
through <strong>the</strong> lens <strong>of</strong> <strong>the</strong> Foreign<br />
Corrupt Practices Act (FCPA),<br />
which gives prosecutors <strong>the</strong><br />
ability to focus on wholly foreign<br />
conduct in a way that <strong>the</strong> traditional<br />
health care fraud criminal<br />
statutes do not. Indeed, in April<br />
2011, Johnson & Johnson paid a<br />
$21.4 million fine in connection<br />
with a criminal FCPA settlement<br />
with <strong>the</strong> DOJ, based on acts purportedly<br />
occurring inside Greece,<br />
Poland, and Romania. 4<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
Accordingly, pharmaceutical,<br />
biotechnology, and medical device<br />
and service companies that do<br />
business internationally must be<br />
equally vigilant in recognizing<br />
and mitigating <strong>the</strong> compliance<br />
risks that <strong>the</strong>y face abroad, as <strong>the</strong>y<br />
do within <strong>the</strong> United States. We<br />
set forth some <strong>of</strong> those primary<br />
risks herein: <strong>the</strong> use <strong>of</strong> third-party<br />
distributors and resellers, health<br />
care consultants, and—<strong>the</strong> newest<br />
subject <strong>of</strong> US law enforcement<br />
attention—foreign clinical trials.<br />
FCPA risks in <strong>the</strong> health care<br />
industry<br />
The Johnson & Johnson<br />
settlement related to charges that<br />
its subsidiaries in Greece, Poland,<br />
and Romania bribed publiclyemployed<br />
health care providers in<br />
those nations in order to induce<br />
<strong>the</strong>m to use and purchase Johnson<br />
& Johnson medical devices and<br />
drugs. Similar allegations have<br />
abounded. In 2010, Merck<br />
revealed that it was subject to<br />
an FCPA investigation. In 2009<br />
and 2010, Eli Lilly disclosed<br />
that an FCPA probe that began<br />
in 2003 with an investigation <strong>of</strong><br />
its Polish unit, was expanding.<br />
O<strong>the</strong>r pharmaceutical companies,<br />
including AstraZeneca,<br />
Baxter, Bristol-Myers Squibb,<br />
GlaxoSmithKline, and Pfizer,<br />
reportedly have received letters<br />
<strong>of</strong> inquiry from <strong>the</strong> DOJ. In<br />
2007 and 2008, six medical<br />
device manufacturers (Biomet,<br />
Continued on page 6<br />
5<br />
<strong>December</strong> 2011
The rising tide: Recognizing your criminal prosecution risks abroad ...continued from page 5<br />
<strong>December</strong> 2011<br />
6<br />
Medtronic, Smith & Nephew,<br />
Stryker, Wright Medical, and<br />
Zimmer Holdings) disclosed <strong>the</strong>ir<br />
own FCPA investigations.<br />
Nor is <strong>the</strong> DOJ’s interest in <strong>the</strong><br />
health care industry as a target<br />
for FCPA investigations likely<br />
to wane, particularly because<br />
<strong>the</strong> largest foreign purchasers<br />
<strong>of</strong> pharmaceuticals and medical<br />
equipment generally are state-run<br />
hospitals and state-affiliated health<br />
care providers. Assistant Attorney<br />
General Breuer in a November<br />
2009 speech said, “[O]ne area <strong>of</strong><br />
criminal enforcement that will be<br />
a focus for <strong>the</strong> Criminal Division<br />
in <strong>the</strong> months and years ahead…<br />
[is] <strong>the</strong> application <strong>of</strong> <strong>the</strong> Foreign<br />
Corruption Practices Act to <strong>the</strong><br />
pharmaceutical industry.” He<br />
fur<strong>the</strong>r noted that, in 2009, close<br />
to $100 billion dollars, or onethird<br />
<strong>of</strong> pharmaceutical revenues,<br />
stemmed from sales outside <strong>of</strong> <strong>the</strong><br />
United States.<br />
Interactions with non-US<br />
doctors and hospitals<br />
The DOJ interprets <strong>the</strong> FCPA<br />
to encompass all employees <strong>of</strong><br />
state-owned enterprises and<br />
government agencies, treating<br />
<strong>the</strong>m as “government <strong>of</strong>ficials”<br />
for purposes <strong>of</strong> <strong>the</strong> FCPA. This<br />
includes staff members and<br />
doctors employed by public<br />
and quasi-public hospitals and<br />
clinics, and so <strong>the</strong> sales practices<br />
<strong>of</strong> health care companies need<br />
to be particularly sensitive<br />
to how gifts, hospitality, and<br />
travel expenditures are handled<br />
abroad. Rule-<strong>of</strong>-reason policies<br />
on <strong>the</strong>se expenditures, with<br />
pre-approval procedures that<br />
involve <strong>the</strong> <strong>Compliance</strong> or<br />
Legal functions, should be put<br />
in place; and employees should<br />
receive anti-corruption training,<br />
including compliance with local<br />
law. As <strong>the</strong> Johnson & Johnson<br />
settlement illustrates, health care<br />
companies cannot afford to focus<br />
only on <strong>the</strong> risks <strong>of</strong> violating<br />
<strong>the</strong> traditional health care fraud<br />
statutes, which o<strong>the</strong>rwise require<br />
a connection to state and federal<br />
health care insurance programs.<br />
Foreign distributors and resellers<br />
<strong>Health</strong> care companies should be<br />
particularly careful when relying<br />
on third-party distributors and<br />
resellers, which can be necessary<br />
in regions where <strong>the</strong> pharmaceutical,<br />
biotechnology, medical device,<br />
or medical service company may<br />
not have a sufficient indigenous<br />
sales capability—particularly in<br />
vast geographic markets, such as<br />
China and Russia. These third<br />
parties pose compliance risks,<br />
because <strong>of</strong> pass-through liability<br />
under <strong>the</strong> FCPA coupled with<br />
<strong>the</strong>ir <strong>of</strong>ten opaque business practices.<br />
When utilized, third-party<br />
distributors and resellers should<br />
not be injected into transactions<br />
without a clear and legitimate<br />
business purpose, and localized<br />
due diligence on <strong>the</strong>se business<br />
partners should be conducted<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
to ensure that <strong>the</strong>y are reputable<br />
and <strong>the</strong>y abide by anti-corruption<br />
laws. This due diligence should<br />
occur prior to any partnership,<br />
and should be actively supplemented<br />
on a recurring basis.<br />
Anti-corruption provisions should<br />
be included in contracts and<br />
agreements with distributors and<br />
resellers, and <strong>the</strong> health care company<br />
should seek to make clear<br />
to its sales channel partners its<br />
commitment to anti-corruption<br />
compliance, including by sharing<br />
best practices and training.<br />
Foreign health care consultants<br />
Ano<strong>the</strong>r risk area is <strong>the</strong> use <strong>of</strong><br />
consulting arrangements with<br />
prominent foreign doctors or<br />
health experts to promote <strong>the</strong><br />
health care company’s products<br />
or services. Often <strong>the</strong>se “key<br />
opinion leaders” will be employed<br />
by or affiliated with a government<br />
agency or state-owned enterprise.<br />
These individuals can be legitimately<br />
contracted to research,<br />
review, and promote health care<br />
products and services, <strong>of</strong> course,<br />
but particular care should be<br />
exercised to ensure that <strong>the</strong> consultant<br />
has not been implicated in<br />
corruption in <strong>the</strong> past and is being<br />
reasonably compensated relative<br />
to a bone-fide and value-adding<br />
service, such as conducting an<br />
independent medical study or<br />
providing necessary education in<br />
relation to <strong>the</strong> company’s health<br />
care product or service. Preapproval<br />
by <strong>the</strong> <strong>Compliance</strong> or
Legal function <strong>of</strong> any consulting<br />
arrangement abroad may be desirable,<br />
as would be a requirement<br />
that no consultant be retained<br />
while <strong>the</strong> company or its affiliates<br />
has business pending before any<br />
entity related to <strong>the</strong> consultant.<br />
Foreign clinical trials<br />
Outside <strong>of</strong> <strong>the</strong> international sales<br />
and marketing context, a novel<br />
area <strong>of</strong> concern to US <strong>of</strong>ficials is<br />
<strong>the</strong> growing reliance on non-US<br />
clinical trials when seeking<br />
approval <strong>of</strong> new drugs and medical<br />
devices. A 2010 report by <strong>the</strong><br />
Office <strong>of</strong> <strong>the</strong> Inspector General<br />
<strong>of</strong> <strong>the</strong> Department <strong>of</strong> <strong>Health</strong><br />
and Human Services, entitled<br />
“Challenges to FDA’s Ability to<br />
Monitor and Inspect Foreign<br />
Clinical Trials,” found that 80%<br />
<strong>of</strong> drugs approved by <strong>the</strong> Food<br />
and Drug Administration (FDA)<br />
relied on non-US clinical trials<br />
and that 78% <strong>of</strong> all subjects who<br />
participated in clinical trials did so<br />
outside <strong>of</strong> <strong>the</strong> United States. 5 The<br />
report also noted <strong>the</strong> lower rate at<br />
which <strong>the</strong> FDA audited foreign<br />
clinical trial sites. Congress has<br />
also recognized <strong>the</strong>se concerns. US<br />
Representative Rosa DeLauro said<br />
<strong>the</strong> report “highlights a very frightening<br />
and appalling situation”<br />
because <strong>of</strong> “clinical trials in foreign<br />
countries with lower standards and<br />
where FDA lacks oversight.”<br />
Government scrutiny has<br />
expanded to law enforcement,<br />
who reportedly are reviewing<br />
foreign clinical trials for potential<br />
FCPA violations. Because such<br />
trials generally would be conducted<br />
by doctors at state-run or<br />
state-affiliated hospitals or academic<br />
institutions, payments by<br />
pharmaceutical, biotechnology, or<br />
medical device companies could<br />
be viewed as potential conduits<br />
for bribes. A health care company<br />
that seeks to utilize foreign clinical<br />
trials should conduct <strong>the</strong> same<br />
level <strong>of</strong> localized due diligence and<br />
active monitoring <strong>of</strong> its clinical<br />
trial partners abroad, just as <strong>the</strong><br />
company would do with respect<br />
to an international third-party<br />
business partner. Significantly,<br />
a company should be especially<br />
mindful when <strong>the</strong> proposed clinical<br />
trial operator is a current or<br />
potential customer <strong>of</strong> <strong>the</strong> company’s<br />
products—a likely scenario<br />
if <strong>the</strong> trial operator is a stateaffiliated<br />
health care provider.<br />
Conclusion<br />
<strong>Health</strong> care companies now face<br />
<strong>the</strong> highest levels <strong>of</strong> DOJ criminal<br />
enforcement scrutiny that <strong>the</strong>y<br />
ever have, not just for domestic<br />
behavior in violation <strong>of</strong> traditional<br />
health care fraud statutes, but<br />
also for international conduct<br />
in violation <strong>of</strong> <strong>the</strong> FCPA. Such<br />
companies should implement<br />
robust global compliance policies<br />
and procedures, and tailor <strong>the</strong>m<br />
to <strong>the</strong> special risks <strong>of</strong> doing business<br />
in foreign countries where,<br />
in <strong>the</strong> health care context, <strong>the</strong> line<br />
between public and private can be<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
especially blurred. For pharmaceutical,<br />
biotechnology, and medical<br />
device and services companies,<br />
three <strong>of</strong> <strong>the</strong> primary international<br />
corruption risks arise through<br />
<strong>the</strong>ir use <strong>of</strong> third-party distributors<br />
and resellers, consultants, and<br />
foreign clinical trials. n<br />
1 Syracuse University Transactional Records<br />
Access Clearinghouse: <strong>Health</strong> <strong>Care</strong> Fraud<br />
Prosecutions for 2011. August 17, 2011.<br />
Available at http://trac.syr.edu/tracreports/<br />
crim/258/<br />
2 Dept <strong>of</strong> Justice press release: Medicare<br />
Fraud Strike Force Charges 91 Individuals<br />
for Approximately $295 Million in<br />
False Billing. September 7, 2011. Available<br />
at http://www.justice.gov/opa/pr/2011/<br />
September/11-ag-1148.html<br />
3 Dept <strong>of</strong> Justice press release: Assistant<br />
Atorney General Lanny A. Breuer Speaks at<br />
<strong>the</strong> American <strong>Health</strong> Lawyers Association<br />
and <strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association’s<br />
2011 Fraud and <strong>Compliance</strong> Forum. September<br />
26, 2011. Available at http://www.<br />
justice.gov/criminal/pr/speeches/2011/crmspeech-110926.html<br />
4 Dept <strong>of</strong> Justice press release: Johnson<br />
& Johnson Agrees to Pay $21.4 Million<br />
Criminal Penalty to Resolve Foreign<br />
Corrupt Practices Act and Oil for Food<br />
Investigations. April 8, 2011. Available<br />
at http://www.justice.gov/opa/pr/2011/<br />
April/11-crm-446.html<br />
5 Available at http://oig.hhs.gov/oei/reports/<br />
oei-01-08-00510.pdf<br />
HCCA has stepped<br />
up our environmental<br />
responsibility by printing<br />
<strong>Compliance</strong> Today<br />
on recycled paper. The<br />
interior pages are now printed on<br />
paper manufactured with 100% postconsumer<br />
waste. The cover stock is<br />
made up <strong>of</strong> 10% post-consumer waste<br />
and is locally produced in Minnesota<br />
near our printing facility. In addition,<br />
<strong>the</strong> energy used to produce <strong>the</strong> paper<br />
is 100% renewable energy. This is not<br />
to mention that <strong>the</strong> ink used in our<br />
magazine is 100% soy-based water<br />
soluble ink. Certifications for <strong>the</strong><br />
paper include The Forest Stewardship<br />
Council (FSC), Sustainable Forestry<br />
Initiative (SFI), and Green-e.org.<br />
7<br />
<strong>December</strong> 2011
<strong>December</strong> 2011<br />
8<br />
Mail call: How<br />
to respond to<br />
a regulatory<br />
investigation<br />
Editor’s note: K Royal is <strong>the</strong> Privacy<br />
and Security Officer with Concentra<br />
in Addison, Texas. She may be<br />
contacted at 972/725-6675 or by<br />
e-mail at k_royal@concentra.com.<br />
In this ever-increasing culture<br />
<strong>of</strong> compliance and oversight,<br />
we are starting to see more<br />
investigations and audits occur, as<br />
evidenced by <strong>the</strong> US Department<br />
<strong>of</strong> <strong>Health</strong> and Human Services<br />
award <strong>of</strong> a $9.2 million contract<br />
to KPMG LLP to conduct audits<br />
<strong>of</strong> 150 entities in 2012. Section<br />
13411 <strong>of</strong> <strong>the</strong> HITECH Act <strong>of</strong><br />
2009 requires periodic audits <strong>of</strong><br />
covered entities and business associates<br />
to evaluate <strong>the</strong>ir HIPAA<br />
security compliance. The penalties<br />
increased from $100 a day to<br />
$50,000 a day for not correctly<br />
implementing <strong>the</strong> HIPAA Security<br />
Rule’s required Administrative,<br />
Physical, and Technical Safeguards<br />
(45 C.F.R. 164.308, 310,<br />
and 312) and Organizational<br />
Requirements, Policies and<br />
Procedures and Documentation<br />
(45 C.F.R. 164.314 and 316).<br />
By working through a simple scenario,<br />
this brief article will cover<br />
By K Royal, RN, JD, CIPP<br />
some basic material regarding a<br />
privacy and security investigation,<br />
but it is generally applicable to<br />
any regulatory investigation.<br />
Complaint notification letter<br />
A variety <strong>of</strong> authorities, such as <strong>the</strong><br />
Office <strong>of</strong> Civil Rights (OCR), state<br />
licensing division, or a consumer<br />
protection <strong>of</strong>fice may send out<br />
complaint notification letters. This<br />
can be a little intimidating at first,<br />
but it is not pro<strong>of</strong> that you have<br />
done anything wrong. It is typically<br />
a notification that an individual has<br />
launched a complaint and <strong>the</strong> agency<br />
is looking for more information,<br />
because <strong>the</strong>y cannot dismiss <strong>the</strong><br />
complaint based on <strong>the</strong> information<br />
<strong>the</strong>y have. For <strong>the</strong> convenience <strong>of</strong><br />
both reader and writer, we’ll use <strong>the</strong><br />
OCR in its general representation<br />
<strong>of</strong> any regulatory agency that might<br />
issue such a letter. Please know that<br />
agencies receive many more complaints<br />
than those upon which <strong>the</strong>y<br />
issue notification letters.<br />
OCR letters will generally tell you<br />
<strong>the</strong> location <strong>of</strong> <strong>the</strong> facility <strong>the</strong> complaint<br />
is lodged against, <strong>the</strong> date <strong>of</strong><br />
<strong>the</strong> alleged occurrence, <strong>the</strong> person<br />
making <strong>the</strong> complaint (and <strong>the</strong><br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
patient, if different), and <strong>the</strong> rule<br />
that was allegedly violated. This<br />
does not mean you have violated<br />
this rule; it means someone thinks<br />
you have and <strong>the</strong> OCR cannot<br />
discount it immediately. OCR<br />
receives some complaints that do<br />
not violate HIPAA. For example,<br />
OCR may receive a complaint<br />
from a patient who is dissatisfied<br />
with <strong>the</strong> quality <strong>of</strong> medical care<br />
he received. This is not a HIPAA<br />
concern, so OCR would not<br />
investigate this allegation. With<br />
<strong>the</strong> number <strong>of</strong> complaints that<br />
come in, depending on <strong>the</strong> allegation,<br />
you may be receiving <strong>the</strong><br />
notification letter a year after <strong>the</strong><br />
incident allegedly happened. For<br />
critical patient rights, such as a<br />
denial <strong>of</strong> <strong>the</strong> right to access, a fast<br />
track review process occurs and <strong>the</strong><br />
notification letter would be sent<br />
within a couple <strong>of</strong> weeks.<br />
Scenario:<br />
In August, 2011, you receive<br />
a letter from OCR stating<br />
that patient Jane Smith filed a<br />
complaint with <strong>the</strong>ir <strong>of</strong>fice July<br />
15, 2010. She believes that you<br />
violated <strong>the</strong> Privacy Rule by<br />
impermissibly disclosing her protected<br />
health information (PHI)<br />
to a member <strong>of</strong> <strong>the</strong> public. OCR<br />
asks that you provide information<br />
about this occurrence.<br />
Starting <strong>the</strong> investigation<br />
Initial actions<br />
First, do not get defensive. This<br />
is an opportunity to present your
side and show that proper actions<br />
were taken and correct procedures<br />
are in place.<br />
At <strong>the</strong> end <strong>of</strong> <strong>the</strong> letter, OCR<br />
includes <strong>the</strong> name and contact<br />
information for <strong>the</strong> investigator<br />
assigned to <strong>the</strong> case. Call <strong>the</strong><br />
investigator. You should cover at<br />
least three main areas:<br />
n Let <strong>the</strong> investigator know that<br />
you have <strong>the</strong> letter, are starting<br />
<strong>the</strong> investigation, and whe<strong>the</strong>r<br />
you think you need to pull<br />
records from <strong>of</strong>f-site storage.<br />
n Make sure to determine how<br />
<strong>the</strong> investigator would like to<br />
receive your response: fax, mail,<br />
or e-mail. We will cover <strong>the</strong>se<br />
methods below.<br />
n Ask for more details on <strong>the</strong><br />
complaint. Typically, <strong>the</strong>y will<br />
read you <strong>the</strong> actual letter. By<br />
doing this, you obtain this<br />
fur<strong>the</strong>r information. In our<br />
example scenario:<br />
“On July 12, 2010, XYZ <strong>of</strong>fice<br />
faxed my medical record to<br />
<strong>the</strong> wrong fax number. They<br />
were supposed to send it to <strong>the</strong><br />
person preparing my disability<br />
application. They did not get this<br />
information back and did not<br />
send me a written notification.”<br />
With this more detailed information,<br />
you are armed to start <strong>the</strong><br />
investigation. Locate <strong>the</strong> patient<br />
record and start collecting all<br />
data on <strong>the</strong> event. According to<br />
<strong>the</strong> records, <strong>the</strong> patient requested<br />
that you fax certain records<br />
to an individual. The patient<br />
completed an authorization to<br />
disclose records, including <strong>the</strong><br />
fax number. Your employee used<br />
a fax cover sheet that was appropriately<br />
addressed and included<br />
a disclaimer addressing if <strong>the</strong> fax<br />
was sent it error, etc. Attached<br />
to it is a fax confirmation sheet<br />
for <strong>the</strong> day after <strong>the</strong> call was<br />
made, to a fax number that was<br />
one digit <strong>of</strong>f. Taped to that is<br />
a phone memo note, stating<br />
that <strong>the</strong> patient called. Last is<br />
an Accounting <strong>of</strong> Disclosure<br />
form in <strong>the</strong> chart, capturing <strong>the</strong><br />
event. The patient stated that <strong>the</strong><br />
individual did not receive <strong>the</strong><br />
fax. Apparently, <strong>the</strong> patient had<br />
provided <strong>the</strong> wrong number, so<br />
once <strong>the</strong> number was verified,<br />
<strong>the</strong> fax was sent to <strong>the</strong> correct<br />
number and confirmed received<br />
correctly. Ano<strong>the</strong>r fax was sent to<br />
<strong>the</strong> wrong number stating that<br />
a record was faxed in error, and<br />
to please contact <strong>the</strong> <strong>of</strong>fice and<br />
confirm that <strong>the</strong> information was<br />
shredded.<br />
Then check <strong>the</strong> records that were<br />
faxed. In this scenario, <strong>the</strong> Social<br />
Security number was abbreviated<br />
to <strong>the</strong> last four digits; no date<br />
<strong>of</strong> birth or address was filled<br />
in; and only <strong>the</strong> patient name<br />
and medical information (Note:<br />
nothing about drugs, contagious<br />
diseases, or psychological concerns/notes)<br />
and physician <strong>of</strong>fice<br />
information could be seen.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
Policies<br />
Pull your policies that apply to privacy.<br />
Make sure to include policies<br />
addressing <strong>the</strong>se elements: general<br />
privacy protections, authorizations,<br />
disclosures, fax communications,<br />
violations, and/or breaches, and risk<br />
assessment <strong>of</strong> potential breaches.<br />
Review <strong>the</strong> applicable policies and<br />
verify that <strong>the</strong> policies were followed.<br />
If you notice a provision <strong>of</strong><br />
<strong>the</strong> policies that should be improved<br />
upon in light <strong>of</strong> this occurrence,<br />
consider making that change.<br />
If you do not have policies that<br />
cover <strong>the</strong>se elements, you need to<br />
develop <strong>the</strong>m. This can be done as<br />
segments <strong>of</strong> a larger overall policy<br />
or broken into discrete policies<br />
for <strong>the</strong> various HIPAA sections.<br />
Additionally, documentation is<br />
critical. Defending an allegation<br />
made weeks, months, or years<br />
later is challenging enough,<br />
without having a clear paper trail<br />
to follow.<br />
In this scenario, it appears that<br />
<strong>the</strong> disclosure was made pursuant<br />
to a proper authorization for<br />
disclosure in reliance on <strong>the</strong> fax<br />
number provided by <strong>the</strong> patient,<br />
which was written by <strong>the</strong> patient<br />
on <strong>the</strong> authorization. The patient<br />
was aware <strong>of</strong> <strong>the</strong> disclosure per<br />
<strong>the</strong> phone call notes. There was a<br />
disclosure log entry and attempt<br />
to mitigate <strong>the</strong> breach. Last, a<br />
review <strong>of</strong> <strong>the</strong> disclosure demonstrates<br />
little risk <strong>of</strong> financial<br />
Continued on page 10<br />
9<br />
<strong>December</strong> 2011
Mail call: How to respond to a regulatory investigation ...continued from page 9<br />
<strong>December</strong> 2011<br />
10<br />
harm. There is potentially a risk<br />
for reputational harm, but if <strong>the</strong>re<br />
is nothing truly sensitive in <strong>the</strong><br />
medical information, it is likely<br />
not a significant risk <strong>of</strong> harm. If<br />
you need to contact <strong>the</strong> patient<br />
for any reason, such as to <strong>of</strong>fer<br />
credit monitoring, verify that <strong>the</strong><br />
investigator has no objection to<br />
you doing so.<br />
Response<br />
Look at what <strong>the</strong> notification<br />
letter asks you to provide and<br />
<strong>the</strong> due date. Write a clear letter<br />
that includes <strong>the</strong> case reference<br />
number, provides a succinct<br />
description <strong>of</strong> <strong>the</strong> occurrence,<br />
and whe<strong>the</strong>r you agree with <strong>the</strong><br />
allegation. List <strong>the</strong> documents you<br />
are sending in support <strong>of</strong> your<br />
response and include <strong>the</strong>m in a<br />
well-ordered attachment. These<br />
attachments should include copies<br />
<strong>of</strong> <strong>the</strong> authorization form, both<br />
fax cover sheets and confirmation<br />
sheets, <strong>the</strong> phone note, disclosure<br />
log, and applicable policies.<br />
Also, make an entry in <strong>the</strong> new<br />
disclosure log in <strong>the</strong> file related<br />
to sharing PHI in response to an<br />
agency investigation and make a<br />
copy <strong>of</strong> <strong>the</strong> submission for your<br />
records. If for some reason you<br />
cannot submit <strong>the</strong> response in a<br />
timely fashion, you must contact<br />
<strong>the</strong> investigator and ask for an<br />
extension <strong>of</strong> time.<br />
If you identified any actions you<br />
need to take or policies that need<br />
to be adopted or revised, ei<strong>the</strong>r<br />
do so and send pro<strong>of</strong> or indicate<br />
what you have done and provide a<br />
date for anticipated completion. It<br />
is likely that OCR will want to see<br />
<strong>the</strong> items completed.<br />
Once you have completed your<br />
response, let <strong>the</strong> investigator know<br />
that it is being sent and reiterate<br />
<strong>the</strong> delivery method as determined<br />
in <strong>the</strong> earlier conversation.<br />
E-mail: If sending by e-mail, <strong>the</strong><br />
e-mail should be encrypted. Do<br />
not put <strong>the</strong> patient name in <strong>the</strong><br />
subject line, but <strong>the</strong> reference<br />
number is a convenient indicator.<br />
If you do not have an e-mail<br />
encryption system, <strong>the</strong>re are<br />
several free zip technologies that<br />
enable attachments to be zipped<br />
and encrypted. Again, when <strong>the</strong><br />
file is zipped, <strong>the</strong> patient name<br />
should not be <strong>the</strong> file name, but<br />
<strong>the</strong> reference number works fine<br />
with <strong>the</strong> patient’s last name as<br />
<strong>the</strong> password. Please note that<br />
password-protected only files are<br />
not encrypted—only <strong>the</strong> zipped<br />
and encrypted files. If you use<br />
<strong>the</strong> patient’s last name as <strong>the</strong><br />
password, <strong>the</strong>n in <strong>the</strong> e-mail, you<br />
can indicate that <strong>the</strong> attached<br />
file’s password is <strong>the</strong> patient’s last<br />
name and <strong>the</strong> investigator can<br />
look up <strong>the</strong> name by <strong>the</strong> reference<br />
number. O<strong>the</strong>rwise, <strong>the</strong> password<br />
should be sent in a separate e-mail<br />
or provided over <strong>the</strong> phone.<br />
Fax: If sending <strong>the</strong> file by fax,<br />
please confirm <strong>the</strong> fax number<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
and use a confirmation sheet.<br />
Once sent, check <strong>the</strong> fax number<br />
against <strong>the</strong> confirmation.<br />
Mail: If sending by mail, use a<br />
mail service that <strong>of</strong>fers delivery<br />
confirmation with a signature.<br />
This may cost a little more, but<br />
<strong>the</strong> peace <strong>of</strong> mind and pro<strong>of</strong> <strong>of</strong><br />
delivery is priceless.<br />
Final determination<br />
Now all you can do is wait for<br />
fur<strong>the</strong>r contact. There are four<br />
responses you may get back:<br />
n No regulatory action taken<br />
(which can mean ei<strong>the</strong>r no violation<br />
or voluntary compliance)<br />
n Request for more information<br />
n Completion <strong>of</strong> identified<br />
actions<br />
n Regulatory action in <strong>the</strong> form<br />
<strong>of</strong> a violation found with or<br />
without a penalty<br />
If <strong>the</strong> investigator asks for more<br />
information, provide that in a<br />
timely manner. If <strong>the</strong> investigator<br />
asks for pro<strong>of</strong> <strong>of</strong> completion <strong>of</strong><br />
an action you identified in your<br />
response, ei<strong>the</strong>r provide it, if completed,<br />
or discuss with <strong>the</strong> investigator<br />
your time frames and plans<br />
for completion. You may have a<br />
constraint around policy adoption,<br />
implementation, or training.<br />
Additionally, <strong>the</strong> investigator<br />
may require you to take some<br />
action, such as revising a form or<br />
policy. If so, you should clarify <strong>the</strong><br />
rationale behind this request and<br />
which rule mandates this action.
If you disagree with <strong>the</strong> requested<br />
action, you can <strong>of</strong>fer a counter<br />
solution. The agency will consider<br />
<strong>the</strong> counter and provide explanations<br />
if it is unacceptable, as<br />
long as <strong>the</strong> requirements and <strong>the</strong><br />
patient’s interests are met. If you<br />
receive a notice <strong>of</strong> violation, you<br />
will also be provided <strong>the</strong> mechanism<br />
to appeal <strong>the</strong> decision.<br />
Determinations may take some<br />
time, but if two months have<br />
passed without receiving a letter,<br />
you should contact <strong>the</strong> investigator.<br />
The letter may have been<br />
misdirected.<br />
Additional considerations<br />
In some instances, patients may file<br />
complaints with multiple agencies,<br />
ei<strong>the</strong>r concurrently or after<br />
receiving notice that you were not<br />
penalized. You may be required<br />
to undergo this process with a<br />
state agency and this is when your<br />
meticulous record-keeping will<br />
be helpful once again. You can<br />
provide copies <strong>of</strong> your response<br />
to OCR to <strong>the</strong> state agency and<br />
OCR’s final determination if it<br />
has been received, especially if <strong>the</strong><br />
determination was no violation.<br />
Under HIPAA, <strong>the</strong>re is typically<br />
nothing wrong with allowing a<br />
state oversight agency to have<br />
access to patient records—however,<br />
<strong>the</strong>re is also nothing wrong<br />
with requesting it to be in writing.<br />
You should be clear with <strong>the</strong><br />
agency that you are not opposing<br />
<strong>the</strong>ir right, but that you need<br />
something in writing so that you<br />
have a record <strong>of</strong> <strong>the</strong> disclosure,<br />
when, why, how, etc. Discuss with<br />
<strong>the</strong> agency what <strong>the</strong>y require to<br />
conduct <strong>the</strong>ir investigation and<br />
provide <strong>the</strong> minimum necessary,<br />
but if <strong>the</strong>y require <strong>the</strong> full chart,<br />
<strong>the</strong>n provide <strong>the</strong> full chart. Once<br />
again, make an entry in <strong>the</strong> disclosure<br />
log for <strong>the</strong> file and document,<br />
document, document.<br />
Conclusion<br />
Any investigation is likely to<br />
produce a fair amount <strong>of</strong> consternation<br />
and worry. However,<br />
with proper procedures in<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
place, responding to a request<br />
from a regulatory agency can<br />
be merely a matter <strong>of</strong> compiling<br />
<strong>the</strong> documents, providing<br />
appropriate information, and<br />
communicating clearly with <strong>the</strong><br />
investigator. Regulators are not<br />
our enemy; <strong>the</strong>y are <strong>the</strong> fact<br />
finders <strong>of</strong> whe<strong>the</strong>r <strong>the</strong> rules are<br />
being followed. They are <strong>the</strong>re<br />
to ensure that patients’ rights are<br />
protected, and most entities do<br />
not deliberately set out to purposefully<br />
violate those rights. n<br />
Help keep your program fully staffed<br />
List Your Job Openings<br />
Online with HCCA<br />
Basic Classified Ads<br />
Our basic ads are listed on<br />
our website for 90 days and<br />
cost just $400 per position. In<br />
addition, for each month you<br />
advertise with us, your listing<br />
is included in our monthly<br />
HCCA Jobs Newsletter, which<br />
we send out to over 24,000<br />
email addresses.<br />
Premium Listings<br />
Want to make sure your job<br />
listing gets noticed first Try a<br />
premium listing. For just $100<br />
more, your job listing is placed<br />
in <strong>the</strong> top section <strong>of</strong> <strong>the</strong> site,<br />
and it is also featured in <strong>the</strong><br />
top section <strong>of</strong> <strong>the</strong> newsletter,<br />
making it stand out.<br />
LIST MY JOB OPENING:<br />
hcca-info.org/newjobs<br />
HCCA_JobBoard_thirdpagead_2c.indd 1<br />
11<br />
11/14/2011 4:41:34 PM<br />
<strong>December</strong> 2011
HCCAnet<br />
HCCAnet is <strong>the</strong> most comprehensive<br />
social network for health<br />
care compliance pr<strong>of</strong>essionals.<br />
Subscribe to dozens <strong>of</strong> discussion<br />
groups and get your compliance<br />
questions answered. Offer your<br />
experience with your colleagues.<br />
Share your resources and policies<br />
in <strong>the</strong> libraries.<br />
Resources<br />
n Creating a <strong>Compliance</strong> Plan<br />
o Posted in: <strong>Compliance</strong> and<br />
Ethics Main Library at<br />
http://bit.ly/complianceplan<br />
n <strong>Compliance</strong> Audit Review Plan<br />
o Posted in: <strong>Compliance</strong> and<br />
Ethics Main Library at<br />
http://bit.ly/auditreviewplan<br />
n <strong>Compliance</strong> Newsletter<br />
Example<br />
o Posted in: <strong>Health</strong> <strong>Care</strong><br />
Library at http://bit.ly/<br />
compliancenewsletter<br />
Mobile App<br />
n Search for Mobile Membership<br />
Look for <strong>the</strong> logo<br />
n Download app, <strong>the</strong>n search for<br />
HCCAnet<br />
Read some <strong>of</strong> <strong>the</strong> latest<br />
HCCAnet discussions:<br />
Chief C&E Officer <strong>Health</strong> <strong>Care</strong> Network<br />
n Pharma, Docs, and Conflicts <strong>of</strong> Interest<br />
o Interesting article about how pharma reps try to manipulate<br />
doctors, written by Dan Ariely, Duke University Pr<strong>of</strong>essor and<br />
author <strong>of</strong> Predictably Irrational (http://www.wired.co.uk/magazine/<br />
archive/2011/11/ideas-bank/dan-ariely)<br />
One highlight: It was interesting to see how well <strong>the</strong>se reps employed<br />
classic persuasion strategies. One tactic was to hire doctors to lecture<br />
o<strong>the</strong>r practitioners about a drug. The reps weren’t interested in what<br />
<strong>the</strong> audience took from <strong>the</strong> talk, but in <strong>the</strong> effects on <strong>the</strong> speaker<br />
himself. They found that after giving an address about a drug’s<br />
benefits, <strong>the</strong> speaker would begin to believe his own speech and<br />
prescribe accordingly.<br />
n http://bit.ly/pharmapost<br />
Hospital Network<br />
n Texting compliance<br />
o We are re-looking at texting communication with health care<br />
providers such as texting <strong>of</strong> orders by physicians to nurses on<br />
private cell phones. I am against this for several reasons; however,<br />
our physicians feel this is an evolving and convenient form <strong>of</strong><br />
communication. Is <strong>the</strong>re anyone who is willing to share how you<br />
are handling this issue, and any policies that address this form <strong>of</strong><br />
communication Thank you.<br />
n http://bit.ly/textinghc<br />
HIPAA: <strong>Health</strong> Insurance Portability and Accountability Act Forum<br />
n Elevator Incident<br />
o An elevator closed early and struck a patient. There is a video <strong>of</strong> <strong>the</strong><br />
incident and <strong>the</strong> elevator repair company would like to review this.<br />
No audio and no o<strong>the</strong>r PHI is available—only <strong>the</strong> image <strong>of</strong> <strong>the</strong><br />
patient. Is it permissible to allow <strong>the</strong> repair company to view <strong>the</strong><br />
video as long as <strong>the</strong> patient is not identified in any o<strong>the</strong>r manner My<br />
gut says yes, but I have some doubt... (Note: this question pertains<br />
only to <strong>the</strong> privacy piece, not any o<strong>the</strong>r legal ramifications.)<br />
n http://bit.ly/elevatorincident<br />
<strong>December</strong> 2011<br />
12<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org
n Starting from Scratch<br />
o I just returned from <strong>the</strong> Philadelphia conference<br />
for Physician’s Practice <strong>Compliance</strong><br />
Conference and am now faced with what<br />
seems to be <strong>the</strong> daunting task <strong>of</strong> drafting <strong>the</strong><br />
initial compliance agreement and would very<br />
much appreciate any templates, examples,<br />
etc., anyone could share with me. It seems<br />
a little overwhelming to start from scratch.<br />
Would appreciate anything you have.<br />
n http://bit.ly/compliancescratch<br />
<strong>Health</strong>care Billing and Reimbursement<br />
Group<br />
n Facility Fees<br />
o For differing hospital clinics, may <strong>the</strong> facility<br />
fees differ for <strong>the</strong> same visit code<br />
n http://bit.ly/facilityfees<br />
Contact Eric Newman at 952-405-7938, or<br />
e-mail Eric at eric.newman@hcca-info.org<br />
with any questions about HCCAnet. Also,<br />
ask Eric about <strong>the</strong> new HCCAnet mobile<br />
app for <strong>the</strong> iPhone, Blackberry, and Android<br />
devices.<br />
HCCA Website News<br />
Upcoming Webinars<br />
Many different webinars are coming up on a variety<br />
<strong>of</strong> compelling compliance topics. You may register<br />
online for any or all <strong>of</strong> <strong>the</strong> upcoming live webinars;<br />
and you can view past webinar at www.hcca-info.org/<br />
webconferences<br />
2012 <strong>Compliance</strong> Institute Preliminary Brochure<br />
The 2012 <strong>Compliance</strong> Institute is coming up fast.<br />
Take a look at <strong>the</strong> Preliminary Brochure to see which<br />
speakers and sessions will be in Las Vegas next April<br />
at www.hcca-info.org/CIbrochure<br />
Viewing your CEUs online<br />
Don’t get stressed out about your certification renewal<br />
date at <strong>the</strong> last minute. Stay on top <strong>of</strong> your CEUs,<br />
and make sure <strong>the</strong>y are all listed in your account.<br />
To view <strong>the</strong>m, go to “Member Center” and <strong>the</strong>n<br />
“Update My Info,” <strong>the</strong>n click on “Activities” and<br />
“CEUs”<br />
Gift Giving Policy<br />
With Christmas just around <strong>the</strong> corner, giving and<br />
receiving gifts is on our minds. Take a look at <strong>the</strong><br />
HCCA/SCCE Survey on Corporate Gifts & Entertainment<br />
Policies at www.hcca-info.org/GiftsSurvey<br />
OIG <strong>Compliance</strong> Program Guidance<br />
The Office <strong>of</strong> Inspector General developed compliance<br />
program guidance for different segments <strong>of</strong> <strong>the</strong><br />
health care industry (e.g., hospital, nursing home,<br />
clinical lab, third-party billers). Take a look at your<br />
industry’s program under <strong>Compliance</strong> Info, <strong>the</strong>n go<br />
to external links at www.hcca-info.org/guidancedoc<br />
Contact Tracey Page at 952-405-7936, or e-mail<br />
Tracey at tracey.page@hcca-info.org with any questions<br />
about <strong>the</strong> HCCA website.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
<strong>December</strong> 2011<br />
13
feature<br />
article<br />
Meet Mary Dunaway<br />
Hospital Revenue Cycle <strong>Compliance</strong> Director,<br />
University <strong>of</strong> Arizona <strong>Health</strong> Network<br />
<strong>December</strong> 2011<br />
14<br />
Editor’s note: This interview with<br />
Mary Dunaway was conducted in<br />
<strong>the</strong> fall by HCCA CEO Roy Snell.<br />
Roy may be contacted by e-mail at<br />
roy.snell@hcca-info.org and Mary<br />
may be contacted by e-mail at<br />
Mary.Dunaway@uahealth.com.<br />
RS: Please share a little bit about<br />
your pr<strong>of</strong>essional background<br />
and your work at University <strong>of</strong><br />
Arizona <strong>Health</strong> Network.<br />
MD: I have worked in health<br />
care for over 30 years. Upon<br />
graduating from nursing school,<br />
I worked for short stints in<br />
acute medical and pediatric<br />
hospital units. As my nursing<br />
skills improved, I moved into<br />
critical care nursing, where I<br />
quickly developed an interest in<br />
newly emerging technological<br />
advancements in cardiac care.<br />
Then in <strong>the</strong> late 1980s, I unexpectedly<br />
stumbled into health<br />
care auditing work when given<br />
an opportunity to learn hospital<br />
insurance counter auditing<br />
(i.e., substantiating <strong>the</strong> services<br />
hospitals provide<br />
patients). Shortly<br />
<strong>the</strong>reafter, a physician<br />
practice<br />
administrator<br />
with University<br />
Physicians asked<br />
if a similar methodology<br />
could be<br />
applied to pr<strong>of</strong>essional<br />
service<br />
claims, thus<br />
beginning my foray into health<br />
care coding and compliance.<br />
Over <strong>the</strong> years, I have been<br />
afforded many opportunities<br />
to advance my skills in coding,<br />
revenue cycle management, and<br />
compliance on behalf <strong>of</strong> both <strong>the</strong><br />
University Physician’s (practice<br />
plan) and University Medical<br />
Center (hospital). Just over one<br />
year ago, both organizations<br />
merged, recently adopting <strong>the</strong><br />
name “University <strong>of</strong> Arizona<br />
<strong>Health</strong> Network.” The newly<br />
formed health system includes<br />
two hospitals, a behavioral health<br />
facility, numerous clinics, a<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
health plan, and approximately<br />
6,000 employees.<br />
RS: Mary, please tell us how<br />
you first became involved in <strong>the</strong><br />
<strong>Compliance</strong> pr<strong>of</strong>ession.<br />
MD: In <strong>the</strong> early to mid 1990s,<br />
<strong>the</strong> CFO with University<br />
Physicians <strong>of</strong>fered me an opportunity<br />
to develop an internal<br />
audit program. The program was<br />
initially developed to evaluate<br />
and streng<strong>the</strong>n organizational<br />
processes and procedures from<br />
appointment scheduling through<br />
payment reconciliation. As it<br />
turned out, <strong>the</strong> foresight <strong>of</strong> <strong>the</strong>
CFO was particularly timely<br />
in light <strong>of</strong> impending regulatory<br />
scrutiny. Academic medical<br />
centers were among <strong>the</strong> first<br />
to experience such scrutiny, as<br />
adherence to Medicare Teaching<br />
Physician rules (PATH) was put<br />
under <strong>the</strong> microscope.<br />
RS: What do you remember <strong>of</strong><br />
<strong>the</strong> fatefull call you and I had<br />
and <strong>the</strong> subsequent meeting held<br />
as part <strong>of</strong> <strong>the</strong> AGMA conference<br />
that eventually led to <strong>the</strong> establishment<br />
<strong>of</strong> HCCA<br />
MD: Mostly, I remember how<br />
timely <strong>the</strong> first call was. The<br />
AGMA conference set <strong>the</strong> stage<br />
for networking opportunities as<br />
academic medical centers shared<br />
<strong>the</strong>ir early experiences with regulatory<br />
enforcement activities and<br />
<strong>the</strong> early development <strong>of</strong> compliance<br />
and education programs. The<br />
collective experience and perspective<br />
that you, Brent Saunders, Ed<br />
Longozel, Lisa Murtha, Debbie<br />
Troklus, <strong>the</strong> Russos, and o<strong>the</strong>rs<br />
openly shared helped organizations<br />
shift away from a reactive<br />
to a proactive solution-based<br />
approach. As you may recall,<br />
following <strong>the</strong> AGMA conference,<br />
several meetings were held<br />
with CMS <strong>of</strong>ficials and academic<br />
medical centers to clarify <strong>the</strong><br />
Teaching Physician rules. These<br />
meetings were instrumental in<br />
clarifying documentation requirements<br />
and subsequently paved <strong>the</strong><br />
way for future dialogue with o<strong>the</strong>r<br />
governmental agencies.<br />
RS: Please tell us how <strong>the</strong><br />
<strong>Compliance</strong> pr<strong>of</strong>ession has<br />
changed over <strong>the</strong> past 16 years.<br />
MD: Early compliance programs<br />
raised organizational awareness<br />
and laid <strong>the</strong> ground work for<br />
current programs. In addition to<br />
implementing effective compliance<br />
program elements (as per<br />
OIG recommendations), compliance<br />
efforts seemed to primarily<br />
focus on areas <strong>of</strong> financial risk or<br />
vulnerability in response to regulatory<br />
enforcement (e.g., coding,<br />
billing, Teaching Physician rules,<br />
Stark and anti-kickback legislation,<br />
etc.). With <strong>the</strong> emergence<br />
<strong>of</strong> data mining technologies and<br />
integrated/complex organizational<br />
structures, <strong>the</strong>se areas remain<br />
high on <strong>the</strong> priority list. O<strong>the</strong>r,<br />
equally important, priorities have<br />
subsequently emerged as well.<br />
Privacy and security regulations,<br />
coupled with advancements in<br />
medical technologies, telecommunications,<br />
and <strong>the</strong> use <strong>of</strong><br />
electronic health records has<br />
necessitated changes in compliance<br />
programs. Recent trends also<br />
include integrating quality-<strong>of</strong>-care<br />
initiatives with compliance activities,<br />
as care standards, metrics,<br />
and outcomes impact third-party<br />
payer contracts and payments. It<br />
is not uncommon for large health<br />
systems to employ numerous<br />
compliance pr<strong>of</strong>essionals who<br />
have a broad spectrum <strong>of</strong> skill<br />
sets, to provide <strong>the</strong> necessary oversight<br />
in today’s quick-changing<br />
regulatory landscape.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
RS: Would you say that HCCA<br />
has helped in <strong>the</strong>se changes and,<br />
if <strong>the</strong> answer is “yes,” how<br />
MD: Absolutely, HCCA has been<br />
and remains an invaluable resource<br />
for health care compliance pr<strong>of</strong>essionals.<br />
The association provides a<br />
wealth <strong>of</strong> information for compliance<br />
pr<strong>of</strong>essionals at any level <strong>of</strong><br />
development. Access to sample<br />
policies, templates, PowerPoint<br />
presentations, regulatory<br />
documents, and educational opportunities<br />
is very helpful. Membership<br />
lists and social networking sites<br />
make it easy for compliance pr<strong>of</strong>essionals<br />
to make connections and<br />
learn from one ano<strong>the</strong>r.<br />
RS: You regularly attended<br />
HCCA’s annual <strong>Compliance</strong><br />
Institute. Please tell us why.<br />
MD: The annual <strong>Compliance</strong><br />
Institute is like a “big box store”<br />
for compliance pr<strong>of</strong>essionals.<br />
The Institute affords compliance<br />
pr<strong>of</strong>essionals an opportunity to<br />
access a wide variety <strong>of</strong> regulatory,<br />
enforcement, program development,<br />
problem resolution, and<br />
system support information that<br />
is both relevant and timely. The<br />
program content is applicable to<br />
all aspects <strong>of</strong> health care. Most<br />
notably, it is <strong>the</strong> one event that<br />
brings toge<strong>the</strong>r a broad spectrum<br />
<strong>of</strong> compliance experts, both<br />
within and outside <strong>the</strong> health<br />
care field (e.g., government, legal,<br />
health care institution, finance,<br />
o<strong>the</strong>r industry experts).<br />
Continued on page 16<br />
<strong>December</strong> 2011<br />
15
Meet Mary Dunaway, Hospital Revenue Cycle <strong>Compliance</strong> Director, University <strong>of</strong> Arizona <strong>Health</strong> Network<br />
...continued from page 15<br />
<strong>December</strong> 2011<br />
16<br />
RS: If you received a call today<br />
from someone just starting out in<br />
<strong>the</strong> <strong>Compliance</strong> pr<strong>of</strong>ession, what<br />
advice and recommendations<br />
would you <strong>of</strong>fer him or her<br />
MD: Definitely connect with<br />
<strong>the</strong> HCCA and, if at all possible,<br />
attend a <strong>Compliance</strong> Institute. It<br />
is a terrific venue to learn about<br />
compliance, hear about trending<br />
topics from government agency<br />
perspectives and experts in <strong>the</strong><br />
field, network with o<strong>the</strong>r compliance<br />
pr<strong>of</strong>essionals, and preview<br />
vendor products and tools.<br />
RS: How does HCCA best<br />
support <strong>the</strong> work you are doing<br />
and what could HCCA be doing<br />
to support your work and <strong>the</strong><br />
pr<strong>of</strong>ession even more<br />
MD: HCCA provides exceptional<br />
program development and compliance<br />
education opportunities,<br />
covering a broad spectrum <strong>of</strong><br />
health care entities. The website<br />
is easy to navigate and provides<br />
quick access to regulatory<br />
resource information, compliance<br />
documents, templates, members,<br />
and social networking sites. I<br />
am especially appreciative <strong>of</strong> <strong>the</strong><br />
PowerPoint presentations, educational<br />
materials, and sample<br />
documents that can readily be<br />
adapted for organizational use. As<br />
a compliance pr<strong>of</strong>essional, I am<br />
always on <strong>the</strong> lookout for tools<br />
and information that can lead<br />
to best practices. HCCA is in a<br />
unique position to help members<br />
maintain relevant and current<br />
compliance programs by continuing<br />
to facilitate <strong>the</strong> exchange<br />
<strong>of</strong> information and material, such<br />
as <strong>the</strong> following:<br />
n Current compliance program<br />
effectiveness benchmarking data<br />
n Updated sample job descriptions<br />
and compliance documents<br />
n Sample metrics, board reports,<br />
and dashboards<br />
n More industry-specific sample<br />
audit tools and data management<br />
solutions<br />
n Member reviews <strong>of</strong> compliance<br />
products and tools (e.g., similar<br />
to Amazon’s five star ratings)<br />
RS: Where do you see<br />
<strong>Compliance</strong> headed in <strong>the</strong> future<br />
MD: I see both regulatory agencies<br />
and compliance programs<br />
being continually challenged<br />
to keep pace with <strong>the</strong> advancements<br />
in health care delivery,<br />
telecommunications, electronic<br />
health records, and payment<br />
systems. The possibilities are<br />
endless for how health care is<br />
delivered as robotics, minimally<br />
invasive surgery, genetic-based<br />
pharmaceuticals, and remote<br />
monitoring technologies (to<br />
name a few) become common<br />
place. Technological advancements<br />
will continue to link health<br />
care providers globally to <strong>the</strong>ir<br />
patients as well as each o<strong>the</strong>r. As<br />
<strong>the</strong> delivery <strong>of</strong> health care changes<br />
and budgets stretch, payment<br />
reforms will continue to be a<br />
priority for governmental and<br />
o<strong>the</strong>r third-party payers.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
RS: What do you enjoy most<br />
about working in <strong>the</strong> health care<br />
compliance industry<br />
MD: I enjoy how dynamic this<br />
industry is as it strives to improve<br />
individuals’ quality <strong>of</strong> life through<br />
advancements in health care.<br />
Every day presents an opportunity<br />
to learn something new and<br />
exciting. Amidst all <strong>the</strong> advancements<br />
in <strong>the</strong> delivery <strong>of</strong> health<br />
care, compliance programs are<br />
also compelled to adapt and grow.<br />
RS: What has been your biggest<br />
challenge over <strong>the</strong> past year<br />
MD: This year has been particularly<br />
challenging as work loads<br />
have shifted and changed in<br />
response to both internal priorities<br />
and <strong>the</strong> expansion <strong>of</strong> regulatory<br />
programs/initiatives. The<br />
compliance program continues<br />
to evolve, change, and mature in<br />
response to <strong>the</strong> needs <strong>of</strong> our newly<br />
integrated health care system.<br />
Simultaneously, it has been necessary<br />
to adapt and change to meet<br />
<strong>the</strong> demands <strong>of</strong> regulatory initiatives,<br />
such as <strong>the</strong> expansion <strong>of</strong><br />
privacy and security regulations,<br />
pay-for-performance/quality-<strong>of</strong>care<br />
initiatives, and Medicare’s<br />
Recovery Audit Contractors<br />
(RACs) and o<strong>the</strong>r third-party<br />
payer audit programs.<br />
RS: What has been your biggest<br />
challenge as a compliance pr<strong>of</strong>essional<br />
and how did you overcome it<br />
MD: <strong>Health</strong> care compliance<br />
programs were unchartered
territory in <strong>the</strong> early years. The<br />
management and resolution <strong>of</strong><br />
problems was <strong>of</strong>ten complicated<br />
by conflicting advice/perspectives<br />
within <strong>the</strong> industry and government.<br />
HCCA was instrumental<br />
in engaging a network <strong>of</strong> industry<br />
and government experts in meaningful<br />
dialogue, practical advice,<br />
and regulatory guidance.<br />
RS: What skills and/or techniques<br />
do you employ to help resolve<br />
potential compliance problems<br />
MD: Approximately 10 years ago,<br />
quality improvement programs<br />
shifted away from looking at<br />
incidents and near misses from<br />
an outcomes-based perspective<br />
to root cause analyses. I find this<br />
methodology particularly useful<br />
when evaluating potential compliance<br />
incidents as well. Ra<strong>the</strong>r<br />
than assigning blame, or focusing<br />
too narrowly on <strong>the</strong> outcome <strong>of</strong><br />
an adverse finding or incident,<br />
<strong>the</strong> goal is to validate <strong>the</strong> problem<br />
and understand <strong>the</strong> root cause<br />
(i.e., what, when, where, why,<br />
how). This approach helps achieve<br />
effective analyses by reducing/<br />
eliminating bias, promoting<br />
objectivity, and facilitating<br />
communication. By drilling down<br />
to <strong>the</strong> root cause <strong>of</strong> a problem, an<br />
effective resolution can be implemented<br />
to correct and prevent<br />
future occurrences.<br />
RS: Mary, tell us what about<br />
your hobbies and what you do to<br />
relax when you’re not at work.<br />
MD: Any opportunity to get<br />
outdoors for a walk, enjoy some<br />
play time with our dog Bo Jangles,<br />
get toge<strong>the</strong>r with friends, or read a<br />
good book tops <strong>the</strong> list <strong>of</strong> favorite<br />
pastimes. Our daughter’s 4-H<br />
horseback riding activities and <strong>the</strong><br />
occasional day trip to local artisan<br />
events also makes for a fun and<br />
relaxing change <strong>of</strong> pace as well.<br />
RS: What is <strong>the</strong> title <strong>of</strong> <strong>the</strong> last<br />
book your read<br />
MD: Most recently I read Cutting<br />
for Stone. n<br />
<strong>Compliance</strong> Today Editorial Board<br />
The following individuals make up <strong>the</strong> <strong>Compliance</strong> Today Editorial Advisory Board:<br />
Gabriel Imperato, Esq,<br />
CHC<br />
CT Contributing Editor<br />
Managing Partner<br />
Broad and Cassel<br />
Ofer Amit<br />
MSEM, CHRC<br />
Research <strong>Compliance</strong><br />
Administrator<br />
Baptist <strong>Health</strong> South Florida<br />
Janice A. Anderson<br />
JD, BSN<br />
Shareholder<br />
Polsinelli Shughart, PC<br />
Christine Bachrach<br />
CHC<br />
Chief <strong>Compliance</strong> Officer<br />
University <strong>of</strong> Maryland<br />
Dorothy DeAngelis<br />
Managing Director<br />
FTI Consulting<br />
Gary W. Herschman<br />
Chair, <strong>Health</strong> and Hospital<br />
Law Practice Group<br />
Sills Cummis & Gross P.C.<br />
David H<strong>of</strong>fman, JD<br />
President<br />
David H<strong>of</strong>fman &<br />
Associates<br />
Richard P. Kusserow<br />
President & CEO<br />
Strategic Management<br />
F. Lisa Murtha, JD<br />
CHC, CHRC<br />
SNR Denton US LLP<br />
Robert H. Oss<strong>of</strong>f, DMD,<br />
MD, CHC, Assistant Vice<br />
Chancellor for <strong>Compliance</strong><br />
and Corporate Integrity<br />
Vanderbilt Medical Center<br />
Jacki Pemrick<br />
Privacy Officer<br />
Mayo Clinic<br />
Deborah Randall, JD<br />
Law Office <strong>of</strong> Deborah<br />
Randall<br />
Emily Rayman<br />
General Counsel and Chief<br />
<strong>Compliance</strong> Officer<br />
Community Memorial<br />
<strong>Health</strong> System<br />
Rita A. Scichilone<br />
MSHA, RHIA, CCS, CCS-P<br />
Director <strong>of</strong> Practice Leadership<br />
American <strong>Health</strong> Information<br />
Management Association<br />
James G. Sheehan, JD<br />
Chief Integrity Officer.<br />
New York City Human<br />
Resources Administration<br />
Lisa Silveria, RN, BSN<br />
Home <strong>Care</strong> <strong>Compliance</strong><br />
Catholic <strong>Health</strong>care West<br />
Jeffrey Sinaiko<br />
President<br />
Sinaiko <strong>Health</strong>care<br />
Consulting, Inc.<br />
Debbie Troklus, CHC-F,<br />
CCEP-F, CHRC, CHPC<br />
Managing Director<br />
Aegis <strong>Compliance</strong> and Ethics<br />
Center<br />
Cheryl Wagonhurst, JD<br />
CCEP, Partner<br />
Law Office <strong>of</strong> Cheryl Wagonhurst<br />
Linda Wolverton, CHC,<br />
CPHQ, CPMSM, CPCS,<br />
CHCQM, LHRM, RHIT<br />
Vice President <strong>Compliance</strong><br />
Team <strong>Health</strong>, Inc.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
<strong>December</strong> 2011<br />
17
ROY sNELL<br />
<strong>December</strong> 2011<br />
18<br />
Change<br />
HCCA and SCCE have had ano<strong>the</strong>r great year. We<br />
have had significant membership growth—HCCA<br />
and SCCE just hit 10,000 members. Our financials<br />
look very good and we are building a reserve that<br />
will help us wea<strong>the</strong>r future challenges.<br />
We have made several improvements to our operations.<br />
We have updated our phone system with a<br />
voiceover IP system that will allow our staff, many<br />
<strong>of</strong> whom travel, to receive <strong>the</strong>ir voicemail via email.<br />
We are updating our website and our membership<br />
database management system. With <strong>the</strong>se changes,<br />
members will be able to move easily between our<br />
social media, <strong>the</strong> website, and <strong>the</strong> membership<br />
database. We have updated <strong>the</strong> magazine and will<br />
be providing more information about <strong>the</strong> compliance<br />
pr<strong>of</strong>ession. We have added new columnists<br />
and improved <strong>the</strong> magazine’s look and feel. The first<br />
redesigned issue <strong>of</strong> HCCA’s <strong>Compliance</strong> Today will<br />
be published this spring.<br />
As we’ve grown we have added new staff. We are able<br />
to dedicate people to tasks ra<strong>the</strong>r than have <strong>the</strong>m be<br />
distracted or diluted by several tasks. We are able to<br />
have staff specialize in certain areas, allowing <strong>the</strong>m to<br />
focus on how to improve <strong>the</strong>ir function. For example,<br />
we now have an individual dedicated specifically<br />
to our website. This staff member is able to spend<br />
more time improving <strong>the</strong> system and studying new<br />
trends in website management.<br />
We also continue to improve our conferences. We<br />
have added conferences, such as <strong>the</strong> new regional<br />
meetings in Houston, Texas and Oakland, California.<br />
We have added Academies to meet <strong>the</strong> growing<br />
demand for those interested in certification. We have<br />
added new technology to our meetings, such as realtime<br />
social media reporting and audience response<br />
technology for audience feedback and polling to our<br />
Advanced Discussion Group track at <strong>the</strong> <strong>Compliance</strong><br />
Institute.<br />
During <strong>the</strong> last Board strategic planning session,<br />
<strong>the</strong> Board focused on social media. We are now one<br />
<strong>of</strong> <strong>the</strong> leading associations in adopting social media<br />
for member networking. In <strong>the</strong> next Board strategic<br />
planning session, <strong>the</strong> Board will focus on new<br />
projects to help compliance pr<strong>of</strong>essionals deal with<br />
<strong>the</strong> stress associated with <strong>the</strong>ir job.<br />
And finally, we are very excited to have our first<br />
few applicants for our advanced certification—<strong>the</strong><br />
Certified in <strong>Health</strong>care <strong>Compliance</strong> Fellowship<br />
(CHC-F). Debbie Troklus and her committee have<br />
been working on certification for over ten years.<br />
They have added a research certification and a<br />
privacy certification in recent years and spend a great<br />
deal <strong>of</strong> time making sure our original certifications<br />
are updated in a timely manner. HCCA and<br />
SCCE now have some <strong>of</strong> <strong>the</strong> most highly regarded<br />
certifications in <strong>the</strong> compliance and ethics<br />
pr<strong>of</strong>ession. n<br />
If you have any questions that you would like Roy to<br />
answer in future columns, please e-mail <strong>the</strong>m to: roy.<br />
snell@hcca-info.org.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org
Social Networking<br />
John Falcetano<br />
Editor’s note: John Falcetano,<br />
CHC-F, CCEP-F, CHRC, CHPC,<br />
CIA is Chief Audit/<strong>Compliance</strong><br />
Officer for University <strong>Health</strong> Systems<br />
<strong>of</strong> Eastern Carolina and Second Vice<br />
President <strong>of</strong> <strong>the</strong> HCCA Board <strong>of</strong><br />
Directors. John may be contacted by<br />
e-mail at jfalcetano@uhseast.com.<br />
Zone Program Integrity Contractor (ZPIC)<br />
One <strong>of</strong> <strong>the</strong> best benefits <strong>of</strong> our social network site is <strong>the</strong><br />
ability for members to discuss a wide range <strong>of</strong> compliance<br />
topics. One topic currently being discussed is <strong>the</strong><br />
Zone Program Integrity Contractor (ZPIC). As many <strong>of</strong><br />
you are aware, <strong>the</strong> Program Safeguard Contractor (PSC)<br />
transitioned to ZPIC. ZPICs do a lot <strong>of</strong> data analysis<br />
and evaluate complaints. They also make referrals to law<br />
enforcement. ZPICs may also support law enforcement<br />
during an investigation.<br />
Some <strong>of</strong> <strong>the</strong> questions asked as part <strong>of</strong> <strong>the</strong> online discussion<br />
include:<br />
n How much time do <strong>the</strong> ZPICs have before <strong>the</strong>y respond<br />
to a claim on audit<br />
n Is anyone using a data analysis s<strong>of</strong>tware product to do<br />
proactive data mining in preparation for ZPICs<br />
Get Connected.<br />
Subscribe to dozens <strong>of</strong> discussion<br />
groups, download hundreds <strong>of</strong><br />
resources, and connect with thousands<br />
<strong>of</strong> compliance pr<strong>of</strong>essionals on<br />
HCCAnet<br />
http://community.hcca-info.org<br />
Start a discussion in <strong>the</strong> HCCA LinkedIn<br />
group<br />
http://www.hcca-info.org/LinkedIn<br />
Follow @hcca_news for <strong>the</strong> latest trends<br />
in health care compliance<br />
http://www.twitter.com/hcca_news<br />
For <strong>the</strong> answers to <strong>the</strong>se questions and o<strong>the</strong>rs, go to <strong>the</strong><br />
HCCA Social Network site. Remember social networking is a<br />
great way to make friends, obtain needed compliance documents,<br />
or just talk with peers. Visit our network and start a<br />
blog or join a discussion group. You will be glad you did.<br />
To participate in <strong>the</strong> discussion, review <strong>the</strong> comments, or<br />
just talk with your peers, you can access <strong>the</strong> HCCA Social<br />
Network site by going to <strong>the</strong> following link: www.hccainfo.org/hccanet<br />
n<br />
Get <strong>the</strong> latest compliance news and<br />
HCCA event information in your<br />
facebook news feed. “Like” that HCCA<br />
facebook page at<br />
http://www.hcca-info.org/Facebook<br />
<strong>December</strong> 2011<br />
19<br />
HCCASocialNetworking_halfpage_301nK_CTad.indd 1 8/31/2011 10:05:0<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org
Exhale<br />
By Shawn DeGroot, CHC-F, CCEP, CHRC<br />
<strong>December</strong> 2011<br />
20<br />
Shawn DeGroot<br />
Editor’s note: Shawn DeGroot,<br />
CHC-F, CCEP, CHRC is Vice<br />
President <strong>of</strong> Corporate Responsibility<br />
at Regional <strong>Health</strong> located in<br />
Rapid City, South Dakota. Shawn<br />
also serves as Vice President <strong>of</strong> <strong>the</strong><br />
HCCA Board <strong>of</strong> Directors. She may<br />
be contacted by e-mail at<br />
SDegroot1@regionalhealth.com.<br />
Exercise a good sense <strong>of</strong><br />
humor<br />
A person with a sense <strong>of</strong> humor<br />
<strong>of</strong>ten lives longer, typically doesn’t<br />
sweat <strong>the</strong> small stuff, and obviously<br />
is comfortable in his own<br />
skin. When I think <strong>of</strong> comedians<br />
in a general sense, one <strong>of</strong> my<br />
favorites is Robin Williams, and<br />
typically a lawyer would not<br />
come to mind; however, Dan<br />
Mulholland, a very seasoned<br />
health care lawyer since 1978,<br />
possesses characteristics <strong>of</strong> an<br />
incredible legalistic mind with a<br />
constant twist <strong>of</strong> humor. Without<br />
hesitation, Dan has <strong>the</strong> ability to<br />
recite <strong>the</strong> exact Code <strong>of</strong> Federal<br />
Regulations, <strong>the</strong>n interpret, add<br />
commentary, or make an analogy<br />
regarding <strong>the</strong> Mafia or Worldwide<br />
Wrestling that quickly alleviates<br />
heartburn and/or anxiety. Dan<br />
joined <strong>the</strong> Horty Springer law<br />
firm over 35 years ago, and to his<br />
knowledge, he is still employed by<br />
<strong>the</strong> firm.<br />
What keeps Dan up at night<br />
Street noise and occasional indigestion<br />
are <strong>the</strong> most problematic,<br />
with o<strong>the</strong>r items not for public<br />
disclosure.<br />
What tactics does Dan use to<br />
handle stress pr<strong>of</strong>essionally<br />
and personally<br />
A shot and a beer at <strong>the</strong> local bar<br />
on a weekend, tooling around<br />
aimlessly on his boat with his six<br />
kids, and spending time with his<br />
sainted wife <strong>of</strong> 30 years are a few<br />
<strong>of</strong> Dan’s solutions.<br />
Dan’s practical advice to compliance<br />
pr<strong>of</strong>essionals can be boiled<br />
down to <strong>the</strong> following bromides:<br />
n Don’t let <strong>the</strong> perfect be <strong>the</strong><br />
enemy <strong>of</strong> <strong>the</strong> good. Too <strong>of</strong>ten<br />
Dan sees compliance pr<strong>of</strong>essionals<br />
focusing on minutiae,<br />
while larger problems are ei<strong>the</strong>r<br />
ignored or set aside.<br />
n Don’t make mountains out <strong>of</strong><br />
molehills. For example, if you<br />
conduct an audit <strong>of</strong> 100 cases<br />
and find a 20% error rate, it<br />
doesn’t necessarily mean that<br />
20% <strong>of</strong> every case you’ve done<br />
is bad; it just means that you<br />
made 20 mistakes. Refund <strong>the</strong><br />
money as needed, develop a<br />
good corrective action plan, and<br />
move on.<br />
n Don’t go looking for trouble;<br />
it will look for you. This doesn’t<br />
mean put your head in <strong>the</strong><br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
sand, but don’t go chasing down<br />
every rabbit hole trying to identify<br />
<strong>the</strong>oretical problems that<br />
may or may not actually constitute<br />
compliance violations. This<br />
is especially true in <strong>the</strong> area <strong>of</strong><br />
physician contracts and leases.<br />
There are a lot <strong>of</strong> things, such<br />
as backdated contracts, that,<br />
based on obscure governmental<br />
pronouncements, some might<br />
say fall outside Stark law exceptions,<br />
but based on state law,<br />
may not be a problem at all.<br />
n Talk to your attorneys when<br />
in doubt. Dan isn’t just singing<br />
for his supper here. The advice<br />
<strong>of</strong> counsel is <strong>the</strong> most effective<br />
defense available if you are<br />
accused <strong>of</strong> wrongdoing, such<br />
as a False Claims Act violation.<br />
If you fully disclose <strong>the</strong> facts <strong>of</strong><br />
your situation to your attorney,<br />
and he or she gives you a reasoned<br />
legal opinion that what<br />
you have done is OK, and you<br />
faithfully follow <strong>the</strong> attorney’s<br />
advice, you will be OK—even<br />
if <strong>the</strong> attorney’s advice turns out<br />
to be incorrect.<br />
What does Dan predict for <strong>the</strong><br />
future<br />
Aside from <strong>the</strong> general meltdown<br />
that will occur in 2014 when <strong>the</strong><br />
Affordable <strong>Care</strong> Act’s individual<br />
mandate kicks in, <strong>the</strong>re will<br />
be between 30 and 50 million<br />
people who will be dropped<br />
from employer health insurance.<br />
Equally important will be <strong>the</strong><br />
increased enforcement activity
y <strong>the</strong> federal and state agencies<br />
that define o<strong>the</strong>rwise common<br />
behavior in <strong>the</strong> industry as<br />
fraud—<strong>the</strong> biggest concern for<br />
providers right now. The regulatory<br />
web in health care is so vast<br />
and complex, and <strong>the</strong> regulators<br />
<strong>of</strong>ten define neutral or beneficial<br />
activity as illegal. Virtually<br />
everyone can be accused <strong>of</strong> fraud,<br />
simply as a way for <strong>the</strong> governmental<br />
payers to get money back,<br />
now that <strong>the</strong>y are effectively<br />
broke. <strong>Compliance</strong> <strong>of</strong>ficers ought<br />
to be on <strong>the</strong> front line, making<br />
sure that <strong>the</strong>ir organizations do<br />
<strong>the</strong> best <strong>the</strong>y can—keeping on<br />
<strong>the</strong> right side <strong>of</strong> <strong>the</strong> law when<br />
<strong>the</strong> lines are clear and working<br />
with counsel to develop realistic<br />
strategies to deal with increasing<br />
number <strong>of</strong> grey areas.<br />
Of course, watch out for potential<br />
whistleblowers. Where possible,<br />
call <strong>the</strong>m out when you<br />
spot people who find fault with<br />
anything that you do, but don’t<br />
suggest any realistic solutions to<br />
deal with <strong>the</strong> real or imagined<br />
problems <strong>the</strong>y conjure up. Dan’s<br />
closing comment was that <strong>the</strong>y<br />
would do well to recall that “<strong>the</strong><br />
lowest circle <strong>of</strong> hell in Dante’s<br />
Inferno was reserved for cheese<br />
eaters.” n<br />
The HCCA HIPAA<br />
Training Handbook<br />
The <strong>Health</strong> Insurance Portability<br />
and Accountability Act (HIPAA)<br />
has had lasting impact on U.S.<br />
health care providers since its<br />
passage in 1996. Now HIPAA,<br />
along with HITECH, affect health<br />
care pr<strong>of</strong>essionals on a daily basis.<br />
This newly revised handbook is<br />
intended for anyone who needs a<br />
basic understanding <strong>of</strong> <strong>the</strong> privacy<br />
and security regulations governed<br />
by HIPAA and HITECH. Suitable<br />
for staff training courses, it covers:<br />
• Who must comply with HIPAA and HITECH<br />
• When and by whom is <strong>the</strong> use or disclosure <strong>of</strong> protected<br />
health information (PHI) permitted<br />
• What rights does an individual have regarding his or<br />
her PHI<br />
• What are <strong>the</strong> basic safeguards required to protect <strong>the</strong><br />
security <strong>of</strong> e-PHI<br />
• What happens when a breach occurs<br />
• And much more<br />
This handbook can prepare all health care pr<strong>of</strong>essionals to<br />
help protect <strong>the</strong> privacy and security <strong>of</strong> <strong>the</strong>ir patients’ health<br />
information.<br />
Visit www.hcca-info.org or call 888-580-8373 to order.<br />
HCCA MEMBER DISCOUNTS<br />
# <strong>of</strong> handbooks cost per book<br />
1–9 ...........................$25<br />
10–24 .......................$23<br />
25–49 .......................$20<br />
50–74 .......................$18<br />
75–99 .......................$16<br />
100+ .........................$15<br />
6500 Barrie Road, Suite 250<br />
Minneapolis, MN 55435<br />
Phone 888-580-8373 | Fax 952-988-0146<br />
www.hcca-info.org | helpteam@hcca-info.org<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
HIPAAHandbook2ndEd_2c_2columnAd.indd 1<br />
<strong>December</strong> 2011<br />
21<br />
8/3/2011 4:53:04 PM
Soar to higher levels<br />
<strong>of</strong> compliance and<br />
risk management . . .<br />
When you’re forced to rely on labor-intensive<br />
spreadsheets, point solutions, or a s<strong>of</strong>tware<br />
system retr<strong>of</strong>itted to <strong>the</strong> health care industry,<br />
it can feel as if your risk is managing you.<br />
Go beyond risk management to continuous<br />
improvement with a customized, scalable<br />
and complete solution, fully supported by<br />
experts in <strong>the</strong> health care compliance industry.<br />
Created exclusively for <strong>the</strong> health care<br />
industry, MediRegs ® ComplyTrack from<br />
Wolters Kluwer Law & Business provides you<br />
with <strong>the</strong> tools you need to proactively assess,<br />
understand, communicate and mitigate risk<br />
across your entire enterprise.<br />
ComplyTrack delivers<br />
industry-leading<br />
solutions for:<br />
■ <strong>Compliance</strong><br />
■ Risk<br />
■ Internal Audit<br />
■ Privacy & Security<br />
■ Audit & <strong>Compliance</strong><br />
Committee<br />
■ Legal<br />
■ <strong>Health</strong> Information<br />
Management<br />
Visit MediRegs.com/ERM and learn why<br />
customers prefer our solution for enterprise<br />
compliance and risk management.<br />
HCCA ComplyTrack ad 7-11.indd 1<br />
5/9/2011 11:09:20 AM
People<br />
on <strong>the</strong> Move<br />
Former Medicaid Inspector<br />
General James Sheehan joins<br />
New York City HRA as Chief<br />
Integrity Officer<br />
Former New York State Medicaid<br />
Inspector General and Associate<br />
U.S. Attorney for <strong>the</strong> Eastern<br />
District <strong>of</strong> Pennsylvania James<br />
Sheehan recently joined <strong>the</strong> New<br />
York City Human Resources<br />
Administration (HRA) as <strong>the</strong><br />
agency’s Chief Integrity Officer.<br />
Mr. Sheehan will report directly<br />
to <strong>the</strong> Commissioner on anything<br />
related to agency and program<br />
integrity. Mr. Sheehan will have<br />
direct oversight <strong>of</strong> <strong>the</strong> Investigation,<br />
Revenue and Enforcement<br />
Administration (IREA) and <strong>the</strong><br />
Office <strong>of</strong> Audit Services. Mr.<br />
Sheehan plans to use his experience<br />
with Medicaid integrity to<br />
build on <strong>the</strong> HRA’s past record<br />
<strong>of</strong> cost avoidance and recoveries<br />
from fraud investigations – in<br />
2010, <strong>the</strong> Agency’s efforts led to a<br />
combined recovery and cost savings<br />
amount <strong>of</strong> more than $225<br />
million—and focus on <strong>the</strong> fur<strong>the</strong>r<br />
reduction <strong>of</strong> abuse, waste and<br />
fraud in New York City’s largest<br />
social services programs.<br />
“After serving <strong>the</strong> leading federal<br />
and state government agencies in<br />
prosecuting fraud and protecting<br />
program integrity, I am honored<br />
to work for <strong>the</strong> greatest city in <strong>the</strong><br />
world and <strong>the</strong> largest municipal<br />
social services agency in <strong>the</strong> country,”<br />
said James Sheehan, HRA<br />
Chief Integrity Officer. “My job<br />
will be to ensure <strong>the</strong> protection <strong>of</strong><br />
public dollars by continuing <strong>the</strong><br />
Agency’s excellent record in investigating<br />
and vigorously prosecuting<br />
individuals caught engaging<br />
in fraud or o<strong>the</strong>r illegal activities,<br />
and developing new data mining<br />
and analytic techniques to identify<br />
risk areas and prevent fraud.”<br />
HHS-OIG team honored<br />
On October 18, 2011, <strong>the</strong><br />
HHS-OIG’s <strong>Health</strong> <strong>Care</strong><br />
Reform Technical Assistance<br />
Team received <strong>the</strong> Glenn/Roth<br />
Exemplary Service Award in<br />
recognition <strong>of</strong> <strong>the</strong> team’s expert<br />
technical assistance to Congress<br />
throughout <strong>the</strong> health care<br />
reform legislative drafting process.<br />
This award was presented<br />
at <strong>the</strong> 14th annual Inspector<br />
General Community Awards<br />
ceremony.<br />
VA appoints new Chief<br />
<strong>Compliance</strong> and Business<br />
Integrity Officer<br />
The Veterans <strong>Health</strong> Administration<br />
recently announced <strong>the</strong><br />
appointment <strong>of</strong> Robert Criscuolo<br />
as <strong>the</strong> new Chief <strong>Compliance</strong> and<br />
Business Integrity (CBI) Officer.<br />
Criscuolo will serve as <strong>the</strong> principal<br />
advisor to <strong>the</strong> Undersecretary<br />
<strong>of</strong> <strong>Health</strong> in matters relating to<br />
compliance and organizational<br />
integrity in <strong>the</strong> business arena.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
Omnicare appoints Kathleen<br />
McGuan Chief <strong>Compliance</strong> Officer<br />
Recently Omnicare, Inc. announced<br />
Kathleen McGuan was appointed<br />
Senior Vice President and Chief<br />
<strong>Compliance</strong> Officer. Ms. McGuan<br />
will oversee and lead Omnicare’s<br />
corporate compliance function. In<br />
this role, she will be a key contributor<br />
as <strong>the</strong> company continues to<br />
reinforce its commitment on<br />
compliance. Ms. McGuan will<br />
report directly to Omnicare’s Board<br />
<strong>of</strong> Directors and John Figueroa,<br />
Omnicare’s Chief Executive Officer.<br />
Welmont <strong>Health</strong> System<br />
appoints Nolan Senior VP <strong>of</strong><br />
Assurance and <strong>Compliance</strong><br />
Robert Nolan, a veteran leader<br />
in <strong>the</strong> health care compliance<br />
field, has been named Senior<br />
Vice President <strong>of</strong> Assurance and<br />
<strong>Compliance</strong> Services at Wellmont<br />
<strong>Health</strong> System. n<br />
Received a promotion Have a new<br />
hire in your department If you<br />
have received a promotion, award,<br />
or degree; accepted a new position;<br />
or added a new staff member to<br />
your compliance department, please<br />
let us know. It’s a great way to let<br />
<strong>the</strong> <strong>Compliance</strong> community know<br />
where you have moved on to, or who<br />
has joined <strong>the</strong> <strong>Compliance</strong> team.<br />
Send your job change information<br />
to: service@hcca-info.org.<br />
<strong>December</strong> 2011<br />
23
<strong>December</strong> 2011<br />
24<br />
Losing sleep over<br />
health care marketing<br />
arrangements<br />
Editor’s note: Lawrence Conn is<br />
Special Counsel to Foley & Lardner<br />
LLP in Los Angeles. He is a member<br />
<strong>of</strong> <strong>the</strong> firm’s <strong>Health</strong> <strong>Care</strong> Industry<br />
Team and represents hospitals,<br />
physicians, clinical laboratories,<br />
pharmacies, and <strong>the</strong>rapy and DME<br />
suppliers in a wide range <strong>of</strong> legal areas<br />
and issues. Larry may be contacted by<br />
e-mail at lconn@foley.com.<br />
As with any industry,<br />
health care providers<br />
typically find marketing<br />
a valuable means <strong>of</strong> ensuring<br />
economic vitality, goodwill, and<br />
community outreach. Unlike<br />
almost any o<strong>the</strong>r industry,<br />
however, health care providers are<br />
faced with substantial limitations<br />
and potential criminal liability<br />
in connection with <strong>the</strong>se efforts,<br />
even when no false or misleading<br />
claims are made and no coercive<br />
tactics are used. The principle<br />
hurdle providers face is <strong>the</strong><br />
federal Anti-kickback Statute<br />
[42 U.S.C. § 1320-7b(b)],<br />
which prohibits remuneration<br />
not only for referrals, but also<br />
in exchange for, or to induce<br />
recommending an item or service<br />
covered by a governmental health<br />
care program. Many states have<br />
laws that equal or even exceed<br />
By Lawrence Conn<br />
<strong>the</strong> scope <strong>of</strong> <strong>the</strong> federal Antikickback<br />
Statute, <strong>of</strong>ten extending<br />
to items or services regardless <strong>of</strong><br />
<strong>the</strong> payer. Because recommending<br />
use <strong>of</strong> items and services is <strong>the</strong><br />
very essence <strong>of</strong> marketing, health<br />
care providers operate in a highly<br />
unusual and potentially perilous<br />
legal environment.<br />
The Department <strong>of</strong> <strong>Health</strong><br />
& Human Services, Office <strong>of</strong><br />
Inspector General (OIG) has<br />
expressed a longstanding concern<br />
regarding health care marketing.<br />
Back in 1991, when <strong>the</strong> initial<br />
Anti-kickback Statute safe harbors<br />
(i.e., regulatory exceptions) were<br />
finalized, <strong>the</strong> OIG declined to<br />
<strong>of</strong>fer any special protections for<br />
marketing, stating: [W]e believe<br />
that many marketing and advertising<br />
activities may involve at least<br />
technical violations <strong>of</strong> <strong>the</strong> statute. 1<br />
These concerns have continued to<br />
play out through a long series <strong>of</strong><br />
OIG Advisory Opinions, including<br />
two recent opinions addressing<br />
marketing arrangements for<br />
sleep testing laboratories, which<br />
are addressed later in this article.<br />
Safe harbor<br />
Although <strong>the</strong> OIG declined to<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
<strong>of</strong>fer any special protection for<br />
marketing arrangements, it also<br />
noted that marketing and advertising<br />
can potentially fit within <strong>the</strong><br />
personal services and management<br />
contracts safe harbor to <strong>the</strong> Anti-<br />
Kickback statute. 2 However, unless<br />
a provider engages or employs<br />
an exclusive, full-time marketer,<br />
whom it pays on a wholly fixed-fee<br />
basis, it will be difficult to meet<br />
this safe harbor. Among o<strong>the</strong>r<br />
standards, <strong>the</strong> safe harbor requires<br />
that any part-time arrangement<br />
must specify “exactly <strong>the</strong> schedule<br />
<strong>of</strong> such intervals, <strong>the</strong>ir precise<br />
length, and <strong>the</strong> exact charge<br />
for such intervals.” 3 It may be<br />
highly impractical for <strong>the</strong> parties<br />
to specify in advance <strong>the</strong> exact<br />
periods during which a marketer<br />
will perform its services, particularly<br />
if <strong>the</strong> marketer is a consultant<br />
or o<strong>the</strong>r independent contractor,<br />
ra<strong>the</strong>r an employee <strong>of</strong> <strong>the</strong> provider.<br />
Moreover, unless <strong>the</strong> marketer<br />
is paid on a fixed hourly basis<br />
and <strong>the</strong> marketing services are<br />
performed in discrete time chunks,<br />
it would likely be impossible to<br />
specify <strong>the</strong> “exact charge” for each<br />
interval <strong>of</strong> service rendered.<br />
Failure to meet a safe harbor does<br />
not mean an arrangement violates<br />
<strong>the</strong> Anti-kickback Statute, but<br />
ra<strong>the</strong>r that it will be subject to<br />
scrutiny under <strong>the</strong> statute and<br />
potentially could be found to be a<br />
violation. Still, marketing arrangements<br />
that fall outside <strong>the</strong> personal<br />
services/management safe harbor
may find <strong>the</strong>mselves in a ne<strong>the</strong>rworld<br />
<strong>of</strong> legal uncertainty. OIG<br />
has addressed such arrangements<br />
in a number <strong>of</strong> Advisory Opinions,<br />
which provide <strong>the</strong> clearest guidance<br />
that exists in this area.<br />
OIG guidance regarding<br />
marketing and sales agents<br />
OIG has, over a number <strong>of</strong> years,<br />
addressed marketing arrangements,<br />
as well as payments to sales agents,<br />
in a variety <strong>of</strong> Advisory Opinions. In<br />
particular, <strong>the</strong> OIG has consistently<br />
identified so-called “success fees” 4<br />
and compensation based on a percentage<br />
<strong>of</strong> revenue 5 as problematic.<br />
Most recently, <strong>the</strong> OIG explained its<br />
concerns with success fees as follows,<br />
regarding a proposal where <strong>the</strong><br />
“Requestor” would provide management<br />
and marketing services for a<br />
sleep laboratory provider:<br />
Marketing fees paid on <strong>the</strong> basis<br />
<strong>of</strong> successful orders for items or<br />
services are inherently subject<br />
to abuse because <strong>the</strong>y are linked<br />
to business generated by <strong>the</strong><br />
marketer. Because <strong>the</strong> Requestor<br />
receives a fee each time its marketing<br />
efforts are successful, <strong>the</strong><br />
Requestor’s financial incentive<br />
to arrange for or recommend<br />
<strong>the</strong> Hospital’s sleep testing facility<br />
is heightened. The more test<br />
orders <strong>the</strong> Requestor’s marketing<br />
efforts generate, <strong>the</strong> more<br />
fees <strong>the</strong> Requestor receives. 6<br />
As this article will discuss fur<strong>the</strong>r<br />
in <strong>the</strong> context <strong>of</strong> <strong>the</strong> recent sleep<br />
laboratory opinions, this conclusion<br />
is inconsistent with standard<br />
business practice. In virtually any<br />
o<strong>the</strong>r context, it is a matter <strong>of</strong><br />
course to structure compensation<br />
that incentivizes a service provider<br />
to furnish services in an effective<br />
manner. OIG seems to recognize<br />
<strong>the</strong> customary and legitimate role<br />
marketing plays in <strong>the</strong> health care<br />
industry, but it has clear concerns<br />
if <strong>the</strong> marketer is paid in a manner<br />
that reflects <strong>the</strong> actual quality <strong>of</strong><br />
marketer’s services, even when <strong>the</strong><br />
marketer is not in a position to<br />
refer patients, and even when <strong>the</strong><br />
marketer is not in a special position<br />
<strong>of</strong> influence with respect to<br />
recommending <strong>the</strong> provider.<br />
OIG, however, has acknowledged<br />
that greater concern arises out <strong>of</strong><br />
marketing arrangements where<br />
<strong>the</strong> marketer is in a special position<br />
<strong>of</strong> influence. In a series <strong>of</strong><br />
Advisory Opinions, <strong>the</strong> OIG has<br />
listed elements <strong>of</strong> what it considers<br />
to be potentially suspect marketing<br />
arrangements. These include<br />
marketing directly by providers<br />
and suppliers (particularly what <strong>the</strong><br />
OIG refers to as “white coat” marketing<br />
by health care pr<strong>of</strong>essionals,<br />
including physicians), because <strong>the</strong>y<br />
are in a position <strong>of</strong> trust and may<br />
exert undue influence. 7<br />
Additional suspect elements that<br />
<strong>the</strong> OIG has identified include:<br />
n The degree to which <strong>the</strong> marketing<br />
activity may be coercive, or<br />
perceived to be coercive; 8<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
n Direct contact between sales<br />
agents and physicians in a position<br />
to order covered items or services; 9<br />
n Direct contact between sales<br />
agents and beneficiaries; 9<br />
n Marketing items or services<br />
for which <strong>the</strong>re is a likelihood<br />
<strong>of</strong> overutilization (e.g. sleep<br />
laboratory testing services); 10<br />
n Marketing or promotional<br />
activity focused on federal<br />
health care program beneficiaries;<br />
10 and<br />
n Marketing <strong>of</strong> items or services<br />
that are separately reimbursable<br />
(i.e., not included in a bundled<br />
or composite rate). 9<br />
It is not clear how many <strong>of</strong> <strong>the</strong>se<br />
factors need to exist before <strong>the</strong><br />
OIG will decide <strong>the</strong> arrangement<br />
presents a significant risk <strong>of</strong> abuse.<br />
Certain <strong>of</strong> <strong>the</strong>se factors seem more<br />
pertinent than o<strong>the</strong>rs. With most <strong>of</strong><br />
<strong>the</strong>se elements, <strong>the</strong> OIG’s concerns<br />
regarding <strong>the</strong> risk <strong>of</strong> improper influence<br />
are readily understandable. For<br />
example, <strong>the</strong> fact that marketing<br />
may be “coercive” seems to be a<br />
substantial sign <strong>of</strong> potential abuse.<br />
Here, <strong>the</strong> OIG explained that, “for<br />
example, door-to-door marketing,<br />
telephone solicitations, and direct<br />
mailings are more intrusive, and<br />
typically pose a greater potential for<br />
abuse, than truthful passive advertising<br />
in general circulation newspapers<br />
or on television.” 11 (However,<br />
one may question <strong>the</strong> extent to<br />
which direct mailings could possibly<br />
be considered “coercive.”)<br />
Continued on page 27<br />
<strong>December</strong> 2011<br />
25
Discover <strong>the</strong> antidote to data breach strain.<br />
Finding <strong>the</strong> resources to clean up a data breach causes<br />
stress for you, strain on your staff, and slows down your<br />
whole organization. But it doesn’t have to be that way.<br />
More health care organizations trust ID Experts® as <strong>the</strong>ir<br />
partner for data breach solutions than any o<strong>the</strong>r vendor.<br />
We work with you to eliminate <strong>the</strong> strain <strong>of</strong> data breach<br />
by supplementing your team with our expertise and<br />
substantial resources.<br />
Only ID Experts has proprietary tools for assessing <strong>the</strong><br />
unique compliance requirements surrounding loss <strong>of</strong><br />
PHI. We tailor each breach response to address <strong>the</strong> real<br />
risks to your patients — and your reputation.<br />
Act now to see for yourself why ID Experts is <strong>the</strong><br />
antidote to data breach strain.<br />
Experience a less painful recovery from data breach.<br />
Visit www.IDExpertsCorp.com today.<br />
<strong>December</strong> 2011<br />
26<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
HAVE A BREACH NOW Call our Data Breach Lifeline: 866-726-4271
Losing sleep over health care marketing arrangements ...continued from page 25<br />
On <strong>the</strong> o<strong>the</strong>r hand, <strong>the</strong> mere<br />
fact that a service is separately<br />
reimbursable should not by itself<br />
render a marketing arrangement<br />
suspect. It is clear that a provider<br />
has a financial incentive to increase<br />
use <strong>of</strong> a separately reimbursable<br />
service, and it <strong>the</strong>refore may be<br />
likely to put special emphasis on<br />
marketing that service. However,<br />
that does not necessarily mean<br />
that <strong>the</strong> provider (or its marketing<br />
agent) will assert improper influence<br />
to encourage beneficiaries to<br />
obtain that service or, worse, seek<br />
to furnish that service when it is<br />
not clearly medically necessary.<br />
As with its overriding concern<br />
regarding “success fees,” <strong>the</strong> OIG<br />
seems to assume that any time a<br />
provider stands to gain financially<br />
from rendering services, it is more<br />
likely to engage in (or incentivize<br />
its marketer to engage in) improper<br />
activities. Similarly, merely because<br />
a particular marketing activity is<br />
focused on Medicare patients does<br />
not necessarily signal potential<br />
abuse; ra<strong>the</strong>r, <strong>the</strong> provider may<br />
simply be undertaking community<br />
outreach and education geared<br />
towards a higher risk population.<br />
Recent sleep laboratory<br />
opinions<br />
In two Advisory Opinions concerning<br />
sleep testing laboratory<br />
services, 12 <strong>the</strong> OIG has most<br />
recently expressed its concern that<br />
sleep laboratory testing services<br />
“may be particularly susceptible<br />
to <strong>the</strong> risk <strong>of</strong> overutilization” and<br />
its concern with a marketing fee<br />
that reflects <strong>the</strong> successfulness <strong>of</strong><br />
<strong>the</strong> marketer’s efforts. The facts<br />
in <strong>the</strong> two opinions are similar,<br />
except for <strong>the</strong> manner in which<br />
<strong>the</strong> marketing fees are paid. In<br />
each arrangement, a supplier<br />
provides equipment and services<br />
for a hospital sleep testing laboratory.<br />
The supplier also provides<br />
marketing, including a part-time<br />
marketing manager who visits<br />
<strong>of</strong>fices <strong>of</strong> physicians who are<br />
potential referral sources. OIG<br />
reached different conclusions<br />
depending on whe<strong>the</strong>r <strong>the</strong> marketing<br />
fee was fixed or whe<strong>the</strong>r<br />
it was determined based on how<br />
many tests <strong>the</strong> supplier performed<br />
(i.e., a per-test basis).<br />
In one opinion (Opinion 10-24),<br />
<strong>the</strong> compensation was based<br />
on aggregate, fixed fees that are<br />
consistent with fair market value<br />
in arm’s-length transactions and<br />
that do not take into account <strong>the</strong><br />
volume or value <strong>of</strong> federal health<br />
care program business—factors<br />
<strong>the</strong> OIG identified as “key<br />
safeguards.” OIG concluded that<br />
it would not impose sanctions,<br />
because <strong>the</strong> fixed fee structure<br />
would “mitigate against any<br />
undue or additional incentive<br />
to generate unnecessary or an<br />
increased volume <strong>of</strong> sleep tests.”<br />
In contrast, <strong>the</strong> OIG declined<br />
to approve <strong>the</strong> structure under<br />
which <strong>the</strong> supplier receives a<br />
per-test fee (Opinion 10-23).<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
OIG stated that “because <strong>the</strong><br />
Supplier receives a fee each time<br />
its marketing efforts are successful,<br />
<strong>the</strong> Supplier’s financial incentive<br />
to arrange for or recommend <strong>the</strong><br />
Hospital’s sleep testing facility is<br />
heightened.” However, <strong>the</strong> OIG’s<br />
concern went beyond this. OIG<br />
fur<strong>the</strong>r stated that “per-click” fee<br />
structures are inherently reflective<br />
<strong>of</strong> <strong>the</strong> volume or value <strong>of</strong> services<br />
ordered. Although this statement<br />
is undeniably true, it ignores <strong>the</strong><br />
fact that <strong>the</strong> supplier receives <strong>the</strong><br />
same fee regardless <strong>of</strong> whe<strong>the</strong>r<br />
its marketing efforts generated<br />
<strong>the</strong> referral or <strong>the</strong> referral came<br />
completely irrespective <strong>of</strong> <strong>the</strong><br />
supplier’s efforts.<br />
OIG also believed that packaging<br />
<strong>the</strong> marketing compensation<br />
toge<strong>the</strong>r with compensation for<br />
general management services in an<br />
all-inclusive per-test fee, heightened<br />
<strong>the</strong> potential risk, because<br />
this packaged fee prevented “<strong>the</strong><br />
transparent assessment <strong>of</strong> <strong>the</strong><br />
marketing services provided and<br />
<strong>the</strong> compensation paid for <strong>the</strong>m.”<br />
Broader implications for<br />
marketing<br />
OIG’s unwillingness to approve<br />
<strong>the</strong> per-test fee scenario does not<br />
necessarily mean that <strong>the</strong> OIG<br />
concluded <strong>the</strong> arrangement is<br />
unlawful. Instead, <strong>the</strong> OIG had<br />
sufficient concerns such that it<br />
could not “conclude that <strong>the</strong><br />
Arrangement poses a sufficiently<br />
Continued on page 28<br />
<strong>December</strong> 2011<br />
27
Losing sleep over health care marketing arrangements ...continued from page 27<br />
<strong>December</strong> 2011<br />
28<br />
low level <strong>of</strong> risk that [it] should<br />
protect it.” As noted above,<br />
<strong>the</strong> OIG’s reasoning is open to<br />
question. However, as a practical<br />
matter, providers need to take<br />
<strong>the</strong> OIG’s position carefully into<br />
account when <strong>the</strong>y structure and<br />
evaluate any proposed marketing<br />
arrangement. Providers may wish<br />
to consider <strong>the</strong> following steps<br />
in order to reduce <strong>the</strong> inevitable<br />
legal risk that marketing arrangements<br />
present.<br />
n Fair market value<br />
determination.<br />
Providers should carefully document<br />
<strong>the</strong> means by which <strong>the</strong>y<br />
determined <strong>the</strong> proposed amount<br />
and methodology <strong>of</strong> compensation<br />
to marketers is fair market<br />
value, particularly where compensation<br />
reflects success <strong>of</strong> marketing<br />
efforts. The strongest documentation<br />
can be obtained by engaging<br />
an independent valuation expert.<br />
In all cases, factors to examine<br />
may include (1) <strong>the</strong> expected costs<br />
<strong>the</strong> marketer will incur; (2) <strong>the</strong><br />
expected time <strong>the</strong> marketer will<br />
expend, and a fair market value<br />
hourly rate for <strong>the</strong>se services; (3)<br />
excluding any referrals generated<br />
directly by <strong>the</strong> marketer (e.g.,<br />
by a medical director that <strong>the</strong><br />
marketer furnishes as part <strong>of</strong> a<br />
broader range <strong>of</strong> services for <strong>the</strong><br />
provider) from <strong>the</strong> compensation<br />
formula; (4) <strong>the</strong> expected costs to<br />
<strong>the</strong> provider if it performed <strong>the</strong><br />
marketing services itself; (5) fees<br />
paid in similar arrangements, to<br />
<strong>the</strong> extent <strong>the</strong> parties have this<br />
information; and (6) fee quotations<br />
<strong>the</strong> provider obtains from<br />
o<strong>the</strong>r potential marketers.<br />
n <strong>Compliance</strong> program and<br />
contractual protections.<br />
In order to reduce <strong>the</strong> risk <strong>of</strong><br />
improper activities, providers<br />
should require, in writing, that<br />
marketers abide by <strong>the</strong> provider’s<br />
compliance program and procedures.<br />
Among o<strong>the</strong>r elements,<br />
this should require marketers to<br />
utilize only truthful and accurate<br />
materials, and to ensure that its<br />
staff is adequately trained to make<br />
communications that are accurate<br />
and non-coercive. Fur<strong>the</strong>r, <strong>the</strong><br />
marketer should be contractually<br />
obligated to indemnify <strong>the</strong><br />
provider for any failure to abide<br />
by <strong>the</strong> written contract (including<br />
<strong>the</strong> foregoing requirements), <strong>the</strong><br />
provider’s compliance program,<br />
or applicable law. Finally, <strong>the</strong><br />
provider should immediately<br />
investigate any complaints <strong>of</strong> possible<br />
impropriety by <strong>the</strong> marketer,<br />
whe<strong>the</strong>r those complaints arise<br />
from <strong>the</strong> provider’s own staff or<br />
from <strong>the</strong> community.<br />
n Review <strong>of</strong> marketing<br />
materials.<br />
The provider should consider<br />
requiring and performing prior<br />
review <strong>of</strong> all written marketing<br />
materials. If questions arise as to<br />
<strong>the</strong> propriety <strong>of</strong> any materials,<br />
<strong>the</strong> provider should consult legal<br />
counsel. Similarly, <strong>the</strong> provider<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
should consider requiring written,<br />
preapproved “scripts” for<br />
any marketing presentations and<br />
telephone calls.<br />
Conclusion<br />
Although it may be difficult<br />
or impractical to structure an<br />
arrangement to be risk-free (o<strong>the</strong>r<br />
than those rare arrangements that<br />
meet <strong>the</strong> safe harbor), prudent<br />
structuring, documentation, and<br />
monitoring can give providers<br />
considerable comfort in implementing<br />
marketing arrangements<br />
that are effective and beneficial,<br />
while at <strong>the</strong> same time not posing<br />
undue legal risk. n<br />
1. 56 Fed. Reg. 35952, 35974 (6/29/91).<br />
2. 42 C.F.R. §1001.952(d)<br />
3. 42 C.F.R. §1001.952(d)(3).<br />
4. See, e.g., Advisory Opinions 03-08<br />
(4/10/03), 08-19 (10/29/08).<br />
5. See Advisory Opinions 99-3 (3/16/99),<br />
98-10 (8/31/98) and 98-4 (4/15/98).<br />
6. Advisory Opinion 10-23 (10/28/10).<br />
7. See Advisory Opinions 99-12 (11/23/99),<br />
99-3 (3/16/99) and 08-19 (10/29/08).<br />
8. See Advisory Opinion 99-8 (7/6/99).<br />
9 See Advisory Opinions 99-3 (3/16/99)<br />
and 98-10 (8/31/98).<br />
10. See Advisory Opinion 99-8 (7/6/99).<br />
11. See Advisory Opinion 99-8 (7/6/99).<br />
See also 56 Fed. Reg. 35952, 35974<br />
(6/29/91).<br />
12. Advisory Opinions 10-23 and 10-24<br />
(both issued 10/28/10).
Editor’s note: Jeffrey N. Joyce is<br />
<strong>the</strong> Director <strong>of</strong> <strong>the</strong> Department <strong>of</strong><br />
Research at Maricopa Integrated<br />
<strong>Health</strong> System in Phoenix. He may<br />
be contacted by e-mail at Jeffrey.<br />
Joyce@mihs.org.<br />
Traditional academic medical<br />
centers that have a<br />
teaching hospital associated<br />
with a medical school have<br />
been <strong>the</strong> home for clinical and<br />
translational research for several<br />
decades. However, increasing<br />
amounts <strong>of</strong> research are being<br />
conducted at free-standing hospitals,<br />
particularly those providing<br />
residency training. Maricopa<br />
Integrated <strong>Health</strong> System (MIHS)<br />
is headquartered in <strong>the</strong> heart <strong>of</strong> a<br />
large urban area. The cornerstone<br />
<strong>of</strong> MIHS is Maricopa Medical<br />
Center (MMC), a major teaching<br />
hospital with a 100-year history.<br />
By public vote, MIHS (including<br />
MMC) became an independent<br />
health care district governed by<br />
a five-member board <strong>of</strong> directors<br />
in 2005. The stand-alone medical<br />
system, hosting ten residency<br />
Regulatory<br />
compliance for<br />
research in an<br />
academic medical<br />
center<br />
By Jeffrey N. Joyce, PhD<br />
programs that train 275 residents<br />
annually, established <strong>the</strong><br />
Department <strong>of</strong> Research in 2006.<br />
The Department <strong>of</strong> Research was<br />
created to meet several goals, but<br />
<strong>the</strong> driving need was to streng<strong>the</strong>n<br />
financial and regulatory oversight<br />
while simultaneously reducing<br />
barriers to conducting research.<br />
Ano<strong>the</strong>r important driving<br />
force was <strong>the</strong> MIHS intention<br />
to assume <strong>the</strong> role <strong>of</strong> a major<br />
university-affiliated teaching<br />
hospital and clinical hub for its<br />
research partners, and thus, to<br />
increase clinical research opportunities.<br />
Senior leadership developed<br />
goals in 2006 that required rapid<br />
growth <strong>of</strong> research administration<br />
and support, and called for<br />
<strong>the</strong> establishment <strong>of</strong> regulatory<br />
policies and processes that did not<br />
currently exist. This article will<br />
describe <strong>the</strong> planning, development,<br />
and implementation <strong>of</strong> <strong>the</strong><br />
policies and processes that were<br />
aligned with <strong>the</strong> departments <strong>of</strong><br />
Information Technology (IT),<br />
Finance, and Revenue, as well as<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
with <strong>the</strong> Legal and <strong>Compliance</strong><br />
areas. This information-driven<br />
process can be used to develop an<br />
effective research administration<br />
operation in o<strong>the</strong>r independent<br />
academic medical centers.<br />
Establishing an effective<br />
research infrastructure<br />
In 2005, <strong>the</strong> MIHS Institutional<br />
Review Board Administrator and<br />
Acting Director <strong>of</strong> Academic<br />
Research prepared a white paper<br />
that assessed <strong>the</strong> value <strong>of</strong> <strong>the</strong><br />
research division that had been<br />
administered on behalf <strong>of</strong> MIHS<br />
by its Physician Practice Group<br />
for <strong>the</strong> previous three years. The<br />
white paper concluded that <strong>the</strong><br />
research division provided some<br />
coordination that had long been<br />
lacking, but weaknesses and<br />
barriers remained. Three goals<br />
were identified that needed to<br />
be addressed: (1) Centralize <strong>the</strong><br />
oversight and review <strong>of</strong> research<br />
that assured financial accountability<br />
for research funds; (2) Provide<br />
for <strong>the</strong> assurance <strong>of</strong> appropriate<br />
billing for research patients; and<br />
(3) Pr<strong>of</strong>essionalize <strong>the</strong> research<br />
contract approval process and<br />
oversight.<br />
In 2007, a new Director <strong>of</strong><br />
Research (<strong>the</strong> author) was<br />
appointed, and a plan was<br />
implemented to improve research<br />
administration by hiring an<br />
experienced team to manage <strong>the</strong><br />
clinical research contracts and academic<br />
grants, and to restructure<br />
<strong>December</strong> 2011<br />
29
Regulatory compliance for research in an academic<br />
medical center ...continued from page 29<br />
<strong>the</strong> research administration organization to clarify<br />
reporting relationships. An increased effort to work<br />
with faculty and residents in assuring <strong>the</strong>ir compliance<br />
with administrative policies and processes was<br />
an important strategy to achieve <strong>the</strong>se goals. This is<br />
an ongoing process, and to achieve <strong>the</strong> goals for <strong>the</strong>se<br />
areas, continuous input is required from researchers,<br />
house staff, and o<strong>the</strong>rs who are served by <strong>the</strong><br />
Department <strong>of</strong> Research, o<strong>the</strong>r departments that<br />
it intersects with (e.g., IT, Finance, Legal), and our<br />
external partners. For example, in <strong>the</strong> 2007 assessment,<br />
research faculty communicated a pressing need<br />
to shorten <strong>the</strong> time it took to get sponsored research<br />
project documents, including contracts and Institutional<br />
Review Board (IRB) protocol, completed and<br />
approved to initiate clinical research studies. Faculty<br />
reported that it took 12-16 weeks, on average, for<br />
<strong>the</strong> processes to occur, with some study initiations<br />
taking nine months. The investigators’ expectation<br />
was that <strong>the</strong> timeline for initiating sponsored projects<br />
should be reduced to six to eight weeks. Thus, it<br />
was apparent that <strong>the</strong> competing needs for ensuring<br />
compliance, while reducing barriers to initiating and<br />
conducting <strong>the</strong> clinical studies, had to be managed.<br />
<strong>December</strong> 2011<br />
30<br />
The Department <strong>of</strong> Research contracted with an outside<br />
firm to provide a report on <strong>the</strong> “…assessment <strong>of</strong><br />
major compliance, operational and structural risks and<br />
gaps and advice on potential approaches to enhancing<br />
its sponsored programs capabilities.” During this<br />
assessment, six domains were identified that required<br />
planning, information, and investment to have an<br />
effective research administration (figure 1 on page<br />
31). Three <strong>of</strong> those domains (i.e., Affiliations, Strategy<br />
and Mission, and Resources for Research) reflected<br />
<strong>the</strong> context for having a Department <strong>of</strong> Research at<br />
MIHS that was in alignment with <strong>the</strong> MIHS mission.<br />
Three key domains were <strong>the</strong>n identified that needed<br />
to be appropriately streng<strong>the</strong>ned and restructured<br />
for effective research administration (i.e., Legal and<br />
Organizational Structure, Operations/<strong>Compliance</strong>,<br />
and Intellectual Property and Technology Transfer).<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org
The first domain for establishing<br />
research administration was <strong>the</strong><br />
consideration <strong>of</strong> <strong>the</strong> legal rationale<br />
(Legal and Organizational Structure)<br />
for research administration<br />
at this academic medical center. In<br />
this case, it was particularly important<br />
to establish a system-wide<br />
policy governing research operations,<br />
all research grants, contracts,<br />
or sponsored research agreements,<br />
because all oversight previously<br />
had been vested with a small<br />
physician-led foundation, <strong>the</strong>n <strong>the</strong><br />
Physician Contract Group. With<br />
<strong>the</strong> establishment <strong>of</strong> <strong>the</strong> Department<br />
<strong>of</strong> Research within MIHS,<br />
<strong>the</strong> MIHS CEO created a specific<br />
written authority for <strong>the</strong> new<br />
Figure 1<br />
entity to operate. The two o<strong>the</strong>r<br />
domains (Intellectual Property and<br />
Technology Transfer, and Operations/<strong>Compliance</strong>)<br />
are operations<br />
that were developed by <strong>the</strong> new<br />
research administration leadership<br />
with input from <strong>the</strong> medical staff;<br />
<strong>the</strong> departments <strong>of</strong> Finance and<br />
Revenue, Legal, and <strong>Compliance</strong>;<br />
and MIHS executive leadership.<br />
These operational domains were<br />
implemented in five steps.<br />
Establishing an infrastructure<br />
to support research<br />
A five-step strategy was put in<br />
place to encourage growth <strong>of</strong><br />
research and adherence to compliance<br />
operations.<br />
Step 1: Restructuring operations<br />
and policies<br />
The first step in establishing<br />
research administration was <strong>the</strong><br />
consideration <strong>of</strong> <strong>the</strong> proposed<br />
structure (i.e., <strong>the</strong> Legal and<br />
Organizational Structure) for<br />
research administration at this<br />
academic medical center. In July<br />
<strong>of</strong> 2007, <strong>the</strong> author guided a<br />
restructuring <strong>of</strong> <strong>the</strong> Department<br />
<strong>of</strong> Research in which two divisions<br />
were delineated with different<br />
responsibilities: (1) a division<br />
for industry-sponsored contracts<br />
and clinical trial oversight; and<br />
(2) a division for academic<br />
research and education with<br />
additional responsibilities for<br />
Continued on page 32<br />
Developing a Research Infrastructure<br />
An effective research administration infrastructure involves<br />
planning and investment across six domains.<br />
Affiliations<br />
Who are our natural affiliates<br />
What is expected from <strong>the</strong> affiliates<br />
How will we gauge success<br />
What is needed to fulfill <strong>the</strong> goals<br />
<strong>of</strong> <strong>the</strong> affiliations<br />
Intellectual Property and<br />
Technology Transfer<br />
Is Intellectual Property being<br />
protected and developed<br />
Is technology transfer appropriately<br />
enabled<br />
Do physicians and staff understand<br />
<strong>the</strong> Intellectual Property policy and<br />
technology transfer process<br />
Strategy and Mission<br />
What is <strong>the</strong> overall strategic value<br />
and mission <strong>of</strong> <strong>the</strong> Research<br />
department, within <strong>the</strong> Institution<br />
How will this be executed<br />
What are <strong>the</strong> key objectives <strong>of</strong> <strong>the</strong><br />
Research department<br />
How will success be measured<br />
Research Department<br />
Elements Contributing to<br />
Overall Effectiveness &<br />
Efficiency<br />
Legal & Organization Structure<br />
What legal structure, organizational<br />
structure, and key leadership<br />
positions are needed to support <strong>the</strong><br />
research infrastructure<br />
Resources for Research<br />
Do we have <strong>the</strong> appropriate key<br />
physician/scientists to be<br />
successful<br />
What <strong>the</strong>rapeutic areas do we<br />
provide clinical research centers<br />
What will it take to transform to<br />
academic focus in departments<br />
Where will financial support be<br />
developed<br />
Operations / <strong>Compliance</strong><br />
What is <strong>the</strong> most efficient and<br />
effective way to develop research<br />
How will it ensure compliant<br />
operations<br />
What are <strong>the</strong> key risks and success<br />
factors<br />
What physical and operations<br />
investment will need to be made<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
<strong>December</strong> 2011<br />
31
Regulatory compliance for research in an academic medical center ...continued from page 31<br />
<strong>December</strong> 2011<br />
32<br />
administration <strong>of</strong> <strong>the</strong> human subjects<br />
protection program (IRB).<br />
Although <strong>the</strong>re is no laboratory,<br />
bench-based, basic research at<br />
MIHS, historically <strong>the</strong>re has been<br />
both industry and governmental<br />
grant-supported clinical research<br />
at MIHS. The processes for supporting<br />
and approving industrysponsored<br />
clinical trial contracts<br />
is fundamentally different from<br />
developing investigator-initiated<br />
research or partnering on multisite<br />
studies that are funded with<br />
non-commercial resources. 1,2<br />
There are points <strong>of</strong> intersection<br />
between <strong>the</strong> two, but <strong>the</strong> steps<br />
involved in approving industrysponsored<br />
clinical trials for <strong>the</strong><br />
study initiation, contract negotiations,<br />
legal review, compliance<br />
approval, invoicing, and financial<br />
reporting are fundamentally<br />
different from that sponsored by<br />
non-commercial entities. Consequently,<br />
staffing was aligned<br />
with <strong>the</strong> different functions <strong>of</strong><br />
<strong>the</strong> divisions with all commercial<br />
contract negotiations, budget<br />
development and review, coordination<br />
with legal counsel, and<br />
clinical trial compliance oversight<br />
within one division. The division<br />
for academic research and education<br />
included staff for pre-award<br />
grant development functions,<br />
biostatisticians, residency education<br />
in research, human subjects<br />
protection training, and IRB<br />
administration. Additional staff<br />
in <strong>the</strong> positions <strong>of</strong> research data<br />
analysis and post-award financial<br />
oversight functions were added in<br />
<strong>the</strong> second year to support both<br />
divisions’ activities.<br />
To accomplish <strong>the</strong> goal <strong>of</strong> adding<br />
staff for post-award financial<br />
oversight functions, a rationale<br />
for investing in staff with different<br />
expertise and <strong>the</strong> simultaneous<br />
development <strong>of</strong> supporting policy<br />
was needed. To achieve this, we<br />
invested in senior staff education<br />
initiatives, including sending <strong>the</strong><br />
senior manager <strong>of</strong> <strong>the</strong> division for<br />
industry-sponsored contracts and<br />
clinical trials oversight to attend<br />
national meetings on CMS policy<br />
on Medicare billing for clinical<br />
trial participants. We also invested<br />
in in-house seminars for senior<br />
staff <strong>of</strong> <strong>the</strong> MIHS Departments <strong>of</strong><br />
Finance, Revenue, and Research,<br />
to provide information on issues<br />
pertaining to accounting for all<br />
expenses and revenue generated<br />
through research contracts.<br />
Copies <strong>of</strong> this consultant’s report<br />
on “…assessment <strong>of</strong> major compliance,<br />
operational and structural<br />
risks and gaps and advice on<br />
potential approaches to enhancing<br />
its sponsored programs capabilities”<br />
were circulated to <strong>the</strong> MIHS<br />
chief operating <strong>of</strong>ficer and chief<br />
financial <strong>of</strong>ficer. Recommendations<br />
from that report were incorporated<br />
into a white paper that supported<br />
investment in staff, policies and<br />
processes for <strong>the</strong> financial management<br />
<strong>of</strong> grants, and research<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
contracts accounting. A task force<br />
was convened to set policies and<br />
processes for financial and clinical<br />
trials reconciliation that included<br />
senior level administrators from<br />
<strong>the</strong> IT, Revenue, Finance, Business<br />
Affairs, and Research departments.<br />
The outcomes <strong>of</strong> this process<br />
included approval for hiring<br />
specialized staff in research grants<br />
accounting, approval <strong>of</strong> policies<br />
and procedures to manage compliance<br />
with federal regulations, and<br />
improved process efficiencies. A<br />
comprehensive clinical trials billing<br />
system and monthly financial<br />
reporting process was instituted.<br />
The alignment <strong>of</strong> all research staff,<br />
policies, and processes enabled <strong>the</strong><br />
development and submission <strong>of</strong> a<br />
new indirect cost proposal to <strong>the</strong><br />
Department <strong>of</strong> <strong>Health</strong> and Human<br />
Services in cooperation with <strong>the</strong><br />
director <strong>of</strong> government reporting<br />
for <strong>the</strong> institution and an outside<br />
consulting organization.<br />
Step 2: Policies for research<br />
compliance<br />
MIHS employs a hybrid approach<br />
to research administration and<br />
support. Administrative assistance<br />
for research endeavors occurs both<br />
through <strong>the</strong> centralized Department<br />
<strong>of</strong> Research and through<br />
<strong>the</strong> separate clinical departments.<br />
The Physician Practice Group is<br />
contracted to provide all clinical<br />
services to MIHS, including<br />
clinical research activities, and<br />
that group’s administrative<br />
services provides billing support
for research services provided by<br />
physicians and <strong>the</strong>ir affiliated<br />
clinical research staff. In addition,<br />
both <strong>the</strong> Physician Practice Group<br />
and <strong>the</strong> Department <strong>of</strong> Research<br />
provide direct salary support for<br />
clinical research coordinators. The<br />
strategic plan assumed that, with<br />
maturation <strong>of</strong> <strong>the</strong> research activities<br />
within <strong>the</strong> clinical departments,<br />
administrative resources<br />
would be developed within <strong>the</strong><br />
departments. The administrative<br />
resources developed would <strong>the</strong>n<br />
interface with <strong>the</strong> MIHS Department<br />
<strong>of</strong> Research, to support centralized<br />
operational activities. This<br />
will ensure that <strong>the</strong> bureaucracy<br />
for research administration does<br />
not grow in excess <strong>of</strong> <strong>the</strong> needs<br />
<strong>of</strong> <strong>the</strong> investigators and drain<br />
resources needed for <strong>the</strong> growth <strong>of</strong><br />
<strong>the</strong> faculty pool. However, it also<br />
required <strong>the</strong> substantial development<br />
<strong>of</strong> policies and procedures<br />
to ensure appropriate compliance<br />
in both organizations. Using a<br />
tool similar to that pr<strong>of</strong>iled by<br />
Campbell, 3 risk areas were prioritized<br />
and key policies identified<br />
for development. Five areas were<br />
initially identified that required<br />
policy and process implementation:<br />
Medical staff, IRB, Administration,<br />
Finance, and External<br />
Affiliations (see table 1).<br />
The first policy implemented was<br />
<strong>the</strong> Medical Staff Rules which<br />
required that all investigational<br />
implanted devices, investigational<br />
drugs, isotopes, or drug<br />
Table 1: Risk areas and key policies<br />
Category<br />
Medical staff<br />
Institutional<br />
Review Board<br />
Administration<br />
Finance<br />
External<br />
Affiliations<br />
2010 initiated<br />
Electronic medical<br />
records (EMR)<br />
Policy Title and Purpose<br />
Rules and regulations for investigational research<br />
Intellectual property<br />
Purpose, authority, responsibilities, membership,<br />
and operations <strong>of</strong> <strong>the</strong> IRB<br />
Protocol review processes for IRB<br />
Informed consent for research (including HIPAA<br />
authorization for use <strong>of</strong> protected health information)<br />
Research personnel: Qualifications, competency,<br />
continuing education and conflicts <strong>of</strong> interest<br />
Suspension or termination <strong>of</strong> IRB approval <strong>of</strong><br />
research<br />
Conflict <strong>of</strong> interest<br />
Scientific misconduct<br />
Institutional approval and routing <strong>of</strong> grants and<br />
contracts<br />
Clinical research study audits<br />
Development <strong>of</strong> financial oversight responsibilities<br />
and processes<br />
Allocation and charging <strong>of</strong> direct and indirect costs<br />
Residual funds/closing accounts – industry<br />
sponsored contracts<br />
Cost sharing<br />
Time and effort reporting<br />
Development <strong>of</strong> indirect cost and submission to<br />
DHHS<br />
Establish billing processes for research subject<br />
flow within EMR<br />
Memorandum <strong>of</strong> Understanding executed with<br />
university partner and master research collaboration<br />
agreements executed with partner institutions<br />
Technology transfer, business associate agreements,<br />
and IRB reciprocity agreements and<br />
processes established with university partner<br />
Adjunct Research Associate program for external<br />
research collaborations<br />
EPIC system is 21CFR Part 11 compliant<br />
External entities’ review <strong>of</strong> records<br />
Establish controls and operations for research<br />
subject flow within EMR<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
Continued on page 34<br />
<strong>December</strong> 2011<br />
33
Regulatory compliance for research in an academic medical center ...continued from page 33<br />
<strong>December</strong> 2011<br />
34<br />
<strong>the</strong>rapy administered to hospital<br />
patients be approved by <strong>the</strong> IRB<br />
and Department <strong>of</strong> Research in<br />
accordance with hospital policies<br />
(e.g., IRB, HIPAA). In addition,<br />
contractual language between<br />
MIHS and <strong>the</strong> Physician Practice<br />
Group delegated to MIHS <strong>the</strong><br />
authority to enter into clinical<br />
research study agreements with<br />
study sponsors for and on behalf<br />
<strong>of</strong> <strong>the</strong> Physician Practice Group<br />
and its qualified providers (i.e.<br />
study Principal Investigators). The<br />
contract fur<strong>the</strong>r authorized MIHS<br />
to act as <strong>the</strong> fiduciary agent for<br />
<strong>the</strong> Physician Practice Group and<br />
its qualified providers under any<br />
clinical research study.<br />
Although <strong>the</strong> language <strong>of</strong> this<br />
contract <strong>of</strong>fered <strong>the</strong> mandate to<br />
centralize clinical research operations<br />
and manage all aspects <strong>of</strong><br />
<strong>the</strong> research within MIHS, buy-in<br />
from a broad range <strong>of</strong> individuals<br />
within MIHS and <strong>the</strong> Physician<br />
Practice Group was also needed.<br />
A quarterly research advisory<br />
board, composed <strong>of</strong> physician/<br />
scientists, departmental chairs,<br />
<strong>the</strong> chief compliance <strong>of</strong>ficer, <strong>the</strong><br />
vice president <strong>of</strong> Finance, and<br />
<strong>the</strong> Department <strong>of</strong> Research<br />
senior management team was<br />
instituted. At <strong>the</strong> first meeting,<br />
<strong>the</strong> Department <strong>of</strong> Research<br />
committed to resolving <strong>the</strong> major<br />
concerns <strong>of</strong> <strong>the</strong> key physician/<br />
scientists by:<br />
n making research administration<br />
a transparent process,<br />
n reducing <strong>the</strong> time from contact<br />
initiation to <strong>the</strong> successful<br />
launch <strong>of</strong> clinical trials,<br />
n increasing research revenue, and<br />
n providing timely and accurate<br />
financial reporting <strong>of</strong> research<br />
accounts.<br />
Within <strong>the</strong> first year, <strong>the</strong> Department<br />
<strong>of</strong> Research met or exceeded<br />
all <strong>of</strong> <strong>the</strong> commitments and<br />
gained <strong>the</strong> recognition and respect<br />
<strong>of</strong> key opinion leaders in <strong>the</strong> clinical<br />
departments. We built on <strong>the</strong><br />
success <strong>of</strong> <strong>the</strong> first year by engaging<br />
<strong>the</strong> Finance division to support<br />
operations for research grants<br />
accounting, and implementing<br />
policies for administration <strong>of</strong><br />
research accounts (see below).<br />
This led to increased revenue<br />
capture and improved reporting,<br />
which in turn improved our<br />
performance measures for <strong>the</strong> key<br />
constituents. We have continued<br />
this process by <strong>of</strong>fering ongoing<br />
educational programs to target<br />
audiences to provide information<br />
about different components <strong>of</strong><br />
research compliance.<br />
Step 3: The Institutional Review<br />
Board<br />
Although <strong>the</strong> IRB had originated<br />
at MIHS during its prior life as<br />
<strong>the</strong> county hospital, <strong>the</strong> establishment<br />
<strong>of</strong> research administration at<br />
MIHS required <strong>the</strong> development<br />
and implementation <strong>of</strong> a new<br />
set <strong>of</strong> policies and procedures to<br />
better meet federal regulations on<br />
human subject protection, conflict<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
<strong>of</strong> interest, scientific misconduct,<br />
informed consent, and more<br />
recently, HIPAA Privacy Rule and<br />
<strong>Health</strong> Information Technology<br />
Act (HITECH) compliance.<br />
The assurance that all protocols,<br />
contracts, and grants are compliant<br />
with HIPAA rules for <strong>the</strong> use<br />
and disclosure <strong>of</strong> protected health<br />
information (PHI) for research<br />
is shared with <strong>the</strong> <strong>Compliance</strong><br />
department. Annual training in <strong>the</strong><br />
definition <strong>of</strong> and MIHS policies<br />
for scientific misconduct, conflict<br />
<strong>of</strong> interest, and HIPAA/HITECH<br />
rules is provided by <strong>the</strong> Department<br />
<strong>of</strong> Research. In addition,<br />
because <strong>the</strong> majority <strong>of</strong> residents<br />
are engaged in research activities,<br />
<strong>the</strong> Department <strong>of</strong> Research<br />
provides courses in research design<br />
and statistical design annually to<br />
all residents. IRB protocols are<br />
developed with support and guidance<br />
by <strong>the</strong> IRB Office for all new<br />
investigators (including residents)<br />
and in conjunction with clinical<br />
research coordinators for industrysponsored<br />
studies.<br />
All protocol documents are<br />
reviewed to meet <strong>the</strong> required<br />
informed consent and information<br />
documentation (e.g.,<br />
brochures) and to determine <strong>the</strong><br />
need for language translation. The<br />
translation <strong>of</strong> <strong>the</strong> documents and<br />
informed consent to <strong>the</strong> patients<br />
and families are <strong>the</strong> coordinated<br />
responsibility <strong>of</strong> <strong>the</strong> Principal<br />
Investigator and <strong>the</strong> translation<br />
services within <strong>the</strong> Department <strong>of</strong>
Community Relations. A process<br />
to reduce <strong>the</strong> time to review and<br />
translate <strong>the</strong> documents was<br />
developed during 2009. The<br />
review <strong>of</strong> <strong>the</strong> process was initiated<br />
because our collaborative research<br />
partner institutions expressed<br />
concern that <strong>the</strong>re was significant<br />
variability in <strong>the</strong> process. This was<br />
due, in part, to <strong>the</strong> review <strong>of</strong> <strong>the</strong><br />
protocols and translation <strong>of</strong> documents<br />
among separate partner or<br />
collaborator IRBs.<br />
After <strong>the</strong> execution <strong>of</strong> a Memorandum<br />
<strong>of</strong> Understanding for<br />
Research and Graduate Education<br />
Partnerships between MIHS<br />
and a partner university, an<br />
IRB reciprocity agreement was<br />
executed that determines IRB<br />
authority over joint research<br />
programs where clinical research<br />
is conducted solely at MIHS. By<br />
stipulating that MIHS would<br />
be <strong>the</strong> IRB <strong>of</strong> record, <strong>the</strong> agreement<br />
ensured <strong>the</strong>re would be a<br />
single review <strong>of</strong> <strong>the</strong> protocols and<br />
translation <strong>of</strong> documents, which<br />
has resulted in a significant reduction<br />
in <strong>the</strong> time needed for review<br />
and approval. For o<strong>the</strong>r partner<br />
institutions, master agreements<br />
were executed that stipulated <strong>the</strong><br />
IRB <strong>of</strong> record and authority for<br />
translated documents, resulting<br />
in greater efficiency for approving<br />
individual research agreements.<br />
Step 4: Contracts and billing<br />
All financial activities related to<br />
clinical research were centralized<br />
during <strong>the</strong> Department <strong>of</strong><br />
Research’s second year <strong>of</strong> operation.<br />
Accountabilities and controls<br />
were developed to ensure invoicing<br />
uniformity for all research<br />
studies with billable items and<br />
services, as well as research billing<br />
compliance throughout MIHS.<br />
All grant and contract-related<br />
budgets are initially processed<br />
through <strong>the</strong> Department <strong>of</strong><br />
Research for prospective reimbursement<br />
analysis, budget<br />
development, and budget negotiation.<br />
In addition, <strong>the</strong> post-award<br />
team is charged with <strong>the</strong> review<br />
<strong>of</strong> billing issues and developing<br />
a process for invoicing for each<br />
study. At <strong>the</strong> time that <strong>the</strong> author<br />
assumed his current position<br />
(Director <strong>of</strong> <strong>the</strong> Department <strong>of</strong><br />
Research) <strong>the</strong>re was no specific<br />
plan for cost accountability or cost<br />
recovery for <strong>the</strong> department and<br />
its activities.<br />
The first step towards a full accounting<br />
was to realign <strong>the</strong> administrative<br />
structure (see Step 1) to reflect <strong>the</strong><br />
principle differences in cost recovery<br />
for <strong>the</strong> activities <strong>of</strong> <strong>the</strong> department.<br />
The industry-sponsored<br />
Contracts and Clinical Trial Oversight<br />
division is responsible for<br />
activities that can provide a stable<br />
stream <strong>of</strong> income that is over and<br />
above <strong>the</strong> cost <strong>of</strong> administering<br />
<strong>the</strong> activities <strong>of</strong> this division. This<br />
occurs through direct costs billed<br />
to <strong>the</strong> clinical trials for <strong>the</strong> clinical<br />
research coordinator (CRC) staff<br />
and <strong>the</strong> indirect rate cost recovery<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
from each clinical trial managed by<br />
<strong>the</strong> Department <strong>of</strong> Research. The<br />
goal for each budget year is to add<br />
CRC staffing only as <strong>the</strong> income<br />
generated from <strong>the</strong> clinical trials is<br />
able to fully support <strong>the</strong> additional<br />
positions. Obviously, bottlenecks<br />
during any step <strong>of</strong> <strong>the</strong> process,<br />
from initial contact by <strong>the</strong> clinical<br />
research organization (CRO)/sponsor,<br />
through contract negotiations,<br />
recruitment issues, and physician<br />
oversight, limits growth in research<br />
activities and income. To reduce<br />
<strong>the</strong> amount <strong>of</strong> time required for<br />
contract negotiation and to simultaneously<br />
improve consistency<br />
in <strong>the</strong> process, we worked with<br />
district legal counsel to develop a<br />
master language guide that detailed<br />
<strong>the</strong> information that was required<br />
to be included in any research contract.<br />
Each contract is reviewed for<br />
conformity and compliance with<br />
<strong>the</strong> template, including intellectual<br />
property protection language,<br />
and <strong>the</strong>n submitted with a list <strong>of</strong><br />
proposed changes in language for<br />
review by legal counsel. An edited<br />
research contract is developed in a<br />
short period <strong>of</strong> time and returned<br />
to <strong>the</strong> CRO/sponsor for revision.<br />
In part, because <strong>of</strong> <strong>the</strong> consistency<br />
<strong>of</strong> our approach, repeat contract<br />
negotiations with CROs/sponsors<br />
has resulted in developing<br />
master agreements to support a<br />
process for limited review and<br />
approval. A similar approach has<br />
been taken with non-commercial<br />
sponsors <strong>of</strong> research for review <strong>of</strong><br />
Continued on page 36<br />
<strong>December</strong> 2011<br />
35
Regulatory compliance for research in an academic medical center ...continued from page 35<br />
<strong>December</strong> 2011<br />
36<br />
<strong>the</strong> contracts, albeit with a more<br />
limited need for language revision.<br />
Because we have numerous<br />
research collaborations with some<br />
partner institutions, we have developed<br />
overarching Memoranda <strong>of</strong><br />
Understanding (MOU) with each<br />
one that covers many key compliance<br />
and regulatory matters, and<br />
research plans for individual collaborative<br />
studies can be attached<br />
to or refer to <strong>the</strong> master MOU<br />
and support <strong>the</strong> process for limited<br />
review and approval.<br />
Step 5: Information Technology<br />
and Research interface<br />
The IT environment or cyber<br />
infrastructure has a complex role<br />
in health systems. A number areas<br />
<strong>of</strong> regulatory compliance overlapped<br />
between IT and Research<br />
that required <strong>the</strong> development<br />
<strong>of</strong> policies and protocols. Several<br />
<strong>of</strong> <strong>the</strong> most critical policies and<br />
processes involved <strong>the</strong> use <strong>of</strong><br />
<strong>the</strong> Epic 4 electronic medical<br />
record system (EMR) that was<br />
implemented in 2009. Integrating<br />
processes linking research subjects<br />
into <strong>the</strong> flow <strong>of</strong> clinical processes<br />
within <strong>the</strong> EMR, including<br />
registration, billing, service orders,<br />
source data in <strong>the</strong> medical record,<br />
and documentation <strong>of</strong> informed<br />
consent is essential. However, <strong>the</strong><br />
implementation <strong>of</strong> <strong>the</strong> research<br />
subject flow processes was difficult<br />
for several reasons. First, <strong>the</strong> EMR<br />
was not fully implemented in<br />
both <strong>the</strong> outpatient and inpatient<br />
clinical settings simultaneously,<br />
and its initial implementation<br />
into <strong>the</strong> outpatient clinical setting<br />
did not realize all <strong>the</strong> available<br />
ancillary systems. Second, <strong>the</strong><br />
original focus for integrating<br />
research subject flow was hospital<br />
billing only, via Epic Cadence and<br />
Resolute, with <strong>the</strong> assumption<br />
that correct registration would<br />
result in correct billing. What was<br />
not evident was that <strong>the</strong> o<strong>the</strong>r<br />
flow points for research subjects<br />
that were being handled through<br />
both paper documentation and<br />
multiple database systems also had<br />
to be integrated into <strong>the</strong> EMR<br />
system. As a consequence, to<br />
achieve correct billing, this o<strong>the</strong>r<br />
documentation had to be retr<strong>of</strong>itted<br />
into <strong>the</strong> EMR system with<br />
work-around designs.<br />
Following discussions with o<strong>the</strong>r<br />
hospital systems to share information<br />
on using <strong>the</strong> EMR system for<br />
both research subject and clinical<br />
processes, and engagement <strong>of</strong> <strong>the</strong><br />
chief medical information <strong>of</strong>ficer<br />
at MIHS, resources were provided<br />
to implement tools in <strong>the</strong> EMR<br />
modules that better managed<br />
research subject flow in <strong>the</strong> EMR.<br />
Following <strong>the</strong> “rollout” <strong>of</strong> Phase I<br />
<strong>of</strong> <strong>the</strong> EMR system, we were able<br />
to work with <strong>the</strong> IT-managed<br />
EMR Implementation Project<br />
team to:<br />
n get tools (e.g., smart sets) developed,<br />
tested, and established<br />
as <strong>the</strong> way to build a research<br />
study functions in Epic;<br />
n get <strong>the</strong> clinical research<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
coordinators added functions<br />
so that <strong>the</strong>y could document<br />
in <strong>the</strong> EMR and set-up<br />
appointments;<br />
n establish “Research Only”(nonpatient<br />
care) appointments<br />
that would not result in a visit<br />
charge; and<br />
n route all charges for research<br />
subjects to a single reviewer who<br />
had <strong>the</strong> appropriate expertise<br />
to approve <strong>the</strong> charges or move<br />
<strong>the</strong>m to <strong>the</strong> patient account.<br />
Most importantly, senior leadership<br />
recognized that “research”<br />
was an important input into <strong>the</strong><br />
EMR and that <strong>the</strong> Department <strong>of</strong><br />
Research needed to be included<br />
from <strong>the</strong> beginning for <strong>the</strong> next<br />
phase <strong>of</strong> EMR implementation<br />
in Spring 2012. In 2011, <strong>the</strong><br />
Research team was included in<br />
<strong>the</strong> preliminary EMR strategy<br />
and validation sessions to ensure<br />
that work flows incorporated<br />
registration, documentation, and<br />
billing for research subjects and<br />
to interface with teams “building”<br />
work flows for laboratory<br />
records, pharmacy (investigational<br />
medications), and clinical content.<br />
Although different systems and<br />
tools are being utilized for research<br />
subject flow during Phase II <strong>of</strong> <strong>the</strong><br />
EMR system implementation,<br />
<strong>the</strong> experience during Phase I<br />
provided invaluable insight into<br />
what functions had to be designed<br />
from <strong>the</strong> beginning to work<br />
appropriately in <strong>the</strong> Epic EMR<br />
environment.
With <strong>the</strong> implementation <strong>of</strong> <strong>the</strong><br />
EMR system, additional cyber<br />
infrastructure-related processes<br />
had to be developed to address<br />
compliance with federal requirements<br />
for research. For example,<br />
<strong>the</strong> Food and Drug Administration's<br />
(FDA) 21 CFR Part II rule<br />
on electronic records and signatures,<br />
and external entities’ (e.g.,<br />
monitors) review <strong>of</strong> <strong>the</strong> medical<br />
records <strong>of</strong> research subjects. In<br />
2010, we initiated a series <strong>of</strong><br />
meetings between <strong>the</strong> Department<br />
<strong>of</strong> Research and <strong>the</strong> Department <strong>of</strong><br />
Information Technology regarding<br />
compliance with 21 CFR Part II,<br />
Electronic Record and Electronic<br />
Signatures. Often referred to as<br />
Part II, it was published<br />
May 20, 1997 and was<br />
intended to enable <strong>the</strong> use <strong>of</strong> electronic<br />
documents in <strong>the</strong> regulatory<br />
process for drugs and devices.<br />
Part II specifies processes that must<br />
be in place to assure that electronic<br />
documents and signatures are<br />
equivalent to paper documents and<br />
handwritten signatures. Working<br />
with <strong>the</strong> chief information <strong>of</strong>ficer<br />
and director <strong>of</strong> operations within<br />
<strong>the</strong> Department <strong>of</strong> Information<br />
Technology and <strong>the</strong> MIHS HIPAA<br />
security <strong>of</strong>ficer, an assessment <strong>of</strong><br />
<strong>the</strong> compliance <strong>of</strong> <strong>the</strong> EMR system<br />
with <strong>the</strong> guidelines was made, and<br />
a checklist <strong>of</strong> all component processes<br />
established were recorded.<br />
This checklist is maintained for all<br />
ongoing and future studies. Based<br />
on this process <strong>of</strong> verification,<br />
MIHS was able to provide a letter<br />
to <strong>the</strong> FDA that all electronic<br />
signatures executed in our electronic<br />
medical record system are<br />
<strong>the</strong> legally binding equivalent <strong>of</strong><br />
traditional hand-written signatures.<br />
A second example was <strong>the</strong> need to<br />
document processes for external<br />
entities’ review <strong>of</strong> records. To meet<br />
FDA requirements, clinical <strong>Quality</strong><br />
Assurance (QA) auditors perform<br />
audits <strong>of</strong> research subjects’<br />
medical records at clinical research<br />
sites to ensure <strong>the</strong> validity <strong>of</strong> <strong>the</strong><br />
data submitted and to report<br />
adverse events. However, <strong>the</strong>re<br />
are legitimate concerns that access<br />
to <strong>the</strong> medical record violates <strong>the</strong><br />
privacy rights <strong>of</strong> patients, and<br />
EMR systems do not easily limit<br />
access to a limited set <strong>of</strong> medical<br />
records. Consequently, many sites<br />
will provide hard copies <strong>of</strong> "pertinent"<br />
sections <strong>of</strong> <strong>the</strong> chart for <strong>the</strong><br />
QA auditors’ review ra<strong>the</strong>r than<br />
allow access to <strong>the</strong> EMR. This<br />
may be in conflict with <strong>the</strong> need<br />
for verification <strong>of</strong> <strong>the</strong> source data,<br />
or <strong>the</strong> subject’s medical history<br />
and concurrent events, which are<br />
<strong>the</strong> core <strong>of</strong> monitoring/auditing.<br />
In addition, FDA regulations<br />
specifically require FDA-regulated<br />
entities to provide FDA employees<br />
or designated <strong>of</strong>ficers access to<br />
any required records or reports,<br />
including <strong>the</strong> ability to copy or<br />
verify any such records or reports.<br />
Under <strong>the</strong> Federal Food, Drug,<br />
and Cosmetic Act (FFDCA), it<br />
is a prohibited act to refuse "…<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
to permit access to or copying<br />
<strong>of</strong> any record…" (See FFDCA<br />
section 301(e) and section 704).<br />
Because <strong>the</strong> <strong>Health</strong> Information<br />
Management team, <strong>the</strong><br />
<strong>Compliance</strong> department, and IT<br />
had already begun conducting<br />
discussions about <strong>the</strong> need to<br />
change policies and procedures<br />
for external entities reviewing<br />
or documenting in <strong>the</strong> MIHS<br />
EMR system, <strong>the</strong> Department <strong>of</strong><br />
Research was able to coordinate<br />
with <strong>the</strong>ir policy development.<br />
The process for monitoring<br />
research subjects’ medical records<br />
in <strong>the</strong> EMR requires that <strong>the</strong><br />
auditor or inspector be assigned a<br />
temporary password and institutional<br />
account that is approved<br />
by <strong>the</strong> Director <strong>of</strong> Research. The<br />
account has a time-limited functionality,<br />
and <strong>the</strong> production <strong>of</strong> a<br />
hard copy <strong>of</strong> <strong>the</strong> medical record,<br />
when necessary, is limited to a<br />
specified range <strong>of</strong> medical records<br />
for review status only. The auditor<br />
is monitored to ensure that<br />
only specified medical records<br />
are viewed in <strong>the</strong> EMR system,<br />
and <strong>the</strong> system status availability<br />
is closed after <strong>the</strong> full review is<br />
completed.<br />
Conclusion<br />
Between 2006 and 2011, <strong>the</strong><br />
number <strong>of</strong> active research<br />
projects (sponsored and residentrelated)<br />
at MIHS increased<br />
by 160% and <strong>the</strong> number <strong>of</strong><br />
initiated sponsored contracts<br />
Continued on page 55<br />
<strong>December</strong> 2011<br />
37
<strong>December</strong> 2011<br />
38<br />
CIAs: A look back to<br />
Editor’s note: Jamie L. Kendall is<br />
Senior Director <strong>of</strong> <strong>Compliance</strong>,<br />
Ethics & Legal Affairs with <strong>Compliance</strong><br />
Implementation Services<br />
LLC in Media, Pennsylvania.<br />
Jamie may be contacted by e-mail at<br />
jamiekendall@cis-partners.com or<br />
by telephone at 484/445-7200.<br />
The government’s assertion<br />
under a variety <strong>of</strong><br />
legal <strong>the</strong>ories that a pharmaceutical<br />
company’s <strong>of</strong>f-label<br />
marketing to a physician causes<br />
<strong>the</strong> physician to write an <strong>of</strong>f-label<br />
prescription, which in turn causes<br />
a pharmacy to submit a false<br />
claim for payment to a federal<br />
health care program, requires several<br />
leaps <strong>of</strong> logic. Never<strong>the</strong>less,<br />
<strong>the</strong> government’s focus on certain<br />
pharmaceutical company activities<br />
<strong>of</strong>ten forms <strong>the</strong> factual predicates<br />
for an investigation. Today, many<br />
still believe that this focus remains<br />
heavily upon pharmaceutical sales<br />
and marketing efforts. However,<br />
as manufacturers continue to<br />
establish tighter controls over sales<br />
and marketing activities, government<br />
oversight and enforcement<br />
activities continue to rise.<br />
For better or worse, Corporate<br />
Integrity Agreements (CIAs)<br />
<strong>the</strong> future at<br />
OIG investigations<br />
By Jamie L. Kendall, Esq.<br />
resulting from related settlements<br />
are made public, and <strong>the</strong> place<br />
that <strong>the</strong> government now looks<br />
for evidence <strong>of</strong> corporate intent to<br />
promote <strong>of</strong>f-label usage is Medical<br />
Affairs. Indeed, complaints filed<br />
against pharmaceutical companies<br />
resulting in CIAs demonstrate<br />
that <strong>the</strong> government does not<br />
distinguish in investigations<br />
between Medical Affairs and Sales<br />
departments, despite clear, formal<br />
delineations.<br />
A reason for this may be that<br />
although <strong>the</strong> sales representative<br />
is a drug company’s principal<br />
conduit between business planning<br />
and actual sales, <strong>the</strong> Medical<br />
Affairs department is a critical<br />
component <strong>of</strong> a drug company’s<br />
overall growth, including research,<br />
clinical development, and scientific<br />
reputation. This requires<br />
Medical Affairs’ employees to<br />
engage in a variety <strong>of</strong> health care<br />
pr<strong>of</strong>essional (HCP) interactions.<br />
And despite <strong>the</strong> fact that certain<br />
<strong>of</strong>f-label conduct is permissible,<br />
<strong>the</strong> line between prohibited <strong>of</strong>flabel<br />
promotion and permissible<br />
<strong>of</strong>f-label education is murky, at<br />
best. However, pharmaceutical<br />
company CIA provisions,<br />
resulting from recent settlements<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
involving <strong>of</strong>f-label allegations, are<br />
<strong>of</strong>ten very similar, quite detailed,<br />
and reveal a fair amount about<br />
practices <strong>the</strong> government finds<br />
most problematic.<br />
During <strong>of</strong>f-label investigations,<br />
<strong>the</strong> government routinely looks<br />
for evidence <strong>of</strong> manufacturer payments<br />
to physicians for prescribing<br />
<strong>of</strong>f-label uses <strong>of</strong> <strong>the</strong> company’s<br />
drug. Enforcement cases typically<br />
involve a manufacturer’s provision<br />
<strong>of</strong> a payment or perk to<br />
a physician. Historically, this<br />
evidence was discovered through<br />
company marketing materials and<br />
documentation related to sales<br />
representatives’ activities. Over<br />
<strong>the</strong> past several years however,<br />
<strong>the</strong> pendulum <strong>of</strong> focus appears<br />
to have shifted towards Medical<br />
Affairs activities, as documentation<br />
submitted to <strong>the</strong> government<br />
within <strong>the</strong> scope <strong>of</strong> an investigation<br />
involving allegations around<br />
commercial (sales and marketing)<br />
practices expose manufacturers to<br />
liability stemming from Medical<br />
Affairs. From <strong>the</strong> government’s<br />
perspective, documentation and<br />
information, such as strategic<br />
drug development plans (including<br />
new uses, publication plans,<br />
and disease state awareness<br />
“campaigns”) serve as an obvious<br />
place for evidence <strong>of</strong> corporate<br />
intent to promote <strong>of</strong>f-label usage<br />
<strong>of</strong> a drug. The Warner-Lambert<br />
case is illustrative. 1 According<br />
to <strong>the</strong> government, in that case,<br />
internal business plans allegedly
showed that <strong>the</strong> company viewed<br />
its continuing medical education<br />
(CME) program as an effective<br />
promotional program for<br />
Neurontin’s <strong>of</strong>f-label use.<br />
The government <strong>of</strong>ten scrutinizes<br />
companies that hire medical<br />
pr<strong>of</strong>essionals to do what <strong>the</strong><br />
companies perceive sales representatives<br />
cannot do under US Food<br />
and Drug Administration (FDA)<br />
guidance. In <strong>the</strong> Warner-Lambert<br />
case, for example, <strong>the</strong> medical<br />
liaisons from <strong>the</strong> Medical Affairs<br />
department allegedly “initiated<br />
<strong>of</strong>f-label promotions by raising<br />
<strong>of</strong>f-label subjects” and presented<br />
<strong>the</strong>mselves to HCPs as scientific<br />
experts when, in fact, <strong>the</strong>y were<br />
not. The government suggested<br />
that <strong>the</strong> medical liaisons had a<br />
deceptive air about <strong>the</strong>m and<br />
allegedly succeeded in accessing<br />
physicians (whom sales representatives<br />
had been unable to access)<br />
because <strong>the</strong>y gave <strong>the</strong> appearance<br />
<strong>of</strong> having a scientific background.<br />
Warner-Lambert ultimately pled<br />
guilty and agreed to pay more<br />
than $430 million, in addition to<br />
executing a CIA requiring largescale<br />
compliance efforts by <strong>the</strong><br />
company. The CIA included <strong>the</strong><br />
requirement that Warner-Lambert<br />
(now Pfizer, Inc.) implement policies<br />
and procedures that address<br />
sponsorship or funding <strong>of</strong> research<br />
or related activities (including<br />
clinical trials, market research, or<br />
authorship <strong>of</strong> articles and o<strong>the</strong>r<br />
publications) that are designed<br />
to ensure that company funding<br />
or sponsorship <strong>of</strong> such activities<br />
complies with all applicable<br />
regulations and requirements. 2<br />
Additionally, <strong>the</strong> 2009 Pfizer CIA<br />
demonstrates <strong>the</strong> risks associated<br />
with medical liaisons being perceived<br />
as Sales field counterparts,<br />
as opposed to Medical Affairs staff,<br />
allegedly causing <strong>of</strong>f-label HCP<br />
discussions to take place. Indeed, as<br />
part <strong>of</strong> its 2009 CIA, Pfizer agreed<br />
to apply provisions <strong>of</strong> its CIA to<br />
Medical Affairs personnel and <strong>the</strong>ir<br />
participation in HCP interactions<br />
at meetings or events and clarify<br />
<strong>the</strong>ir role at such events. 3<br />
CIAs and government complaints<br />
have signaled a common focus<br />
on payments to physicians that<br />
allegedly occurred under <strong>the</strong> guise<br />
<strong>of</strong> traditional Medical Affairs<br />
educational activities. Some<br />
examples include grant program<br />
payments relating to “observational”<br />
patient studies, consulting<br />
arrangement fees, and advisory<br />
meeting expenses. 4 Fur<strong>the</strong>r,<br />
although investigator-initiated (or,<br />
“investigator-sponsored”) clinical<br />
trial grant programs encourage<br />
physicians and clinical investigators<br />
to study drug company<br />
products and release <strong>the</strong>ir findings,<br />
<strong>the</strong> government may view<br />
<strong>the</strong>m as kickbacks in exchange<br />
for referrals. Significantly, at least<br />
three pharmaceutical manufacturers<br />
(AstraZeneca, Novartis, and<br />
Allergan) currently operate under<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
CIA-mandated business policies<br />
related to investigator-initiated<br />
trials. Notably, all three company<br />
CIA’s use nearly <strong>the</strong> exact same<br />
language throughout <strong>the</strong> Investigator<br />
Sponsored Trial (IST)<br />
section, changing only <strong>the</strong> name<br />
<strong>of</strong> <strong>the</strong> company and <strong>the</strong> amount<br />
<strong>of</strong> days each company is given to<br />
complete <strong>the</strong>ir duties. All three<br />
CIAs require each manufacturer<br />
to enter into written agreements<br />
describing <strong>the</strong> scope <strong>of</strong> <strong>the</strong> clinical<br />
research or o<strong>the</strong>r work to be<br />
performed, <strong>the</strong> fees to be paid,<br />
and compliance obligations for<br />
<strong>the</strong> researchers. 5<br />
Each CIA also requires researchers<br />
to be paid according to a centrally<br />
managed, pre-set rate structure<br />
that is determined through a<br />
company-conducted fair market<br />
value (FMV) analysis. Annual<br />
budget procedures must also be<br />
created that identify <strong>the</strong> scientific<br />
or business need for <strong>the</strong> researchers,<br />
how many will be required,<br />
<strong>the</strong> activities to be performed,<br />
and <strong>the</strong> projected cost <strong>of</strong> those<br />
activities. <strong>Compliance</strong> personnel<br />
are also encouraged to review <strong>the</strong><br />
budgets to ensure that <strong>the</strong>y are<br />
being used for legitimate means.<br />
CIAs also require a needs assessment<br />
to be completed prior to<br />
obtaining researchers. The needs<br />
assessment is to identify <strong>the</strong><br />
business or scientific need for <strong>the</strong><br />
information to be provided by<br />
Continued on page 42<br />
<strong>December</strong> 2011<br />
39
If you want to<br />
increase compliance,<br />
start with a training<br />
progam that<br />
engages your staff.<br />
<strong>December</strong> 2011<br />
40<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org
<strong>Health</strong>care facilities that<br />
are serious about reducing<br />
risk choose HCCS.<br />
<strong>Compliance</strong> is serious business and it takes a serious training<br />
program to increase awareness and change staff behavior.<br />
<strong>Compliance</strong> training must have emotional impact and must<br />
change attitudes to be effective.<br />
Engaging, pr<strong>of</strong>essionally<br />
designed multimedia<br />
content is more effective<br />
than page-turning text.<br />
An effective training program requires more than asking<br />
your staff to flip through some electronic text pages. HCCS<br />
online compliance and<br />
competency training<br />
courseware uses pr<strong>of</strong>essional<br />
multimedia<br />
elements to create an<br />
engaging, interactive<br />
learning environment.<br />
Real-life video scenarios<br />
with pr<strong>of</strong>essional actors in healthcare settings, audio narration<br />
and interactivity are combined to increase <strong>the</strong> retention<br />
<strong>of</strong> <strong>the</strong> information presented.<br />
Adult learning is what works.<br />
HCCS courseware is designed using accepted principles<br />
<strong>of</strong> how adults learn and retain information.<br />
Research shows that retention is greatest when <strong>the</strong> learner<br />
sees, hears and interacts with training content.<br />
HCCS courses combine<br />
expert up-to-date content<br />
with expert learning<br />
methods to create<br />
a truly unique learning<br />
experience.<br />
The top University<br />
hospitals in <strong>the</strong> country<br />
choose HCCS.<br />
More than 50 Academic Medical Centers, 25 medical schools<br />
and hundreds <strong>of</strong> o<strong>the</strong>r healthcare facilities have chosen<br />
HCCS training courseware for <strong>the</strong>ir online education.<br />
With over one million registered learners, HCCS is <strong>the</strong><br />
leading provider <strong>of</strong> online multimedia compliance and<br />
competency training courseware.<br />
When<br />
employees<br />
pay<br />
attention,<br />
you reduce<br />
your risk.<br />
Looking for a more effective training solution Want to<br />
increase compliance<br />
Don’t take our word for it, take one <strong>of</strong> our free educational<br />
webinars or test drive our courseware yourself at<br />
www.hccs.com.<br />
hccs<br />
Experts in <strong>Health</strong>care Learning<br />
Call 877-933-4227 for more information and a schedule <strong>of</strong><br />
FREE training webinars or go to www.hccs.com<br />
Medicare • Medicaid • HIPAA • <strong>Quality</strong> Improvement • Research • Nursing<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
<strong>December</strong> 2011<br />
41
CIAs: A look back to <strong>the</strong> future at OIG Investigations ...continued from page 39<br />
<strong>December</strong> 2011<br />
42<br />
<strong>the</strong> researcher, and specific details<br />
about <strong>the</strong> research arrangement.<br />
Establishment <strong>of</strong> a research monitoring<br />
program, which conducts<br />
audits on at least 30 research<br />
arrangements with HCPs (at least<br />
20 <strong>of</strong> which must be ISTs) is also<br />
required. AstraZeneca’s CIA also<br />
provides provisions related to ISTs<br />
that is similar to sections in <strong>the</strong><br />
company CIAs which establish<br />
monitoring programs and reporting<br />
structures for o<strong>the</strong>rs business<br />
divisions within each company.<br />
For example, all <strong>of</strong> <strong>the</strong> CIAs<br />
require <strong>the</strong> establishment <strong>of</strong> a<br />
field force monitoring program to<br />
monitor and evaluate sales representative<br />
interactions with HCPs.<br />
A trend towards documentation <strong>of</strong><br />
objective business justifications is<br />
fur<strong>the</strong>r demonstrated in that CIA<br />
needs assessment requirements<br />
are not exclusive to investigatorinitiated<br />
trials. CIA publication<br />
policies also require <strong>Compliance</strong><br />
personnel to oversee company<br />
publication activities from inception-to-completion<br />
and beyond.<br />
Authors must now enter into<br />
agreements which detail <strong>the</strong> work<br />
to be done, fees to be paid, and<br />
acknowledgement <strong>of</strong> compliance<br />
obligations. Publishing companies<br />
will have to create centrallymanaged,<br />
pre-set rate structures<br />
based on fair market value <strong>of</strong> <strong>the</strong><br />
publications. Annual publication<br />
plans, based on objective business<br />
need assessment, along with<br />
activity budgets and <strong>estimate</strong>d<br />
numbers <strong>of</strong> publications, need<br />
to be reviewed and approved by<br />
<strong>Compliance</strong> personnel in order<br />
to ensure that publication activities<br />
are being used for legitimate<br />
purposes and comply with company<br />
policy and procedures. The<br />
needs assessment process that will<br />
justify publication plans must be<br />
completed and approved by ei<strong>the</strong>r<br />
Legal or <strong>Compliance</strong> personnel,<br />
with consultation by Medical<br />
Affairs, and will provide specific<br />
details <strong>of</strong> <strong>the</strong> publication activities<br />
to be performed.<br />
Moreover, recent CIAs uniformly<br />
require <strong>the</strong> establishment <strong>of</strong><br />
a monitoring program to be<br />
implemented through <strong>the</strong> <strong>Compliance</strong><br />
department. Specifically,<br />
risk-based and random-sampling<br />
approach audits <strong>of</strong> publication<br />
activities are expected to be conducted<br />
by <strong>Compliance</strong> personnel<br />
to ensure that <strong>the</strong> activities align<br />
and are compliant with company<br />
policies and procedures. Notably,<br />
recent CIAs also consistently<br />
require results from <strong>the</strong> monitoring<br />
program to be compiled and<br />
reported to a <strong>Compliance</strong> department<br />
for review and follow-up. 6<br />
As you can see, CIAs executed<br />
today are more robust and include<br />
a variety <strong>of</strong> compliance controls<br />
around Medical Affairs activities.<br />
These controls arguably hinder<br />
<strong>the</strong> <strong>of</strong>f-label use <strong>of</strong> approved<br />
drugs, despite evidence <strong>of</strong> <strong>of</strong>f-label<br />
usage being an indispensable<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
component <strong>of</strong> effective medical<br />
treatment. Indeed, in order for<br />
physicians to make appropriate<br />
choices about new <strong>of</strong>f-label uses,<br />
it is essential that <strong>the</strong>y be properly<br />
educated about <strong>the</strong>m. The industry<br />
plays a critical role in advising<br />
<strong>the</strong> medical pr<strong>of</strong>ession and <strong>the</strong><br />
public about <strong>the</strong>se advances. For<br />
example, peer-to-peer meetings in<br />
<strong>the</strong> form <strong>of</strong> speaker programs are<br />
an effective way for physicians to<br />
be educated about a new product<br />
or developments with an existing<br />
product. However, a paid speaker<br />
is considered an agent <strong>of</strong> <strong>the</strong> drug<br />
company and must adhere to<br />
<strong>the</strong> same compliance guidelines<br />
as a sales representative. Because<br />
physicians who deliver companyapproved<br />
product messaging are<br />
<strong>of</strong>ten asked to also provide medical<br />
opinions, speaker programs<br />
can be viewed by <strong>the</strong> government<br />
as an area <strong>of</strong> high risk regarding<br />
<strong>of</strong>f-label promotion compliance.<br />
Past CIAs make clear that <strong>the</strong><br />
government’s focus on various<br />
pharmaceutical company activities<br />
has and will continue to evolve<br />
in <strong>the</strong> future. As practices in <strong>the</strong><br />
industry have changed in response<br />
to <strong>the</strong> government’s heavy focus<br />
on interactions between company<br />
sales representatives and HCPs,<br />
recent CIA provisions indicate<br />
that <strong>the</strong> focus is shifting to Medical<br />
Affairs. The FDA’s focus also<br />
includes clinical trials, emerging<br />
markets and reimbursement.<br />
Without fur<strong>the</strong>r regulatory
CCB<br />
The <strong>Compliance</strong><br />
Pr<strong>of</strong>essional’s<br />
Certification<br />
definition by <strong>the</strong> FDA as to what<br />
constitutes acceptable Medical<br />
Affairs information dissemination<br />
practices, industry participants<br />
will continue to have to expend<br />
resources looking back to reactive<br />
CIA settlements in order to enact<br />
Medical Affairs department policies<br />
that attempt to predict what<br />
<strong>the</strong> FDA will focus on in future<br />
investigations. n<br />
1. See Sentencing Memorandum <strong>of</strong> <strong>the</strong><br />
United States. Warner-Lambert Co., LLC;<br />
see also Press Release, Dep’t <strong>of</strong> Justice,<br />
Warner-Lambert To Pay $ 430 Million<br />
To Resolve Criminal & Civil <strong>Health</strong> <strong>Care</strong><br />
Liability Relating to Off-Label Promotion<br />
(May 13, 2004),<br />
2. See Sentencing Memorandum <strong>of</strong> <strong>the</strong><br />
United States at 30. Warner-Lambert Co.,<br />
LLC.<br />
3. Available at http://oig.hhs.gov/fraud/cia/<br />
agreements/pfizer_inc_08312009.pdf<br />
4. See e.g., Sentencing Memorandum <strong>of</strong> <strong>the</strong><br />
United States at 27, Warner-Lambert Co.<br />
LLC; Government’s Redacted Sentencing<br />
Memorandum at 24, Schering Sales Corp.;<br />
Press Release, United States Dep’t <strong>of</strong> Justice,<br />
Cell Therapeutics, Inc. to Pay United<br />
States $10.5 Million to Resolve Claims for<br />
Illegal Marketing <strong>of</strong> Cancer Drug (Apr. 17,<br />
2007). Available at http:// www.usdoj.gov/<br />
opa/pr/2007/April/07_civ_258.html.<br />
5. Available at http://oig.hhs.gov/fraud/cia/<br />
agreements/astrazeneca_04272010.pdf<br />
6. See Corporate Integrity Agreement between<br />
OIG and Allergan, Inc. Available at http://<br />
oig.hhs.gov/fraud/cia/agreements/Allerga_<br />
Executed_CIA_with_Appendices.pdf.<br />
See also Corporate Integrity Agreement<br />
between OIG and AstraZeneca Pharmaceuticals<br />
LP and AstraZeneca LP. Available<br />
at http://oig.hhs.gov/fraud/cia/agreements/<br />
astrazeneca_04272010.pdf.<br />
See also Corporate Integrity Agreement<br />
OIG and Forest Laboratories, Inc. Available<br />
at http://oig.hhs.gov/fraud/cia/agreements/<br />
forest_laboratories_inc_09152010.pdf.<br />
See also Corporate Integrity Agreement between<br />
OIG and Novartis Pharmaceuticals<br />
Corporation. Available at http://oig.hhs.<br />
gov/fraud/cia/agreements/Novartis_Pharmaceuticals_Corporation_09292010.pdf.<br />
See also Corporate Integrity Agreement<br />
between OIG and Pfizer Inc. Available at<br />
http://oig.hhs.gov/fraud/cia/agreements/<br />
pfizer_5_11_2004.pdf.<br />
Congratulations!! The following individuals have recently successfully completed <strong>the</strong> CHC®<br />
certification exam, earning <strong>the</strong>ir certification:<br />
John Stanley Bokosky<br />
Kita D. Ca<strong>the</strong>y<br />
Alexander M. Fear<br />
John H. Fisher<br />
Maria Luisa Germani<br />
Lawrence Hendricks<br />
Keri Jennings<br />
The <strong>Compliance</strong> Certification Board (CCB) compliance<br />
certification examinations are available in all<br />
50 states. Join your peers and demonstrate your<br />
compliance knowledge by becoming certified today.<br />
Jacqueline L. Kniska<br />
Henri-Alexandre N. Lauer<br />
Deborah C. Mack<br />
Janice L. Meister<br />
Mary M. Menard<br />
Francine Nigrello<br />
Kathy C. Perkins-Smerdel<br />
Stacy A. Schulze<br />
Maria V. Sessions<br />
Kimalisa K. Shamblin<br />
Anna E. Ward<br />
Angele T. White<br />
Kelly Victoria Wittmeyer<br />
Congratulations!! The following individual has recently successfully completed <strong>the</strong> CHRC®<br />
certification exam, earning her certification:<br />
Cynthia R. Molnar<br />
Congratulations!! The following individuals have recently successfully completed <strong>the</strong> CHPC®<br />
certification exam, earning <strong>the</strong>ir certification:<br />
Blaine A. Kerr Karen C. Schimpf Laurie A. Smaldon<br />
The CCB <strong>of</strong>fers certifications in <strong>Health</strong>care <strong>Compliance</strong> (CHC®), <strong>Health</strong>care<br />
Research <strong>Compliance</strong> (CHRC®), and <strong>the</strong> Certified in <strong>Health</strong>care <strong>Compliance</strong><br />
Fellowship (CHC-F®).<br />
Certification benefits:<br />
n Enhances <strong>the</strong> credibility <strong>of</strong> <strong>the</strong> compliance practitioner<br />
n Establishes pr<strong>of</strong>essional standards and status for compliance pr<strong>of</strong>essionals in<br />
<strong>Health</strong>care and <strong>Health</strong>care Research<br />
n Heightens <strong>the</strong> credibility <strong>of</strong> compliance practitioners and <strong>the</strong> compliance<br />
programs staffed by <strong>the</strong>se certified pr<strong>of</strong>essionals<br />
n Ensures that each certified practitioner has <strong>the</strong> knowledge base necessary to<br />
perform <strong>the</strong> compliance function<br />
n Facilitates communication with o<strong>the</strong>r industry pr<strong>of</strong>essionals, such as physicians,<br />
government <strong>of</strong>ficials and attorneys<br />
n Demonstrates <strong>the</strong> hard work and dedication necessary to succeed in <strong>the</strong><br />
compliance field<br />
For more information about certification,<br />
please call 888/580-8373, email ccb@hcca-info.org, or visit our<br />
website at www.hcca-info.org.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
<strong>December</strong> 2011<br />
43
<strong>December</strong> 2011<br />
44<br />
focus<br />
feature<br />
Medicaid RACs:<br />
Tool <strong>of</strong> transparency or torment<br />
Editor’s note: Rebecca Jones McKnight is an Associate<br />
with DLA Piper LLP (US) in Austin, Texas. She may be<br />
contacted by e-mail at rebecca.mcknight@dlapiper.com.<br />
Children <strong>of</strong>ten share a fascination with ants.<br />
As a child, you may have watched worker<br />
ants crossing your sidewalk, carrying seemingly<br />
impossible loads <strong>of</strong> food back to <strong>the</strong> queen<br />
and her brood. This fascination with ants <strong>of</strong>ten leads<br />
children to use glass—a ra<strong>the</strong>r simple substance—as<br />
a tool to learn more about ants.<br />
Maybe you set up a glass ant farm (technical term:<br />
formicarium) to provide a window into <strong>the</strong> inner<br />
workings <strong>of</strong> an ant colony, watching <strong>the</strong> ants go<br />
about <strong>the</strong>ir ant business. Maybe you used a magnifying<br />
glass to examine ants more closely, marveling at<br />
<strong>the</strong>ir mandibles, and being thankful that <strong>the</strong> 1954<br />
movie Them! (in which atomic tests caused ants to<br />
mutate into giant man-eating monsters) was, in fact,<br />
fiction. But maybe <strong>the</strong>re was a kid on your block<br />
who did not share your appreciation for our diligent<br />
insect friends. With a less benevolent interest in<br />
<strong>the</strong>se creatures, he used his magnifying glass as a tool<br />
to torment unassuming ant victims.<br />
On September 14, 2011, <strong>the</strong> Centers for Medicare<br />
& Medicaid Services (CMS) issued its anxiously<br />
awaited final rule on state Medicaid Recovery<br />
Audit Contractor (RAC) programs. The final rule<br />
implements section 6411 <strong>of</strong> <strong>the</strong> Patient Protection<br />
and Affordable <strong>Care</strong> Act, which requires states to<br />
By Rebecca Jones McKnight<br />
establish a program with one or more Recovery<br />
Audit Contractors (RACs) in order to identify<br />
underpayments and overpayments to Medicaid, and<br />
to recoup <strong>the</strong> overpayments.<br />
In o<strong>the</strong>r words, to see whe<strong>the</strong>r <strong>the</strong> worker ants are<br />
shortchanging <strong>the</strong> queen.<br />
CMS issued a proposed rule on Medicaid RACs on<br />
November 10, 2010. The original due date for states<br />
to implement RACs was April 1, 2011. It became<br />
clear, however, that this was not a realistic time<br />
frame. On February 1, 2011, CMS announced that<br />
<strong>the</strong> proposed implementation date would be pushed<br />
back to await <strong>the</strong> final rule.<br />
Now <strong>the</strong> time is at hand. Under <strong>the</strong> final rule, states<br />
must have Medicaid RAC programs in place by January<br />
1, 2012. Will Medicaid RACs be a tool <strong>of</strong> transparency<br />
into provider payment practices, or a tool <strong>of</strong><br />
torment for providers already subject to numerous<br />
types <strong>of</strong> government oversight and inquiry<br />
Why is that kid eyeballing me<br />
The Medicaid RAC program draws on history. After a<br />
demonstration period for <strong>the</strong> Medicare RAC program<br />
identified over $1 billion in improper payments,<br />
Congress permanently authorized that program in <strong>the</strong><br />
Tax Relief and <strong>Health</strong> <strong>Care</strong> Act <strong>of</strong> 2006 (TRHCA).<br />
Congress required CMS to push <strong>the</strong> program out to all<br />
<strong>the</strong> states. This law and <strong>the</strong> program that implemented it<br />
influenced <strong>the</strong> development <strong>of</strong> <strong>the</strong> Medicaid RAC rules.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org
Legislators viewed <strong>the</strong> Medicare RAC demonstration<br />
period as a major success. Stakeholders, however, had<br />
<strong>the</strong>ir concerns. They cited inconsistency in <strong>the</strong> RACs’<br />
documentation <strong>of</strong> “good cause” for reviewing claims<br />
and lack <strong>of</strong> physician presence on RAC staffs. CMS<br />
addressed <strong>the</strong>se concerns when it implemented its<br />
permanent Medicare RAC program. Stakeholders also<br />
took issue with <strong>the</strong> contingency fee payment structure<br />
required by TRHCA. Although TRHCA mandated<br />
that RACs be paid on a contingency fee basis, CMS’s<br />
implementation <strong>of</strong> <strong>the</strong> program provided that if a<br />
RAC’s determination were overturned at any stage <strong>of</strong><br />
<strong>the</strong> appeals process, <strong>the</strong> RAC would be required to<br />
return <strong>the</strong> related contingency fee payment.<br />
n provides guidance on <strong>the</strong> payment methodology<br />
for state payments to Medicaid RACs;<br />
n directs states to ensure that adequate appeal processes<br />
are in place for providers to dispute adverse<br />
determinations made by Medicaid RACs; and<br />
n directs states to coordinate with o<strong>the</strong>r contractors<br />
and entities that audit Medicaid providers, as well<br />
as state and federal law enforcement agencies.<br />
Should I be worried<br />
With <strong>the</strong> thought <strong>of</strong> <strong>the</strong> beam <strong>of</strong> illumination narrowing,<br />
and hearing a sizzle in <strong>the</strong>ir minds, providers<br />
have concerns. Who will be behind <strong>the</strong> glass, looking<br />
in Will it be Dr. Dolittle Jr. 2 or “The Good Son” 3<br />
Medicaid providers may feel <strong>the</strong>y’re already thoroughly<br />
watched and examined through <strong>the</strong> glass.<br />
They have already been subject to <strong>the</strong>ir share <strong>of</strong><br />
audits through programs such as <strong>the</strong> Medicaid Audit<br />
Medicaid Integrity Contractors (Audit MICs). The<br />
new Medicaid RACs will not replace existing Medicaid<br />
audit programs; <strong>the</strong>y will create yet ano<strong>the</strong>r<br />
oversight and scrutiny mechanism. CMS anticipates<br />
“working both internally and with <strong>the</strong> States to<br />
minimize [<strong>the</strong>] administrative burden” <strong>of</strong> overlapping<br />
audits. 1 Providers remain skeptical.<br />
Even within this context, and with <strong>the</strong> benefit <strong>of</strong><br />
lessons learned from <strong>the</strong> Medicare RAC program,<br />
providers were concerned. Seventy-six commenters<br />
weighed in on <strong>the</strong> November 10, 2010 proposed rule.<br />
As a result <strong>of</strong> “numerous comments” from stakeholders,<br />
CMS made some modifications to <strong>the</strong> proposed<br />
Medicaid RAC program in <strong>the</strong> final rule. That said,<br />
many <strong>of</strong> <strong>the</strong> key proposed elements remain. Although<br />
<strong>the</strong> rule itself is not that lengthy, <strong>the</strong> proposed<br />
Medicaid RAC regulations garnered significant attention,<br />
and CMS spent more than 100 pages addressing<br />
comments and defending its approach. The final rule:<br />
n provides guidance to states on federal/state funding<br />
<strong>of</strong> state start-up, operation, and maintenance<br />
costs <strong>of</strong> Medicaid RACs;<br />
Under <strong>the</strong> final rule (42 C.F.R. §§ 455.500 - .518),<br />
a Medicaid RAC must demonstrate to a state that it<br />
has <strong>the</strong> “technical capability” to carry out required<br />
activities. RACs must employ trained medical pr<strong>of</strong>essionals<br />
in good standing with <strong>the</strong> state to review<br />
Medicaid claims. Unless a state obtains an exemption,<br />
each Medicaid RAC must hire a minimum <strong>of</strong><br />
one full-time employee medical director who is a<br />
Doctor <strong>of</strong> Medicine or Doctor <strong>of</strong> Osteopathy. The<br />
rule also requires Medicaid RACs to hire certified<br />
coders, unless <strong>the</strong> state determines that certified<br />
coders are not required for <strong>the</strong> effective review <strong>of</strong><br />
Medicaid claims. The rule provides additional elements<br />
<strong>of</strong> “customer service” that RACs and states<br />
must develop to provide education and outreach to<br />
providers, including:<br />
n Communication <strong>of</strong> audit policies and protocols;<br />
n Minimum customer service measures, such as:<br />
o providing a toll-free customer service telephone<br />
number staffed during normal business hours,<br />
and<br />
o compiling and maintaining provider approved<br />
addresses and points <strong>of</strong> contact;<br />
n Mandatory acceptance <strong>of</strong> provider submissions<br />
<strong>of</strong> electronic medical records on CD/DVD or via<br />
facsimile at <strong>the</strong> providers’ request;<br />
Continued on page 46<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
<strong>December</strong> 2011<br />
45
Medicaid RACs: Tool <strong>of</strong> transparency or torment ...continued from page 45<br />
<strong>December</strong> 2011<br />
46<br />
n Notifying providers <strong>of</strong> overpayment findings<br />
within 60 calendar days;<br />
n Unless a state obtains an exemption, a 3-year<br />
maximum claims look-back period; and<br />
n Unless a RAC obtains an exception from a state, <strong>the</strong><br />
RAC must follow state-established limits on <strong>the</strong> number<br />
and frequency <strong>of</strong> medical records requested by a RAC.<br />
Can I trust <strong>the</strong> kid with <strong>the</strong> magnifying glass<br />
Are that kid’s parents paying him by-<strong>the</strong>-ant to act<br />
as an amateur exterminator The use <strong>of</strong> contingency<br />
fees for RAC compensation has continued to raise<br />
provider concerns. One commenter said contingency<br />
fee structures have <strong>the</strong> “overwhelming tendency to<br />
push auditors ‘to take a chance’ and inappropriately<br />
deny claims.” Ano<strong>the</strong>r commenter maintained<br />
contingency fees “perversely incentivize...RACs to<br />
engage in bounty hunting, which leads to increased<br />
expenses and administrative burdens for providers.” 4<br />
It is notable that in <strong>the</strong> Medicare RAC pilot program,<br />
96% <strong>of</strong> <strong>the</strong> errors identified by <strong>the</strong> RACs were<br />
overpayments. A substantial number <strong>of</strong> <strong>the</strong> RACs’<br />
payment denials were not upheld on appeal.<br />
CMS’s responses emphasized that <strong>the</strong> statute requires<br />
Medicaid RACs to be paid on a contingency fee basis.<br />
Nei<strong>the</strong>r CMS nor <strong>the</strong> states have discretion to change<br />
this basic approach to compensation, unless state law<br />
prohibits <strong>the</strong> arrangement. CMS also asserted that <strong>the</strong><br />
methodology “has been a standard practice accepted<br />
among private health care payers for more than 20<br />
years,” and that it had “surveyed States that have RAClike<br />
programs which utilize a contingency fee payment<br />
structure and ha[d] not learned <strong>of</strong> any circumstances in<br />
which RACs were improperly incentivized to recover<br />
overpayments from Medicaid providers.” 5<br />
CMS also cited, as a safeguard, <strong>the</strong> final rule’s provision<br />
requiring that RACs return contingency fees<br />
within a reasonable time frame if a Medicaid RAC<br />
determination is reversed at any level <strong>of</strong> appeal.<br />
But I’m tired <strong>of</strong> being a science project!<br />
Inquisitive scientific minds are all well and good, but<br />
what happens when <strong>the</strong> ant that has been captured<br />
for observation in an ant farm is finally released at a<br />
parent’s behest, only to be captured by ano<strong>the</strong>r wellmeaning<br />
child Commenters were concerned with<br />
duplication <strong>of</strong> existing program integrity efforts. Several<br />
commenters suggested this could ultimately impact<br />
provider participation and patient access to care.<br />
CMS disagreed. CMS does not think <strong>the</strong> Medicaid<br />
RAC program is duplicative <strong>of</strong> <strong>the</strong> federal national<br />
audit program in which federal MICs conduct audits<br />
<strong>of</strong> Medicaid providers. CMS considers MICs and<br />
RACs “fundamentally different” and “complementary,”<br />
with MICs addressing vulnerabilities at <strong>the</strong><br />
regional and national level, and RACs addressing<br />
state-specific vulnerabilities, tailored to <strong>the</strong> characteristics<br />
<strong>of</strong> each state’s Medicaid program. According<br />
to CMS, Congress directed <strong>the</strong> establishment <strong>of</strong><br />
Medicaid RACs “with full awareness <strong>of</strong> <strong>the</strong> various<br />
program integrity initiatives for which it had given<br />
previous authority” and “Congress did not relax any<br />
<strong>of</strong> those previously authorized program integrity<br />
activities.” 6 As a result, CMS believes Congress<br />
intended Medicaid RACs to supplement previously<br />
authorized program integrity activities.<br />
Prepare to be examined<br />
Medicaid compliance should be at <strong>the</strong> top <strong>of</strong> providers’<br />
lists for compliance activities. While states are<br />
developing <strong>the</strong>ir Medicaid RAC programs, providers<br />
should not sit idly by. With states moving to implement<br />
<strong>the</strong> Medicaid RAC tool, providers should<br />
ensure <strong>the</strong>y are ready to be examined, with comprehensive<br />
Government Audit Committees prepared to<br />
address Medicaid RAC issues, among o<strong>the</strong>rs. These<br />
multi-disciplinary committees should review claims<br />
and denial data for warning signs; develop standard<br />
approaches to responding to RAC requests; design<br />
standard correspondence and appeal letters that<br />
Continued on page 71<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org
Confidence and<br />
precision in claims<br />
audits: <strong>Quality</strong> <strong>of</strong> <strong>the</strong><br />
Editor’s note: Cornelia M.<br />
Dorfschmid is Executive Vice<br />
President with Strategic Management<br />
in Alexandra, Virginia. She may be<br />
contacted by e-mail at cdorfschmid@<br />
strategicm.com or by telephone at<br />
703/683-9600, ext 419.<br />
The contractor reform in<br />
health care brought a<br />
consolidation <strong>of</strong> Medicare<br />
contractors and new contractors,<br />
as exemplified by <strong>the</strong> Medicare<br />
Administrative Contractors<br />
(MACs), Medicaid Integrity<br />
Contractors (MICs), Medicare<br />
Recovery Audit Contractors<br />
(RACs), and Zone Program<br />
Integrity Contractors (ZPICs).<br />
These government contractors<br />
have different objectives, some are<br />
more fraud oriented (e.g., ZPIC),<br />
and o<strong>the</strong>rs are focused on detecting<br />
payment errors (e.g., MACs,<br />
RACs). They conduct pre- and<br />
post-payment audits. However,<br />
no matter what <strong>the</strong>ir charge and<br />
CMS-assigned tasks are, <strong>the</strong>se<br />
contractors have aggressively<br />
been monitoring and auditing<br />
claims that were paid to health<br />
care organizations by <strong>the</strong> federal<br />
and state health care programs. In<br />
<strong>estimate</strong><br />
By Cornelia M. Dorfschmid, PhD<br />
<strong>the</strong>ir claims audits, <strong>the</strong> contractors<br />
typically assess whe<strong>the</strong>r <strong>the</strong>re were<br />
inappropriate payments received<br />
by a health care organization and,<br />
if so, <strong>the</strong>y determine <strong>the</strong> recovery<br />
amount. Oftentimes <strong>the</strong> totality <strong>of</strong><br />
cases (e.g., charts, claims, line item<br />
<strong>of</strong> claims, beneficiaries, or whatever<br />
<strong>the</strong> unit <strong>of</strong> observation may be),<br />
which may potentially be affected<br />
by a suspected billing error, cannot<br />
be reviewed. Time and cost<br />
constraints and benefit/cost considerations<br />
make a sample a much<br />
more viable alternative. If <strong>the</strong> sample<br />
is a statistically valid random<br />
sample (SVRS), such as a “probability<br />
sample” as set forth in <strong>the</strong><br />
Centers for Medicare & Medicaid<br />
Services (CMS) Medicare Program<br />
Integrity Manual (PIM), <strong>the</strong>n <strong>the</strong><br />
contractor may draw conclusions<br />
from <strong>the</strong> sample to <strong>the</strong> universe<br />
(total number) <strong>of</strong> cases. Simply<br />
put, one can <strong>estimate</strong> <strong>the</strong> total<br />
overpayment in <strong>the</strong> total number<br />
<strong>of</strong> cases by projecting overpayments<br />
from a relatively small sample<br />
to <strong>the</strong> universe at large.<br />
Similar considerations, which<br />
weigh <strong>the</strong> possibility <strong>of</strong> using <strong>the</strong><br />
universe <strong>of</strong> cases affected by a<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
potential payment error pattern<br />
versus a sample with appropriate<br />
projection, are increasingly also<br />
part <strong>of</strong> many providers’ internal<br />
auditing and monitoring strategies.<br />
So what does it take to develop a<br />
good <strong>estimate</strong> Three aspects can<br />
be considered.<br />
n Correct interpretation <strong>of</strong> <strong>the</strong><br />
projected <strong>estimate</strong><br />
To begin with, it requires that <strong>the</strong><br />
<strong>estimate</strong> is projected from a random<br />
sample that was based on <strong>the</strong> correct<br />
interpretation and application<br />
<strong>of</strong> <strong>the</strong> various medical documentation<br />
requirements and payer coverage<br />
rules. If <strong>the</strong> medical review, <strong>the</strong><br />
application <strong>of</strong> coverage criteria, and<br />
case-by-case review findings can be<br />
challenged in an appeal or a quality<br />
assurance process, <strong>the</strong> overpayment<br />
<strong>estimate</strong> derived from <strong>the</strong> sample<br />
would not be tenable.<br />
n Statistically valid random<br />
sample<br />
Ano<strong>the</strong>r aspect <strong>of</strong> a good <strong>estimate</strong><br />
is that it must be generated from<br />
a statistically valid random sample<br />
that was selected. If <strong>the</strong>re is no<br />
statistically valid sample, <strong>the</strong>n<br />
<strong>the</strong> validity <strong>of</strong> <strong>the</strong> projection <strong>of</strong><br />
<strong>the</strong> total overpayment <strong>estimate</strong> is<br />
difficult to defend.<br />
n Confidence and precision<br />
If each sampled case was reviewed<br />
correctly and <strong>the</strong> sample was a<br />
statistically valid random sample,<br />
acceptable confidence (i.e, degree<br />
Continued on page 48<br />
<strong>December</strong> 2011<br />
<strong>47</strong>
Confidence and precision in claims audits: <strong>Quality</strong> <strong>of</strong> <strong>the</strong> <strong>estimate</strong> ...continued from page <strong>47</strong><br />
<strong>December</strong> 2011<br />
48<br />
<strong>of</strong> certainty that <strong>the</strong> sample correctly<br />
depicts <strong>the</strong> universe) and<br />
precision (i.e., range <strong>of</strong> accuracy)<br />
are <strong>the</strong> third piece needed for<br />
a quality <strong>estimate</strong> <strong>of</strong> <strong>the</strong> total<br />
overpayment in <strong>the</strong> universe.<br />
Precision and confidence<br />
trade–<strong>of</strong>f<br />
The quality <strong>of</strong> <strong>the</strong> <strong>estimate</strong> depends<br />
on <strong>the</strong> precision and confidence<br />
levels reached in <strong>the</strong> estimation process.<br />
Both high confidence and high<br />
precision are desirable qualities in<br />
an overpayment <strong>estimate</strong>. They are<br />
expressed in ranges or percentages.<br />
There are one- and two-sided confidence<br />
intervals that are reported<br />
at various levels <strong>of</strong> precision.<br />
One-sided confidence intervals deal<br />
with whe<strong>the</strong>r <strong>the</strong> true value for <strong>the</strong><br />
universe (e.g., total overpayment) is<br />
greater or smaller than <strong>the</strong> <strong>estimate</strong>.<br />
Two-sided confidence intervals deal<br />
with whe<strong>the</strong>r <strong>the</strong> true value for<br />
<strong>the</strong> universe is between two given<br />
numbers (lower and upper bounds),<br />
i.e., a bounded range.<br />
In overpayment extrapolations,<br />
<strong>the</strong> quality <strong>of</strong> <strong>the</strong> <strong>estimate</strong> <strong>of</strong><br />
total overpayment in <strong>the</strong> universe<br />
can be described as a range or a<br />
percentage for <strong>the</strong> so-called “point<br />
<strong>estimate</strong>.” The point <strong>estimate</strong> is<br />
simply <strong>the</strong> average overpayment in<br />
<strong>the</strong> sample inflated by <strong>the</strong> universe<br />
size. Using <strong>the</strong> point <strong>estimate</strong> views<br />
<strong>the</strong> universe as just a larger version<br />
<strong>of</strong> <strong>the</strong> sample. The observed<br />
confidence and precision levels are<br />
statistical measures calculated from<br />
<strong>the</strong> data <strong>of</strong> a particular sample<br />
and qualify that view by reporting<br />
<strong>the</strong> uncertainty that is associated<br />
with <strong>the</strong> particular point <strong>estimate</strong>.<br />
Namely, confidence and precision<br />
allow us to give a range <strong>of</strong> uncertainty<br />
around <strong>the</strong> point <strong>estimate</strong>.<br />
This range implies that <strong>the</strong> random<br />
sample that was drawn is not an<br />
exact miniature version <strong>of</strong> <strong>the</strong><br />
universe. Each sample may render<br />
a somewhat different picture,<br />
hence a range.<br />
For example, if an auditor reports<br />
<strong>the</strong> overpayment <strong>estimate</strong> <strong>of</strong><br />
$10,000 with a two-sided 90%<br />
confidence interval and 5%<br />
precision level, this means that <strong>the</strong><br />
auditor is 90% certain that <strong>the</strong><br />
true overpayment value for <strong>the</strong><br />
universe is $10,000 +/- $500, (i.e.,<br />
is between $9,500 and $10,500).<br />
The $500 is <strong>the</strong> precision amount<br />
and <strong>the</strong> precision percentage is<br />
5%. Clearly, if we could raise <strong>the</strong><br />
confidence level to 95% or even<br />
99% for that same precision level<br />
<strong>of</strong> 5%, that would render a higher<br />
quality <strong>estimate</strong>. Similarly, if we<br />
could tighten <strong>the</strong> precision range<br />
and <strong>the</strong>reby make <strong>the</strong> <strong>estimate</strong><br />
more precise at 90% confidence<br />
level (e.g., make it +/- 3% or<br />
equivalent to a $600 range), that<br />
would also be preferable.<br />
For any given sample, <strong>the</strong> auditor<br />
can always raise <strong>the</strong> certainty<br />
(i.e., raise <strong>the</strong> confidence level) by<br />
making <strong>the</strong> statement about <strong>the</strong><br />
<strong>estimate</strong> in relation to <strong>the</strong> true<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
value in <strong>the</strong> universe less precise.<br />
The extreme position may be<br />
illustrative. For example, one can<br />
always say for <strong>the</strong> point <strong>estimate</strong><br />
that one is 100% confident that <strong>the</strong><br />
true value is between minus infinity<br />
and plus infinity (i.e., pairing complete<br />
imprecision with complete<br />
certainty/confidence). Any o<strong>the</strong>r<br />
more meaningful combinations<br />
<strong>of</strong> confidence/precision levels for<br />
<strong>the</strong> same point <strong>estimate</strong> that was<br />
generated from one-and-<strong>the</strong>-same<br />
sample are just re-statements <strong>of</strong><br />
an inherent trade<strong>of</strong>f. This trade<strong>of</strong>f<br />
renders <strong>the</strong> same statistical information.<br />
To conclude, whenever<br />
<strong>the</strong> sample size is fixed and <strong>the</strong><br />
point <strong>estimate</strong> is calculated, <strong>the</strong>re<br />
is a trade<strong>of</strong>f between confidence<br />
and precision levels. One cannot<br />
improve both any more.<br />
Ano<strong>the</strong>r valid method <strong>of</strong> stating<br />
confidence and precision levels<br />
that is sometimes used for point<br />
<strong>estimate</strong>s in overpayment cases is<br />
using <strong>the</strong> one-sided confidence<br />
interval. In this approach, <strong>the</strong> auditor<br />
typically states <strong>the</strong> confidence<br />
level <strong>of</strong> <strong>the</strong> point <strong>estimate</strong> at a<br />
lower limit. Ra<strong>the</strong>r than reporting<br />
a bounded range around <strong>the</strong><br />
<strong>estimate</strong>, <strong>the</strong> range becomes openended.<br />
For example, <strong>the</strong> auditor<br />
may report a point <strong>estimate</strong> <strong>of</strong><br />
$10,000 for a one-sided 90%<br />
confidence interval with a $9,650<br />
lower limit. This means <strong>the</strong> auditor<br />
reports a point <strong>estimate</strong> <strong>of</strong> $10,000<br />
for which he/she is 90% confident<br />
that <strong>the</strong> true overpayment in <strong>the</strong>
universe is no less than $9,650. No<br />
upper bound is reported for this<br />
one-sided confidence interval; <strong>the</strong><br />
interval is open-ended upwards.<br />
Sample size affects precision<br />
and confidence<br />
Generally speaking and all else<br />
being equal, <strong>the</strong> higher <strong>the</strong> confidence<br />
and precision levels <strong>of</strong> a<br />
point <strong>estimate</strong>, <strong>the</strong> closer one is<br />
to <strong>the</strong> true overpayment in <strong>the</strong><br />
universe. High precision and confidence<br />
are <strong>the</strong>refore indications<br />
<strong>of</strong> a quality <strong>estimate</strong>. The larger<br />
<strong>the</strong> sample size that underlies <strong>the</strong><br />
overpayment extrapolation, <strong>the</strong><br />
better <strong>the</strong> confidence and precision<br />
levels (i.e., narrower ranges<br />
around <strong>the</strong> point <strong>estimate</strong>) one<br />
may expect. These basic concepts,<br />
however, are not always fully<br />
understood and <strong>the</strong>refore, sample<br />
size and validity <strong>of</strong> <strong>the</strong> <strong>estimate</strong><br />
can be confused in this context.<br />
One <strong>of</strong> <strong>the</strong> first issues, which I<br />
<strong>of</strong>ten see raised by providers and/<br />
or <strong>the</strong>ir attorneys in appeals that<br />
involve extrapolated overpayments<br />
in claims, is that <strong>the</strong> sample<br />
size was too small and hence <strong>the</strong><br />
extrapolation not valid. However,<br />
<strong>the</strong> validity <strong>of</strong> <strong>the</strong> sample does not<br />
depend on <strong>the</strong> sample size. A small<br />
but statistically valid sample can<br />
always generate a valid overpayment<br />
<strong>estimate</strong>. Validity is only a necessary<br />
condition, but not a sufficient condition<br />
for a quality <strong>estimate</strong>. The<br />
quality <strong>of</strong> <strong>the</strong> <strong>estimate</strong> is, however,<br />
affected by <strong>the</strong> sample size because<br />
it affects confidence and precision<br />
levels. The latter are statistical<br />
concepts that describe <strong>the</strong> quality <strong>of</strong><br />
<strong>the</strong> <strong>estimate</strong>. They can also be set as<br />
thresholds or targets and <strong>the</strong>n used<br />
in <strong>the</strong> decision process to determine<br />
when valid overpayment <strong>estimate</strong>s<br />
are actually “good enough” (i.e., <strong>of</strong><br />
acceptable quality).<br />
OIG and CMS on confidence<br />
and precision<br />
Once <strong>the</strong> auditor has selected <strong>the</strong><br />
sample, <strong>the</strong> size is set and claims get<br />
reviewed. The precision percentage<br />
for <strong>the</strong> point <strong>estimate</strong> derived from<br />
<strong>the</strong> particular sample can <strong>the</strong>n be<br />
reported at 80%, 90%, 95%, or<br />
even 99% confidence level. It is a<br />
matter <strong>of</strong> choice how it is reported.<br />
The higher <strong>the</strong> confidence level<br />
used to report <strong>the</strong> point <strong>estimate</strong>,<br />
<strong>the</strong> lower <strong>the</strong> precision percentage<br />
will be. This trade–<strong>of</strong>f between<br />
confidence and precision is simply<br />
driven by <strong>the</strong> data audited and laws<br />
<strong>of</strong> statistics. Without more observations<br />
one cannot improve both.<br />
But, what should be done How<br />
should it be reported How do we<br />
compare apples to apples<br />
Government contractors and<br />
agencies set different objectives<br />
that describe <strong>the</strong> minimum<br />
standards or targets levels for <strong>the</strong><br />
quality <strong>of</strong> <strong>the</strong> point <strong>estimate</strong> (i.e.,<br />
precision and confidence levels <strong>of</strong><br />
<strong>the</strong> total overpayment <strong>estimate</strong>).<br />
A 90% confidence interval is most<br />
frequently used in government<br />
audits and self-disclosures.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
Understanding <strong>the</strong> basic concepts<br />
above and nuances in <strong>the</strong> government<br />
agencies and contractors’<br />
expectations are critical to success in:<br />
n appealing a claims review result<br />
or recovery amount demand, and<br />
n applying government auditing<br />
standards and best practice<br />
claims review methods proactively<br />
in provider-internal monitoring<br />
and auditing projects.<br />
OIG (Office <strong>of</strong> Inspector General<br />
<strong>of</strong> <strong>the</strong> US Department <strong>of</strong> <strong>Health</strong><br />
and Human Services) has put<br />
forward target levels for:<br />
n providers that self-report<br />
overpayments to <strong>the</strong> OIG, and<br />
n Independent Review<br />
Organizations (IROs) that<br />
review claims <strong>of</strong> certain health<br />
care entities under Corporate<br />
Integrity Agreements (CIAs). 1<br />
OIG requires reporting <strong>the</strong> overpayment<br />
point <strong>estimate</strong> for <strong>the</strong><br />
universe at 90% confidence level<br />
(two-sided) and requires that it<br />
must reach a precision <strong>of</strong> +/- 25%.<br />
If <strong>the</strong> precision <strong>of</strong> <strong>the</strong> point <strong>estimate</strong><br />
that is reached is worse and<br />
exceeds this percentage threshold,<br />
<strong>the</strong> point <strong>estimate</strong> is not considered<br />
acceptable. One way to cure<br />
this deficiency would be to increase<br />
<strong>the</strong> sample size and re-project.<br />
CMS is less clear in its requirements<br />
on confidence and precision<br />
levels for <strong>the</strong> point <strong>estimate</strong><br />
<strong>of</strong> overpayments. They allow<br />
Continued on page 50<br />
<strong>December</strong> 2011<br />
49
Confidence and precision in claims audits: <strong>Quality</strong> <strong>of</strong> <strong>the</strong> <strong>estimate</strong> ...continued from page 49<br />
<strong>December</strong> 2011<br />
50<br />
<strong>the</strong> point <strong>estimate</strong> for recovery<br />
amount demanded, but only if <strong>the</strong><br />
precision is high. The CMS Medicare<br />
Program Integrity Manual<br />
(PIM) states <strong>the</strong> following:<br />
In most situations <strong>the</strong> lower<br />
limit <strong>of</strong> a one-sided 90 percent<br />
confidence interval shall be<br />
used as <strong>the</strong> amount <strong>of</strong> overpayment<br />
to be demanded for<br />
recovery from <strong>the</strong> provider<br />
or supplier. The details <strong>of</strong> <strong>the</strong><br />
calculation <strong>of</strong> this lower limit<br />
involve subtracting some multiple<br />
<strong>of</strong> <strong>the</strong> <strong>estimate</strong>d standard<br />
error from <strong>the</strong> point <strong>estimate</strong>,<br />
thus yielding a lower figure.<br />
This procedure, which, through<br />
confidence interval estimation,<br />
incorporates <strong>the</strong> uncertainty<br />
inherent in <strong>the</strong> sample design,<br />
is a conservative method that<br />
works to <strong>the</strong> financial advantage<br />
<strong>of</strong> <strong>the</strong> provider or supplier.<br />
That is, it yields a demand<br />
amount for recovery that is<br />
very likely less than <strong>the</strong> true<br />
amount <strong>of</strong> overpayment, and<br />
it allows a reasonable recovery<br />
without requiring <strong>the</strong> tight<br />
precision that might be needed<br />
to support a demand for <strong>the</strong><br />
point <strong>estimate</strong>. However, <strong>the</strong><br />
PSC [Program Safeguard Contractor]<br />
or ZPIC BI [Benefit<br />
Integrity] unit or <strong>the</strong> contractor<br />
MR [Medical Review] unit is<br />
not precluded from demanding<br />
<strong>the</strong> point <strong>estimate</strong> where high<br />
precision has been achieved. 2<br />
The PIM does not define what<br />
exactly “high precision” means<br />
in claims audits and recovery<br />
situations. There is no clear CMS<br />
standard for acceptable precision in<br />
overpayment audits. The ambiguity<br />
has led to much debate and can<br />
be an issue raised in <strong>the</strong> appeals<br />
process. CMS contractors routinely<br />
use and demand <strong>the</strong> lower limit<br />
<strong>of</strong> <strong>the</strong> one-sided 90% confidence<br />
interval <strong>of</strong> <strong>the</strong> point <strong>estimate</strong> as<br />
<strong>the</strong> recovery amount. The problem<br />
with this is that technically, one<br />
can always calculate <strong>the</strong> lower limit<br />
<strong>of</strong> a one-sided 90% confidence<br />
interval for any point <strong>estimate</strong>,<br />
regardless how precise it may be.<br />
What remains unclear is when a<br />
low precision is just too low to<br />
render a point <strong>estimate</strong> that is still<br />
meaningful. Without a meaningful<br />
point <strong>estimate</strong>, however, <strong>the</strong>re<br />
may also not be a good reason<br />
in calculating and using a lower<br />
bound ei<strong>the</strong>r. OIG, in that respect,<br />
defined a much clearer standard for<br />
<strong>the</strong> health care industry.<br />
This author believes <strong>the</strong> OIG’s<br />
standard <strong>of</strong> 90% confidence/25%<br />
precision is one that is clear and<br />
worth referring to as a minimum<br />
standard in any claims audit that<br />
involves overpayment extrapolation<br />
using <strong>the</strong> point <strong>estimate</strong>.<br />
Providers and suppliers may want<br />
to consult this standard in any<br />
payment disputes. n<br />
1 HHS Office <strong>of</strong> Inspector General, Publication<br />
<strong>of</strong> <strong>the</strong> OIG’s Provider Self-Disclosure<br />
Protocol (1998). Available at http://oig.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
hhs.gov/authorities/docs/selfdisclosure.pdf<br />
2 See, CMS Medicare Program Integrity<br />
Manual, Chapter 8-Administrative Actions<br />
and Statistical Sampling for Overpayment<br />
Estimate, 8.4.5.1 - The point <strong>estimate</strong>.<br />
(Note, <strong>the</strong> PIM was recently rearranged and<br />
sections <strong>of</strong> Chapter 3 moved to Chapter 8.)<br />
Available at http://www.cms.gov/manuals/<br />
downloads/pim83c08.pdf; http://www.cms.<br />
gov/Transmittals/Downloads/R377PI.pdf<br />
Be Sure to<br />
Get Your<br />
CHC® CEUs<br />
Articles related to <strong>the</strong> quiz<br />
in this issue <strong>of</strong> <strong>Compliance</strong><br />
Today:<br />
n Mail call: How to<br />
respond to a regulatory<br />
investigation—By K Royal,<br />
page 8<br />
n Losing sleep over<br />
health care marketing<br />
arrangements—By Lawrence<br />
Conn page 24<br />
n <strong>Compliance</strong> 101: Pay now or<br />
pay later—By Joyce Freville<br />
page 56<br />
To obtain one CEU per quiz, go to<br />
www.hcca-info.org/quiz and select<br />
a quiz. Fill in your contact information<br />
and take <strong>the</strong> quiz online. Or,<br />
print and fax <strong>the</strong> completed form<br />
to CCB at 952/988-0146, or mail<br />
it to CCB at HCCA, 6500 Barrie<br />
Road, Suite 250, Minneapolis, MN<br />
55435. Questions Please call CCB<br />
at 888/580-8373.<br />
<strong>Compliance</strong> Today readers taking<br />
<strong>the</strong> CEU quiz have one year<br />
from <strong>the</strong> published date <strong>of</strong> <strong>the</strong><br />
CEU article to submit <strong>the</strong>ir completed<br />
quiz. Only <strong>the</strong> first attempt<br />
to pass each quiz is accepted.
Accountability is <strong>the</strong><br />
key to compliance<br />
Editor’s note: Jane A. Obert is a<br />
founding member <strong>of</strong> Corporate<br />
Integrity Partners, LLC located<br />
in Joplin, Missouri. She may be<br />
contacted by e-mail at jobert@<br />
corporateintegritypartners.com.<br />
When spring arrives, it<br />
is time to work <strong>of</strong>f<br />
some <strong>of</strong> that extra<br />
weight that has accumulated over<br />
<strong>the</strong> long winter. Many <strong>of</strong> us have<br />
picked up a few extra pounds over<br />
<strong>the</strong> holidays and <strong>the</strong> generally less<br />
active winter months. How many<br />
times have you made <strong>the</strong> same<br />
springtime commitment year after<br />
year, only to end up failing to<br />
achieve it Why does this happen<br />
Most <strong>of</strong>ten, it’s because no one is<br />
holding you responsible—<strong>the</strong>re’s<br />
just no accountability. The presence<br />
<strong>of</strong> outside accountability<br />
significantly increases <strong>the</strong> likelihood<br />
for success in meeting any<br />
goals that are set. Accountability<br />
is a critical element to succeeding<br />
in almost any weight reduction<br />
program. That same factor—<br />
accountability—can also be <strong>the</strong><br />
key to success in reducing risk for<br />
health care organizations.<br />
<strong>Health</strong> care organizations<br />
are increasingly under <strong>the</strong><br />
effectiveness<br />
By Jane A. Obert, CPA, CHC<br />
enforcement gun, and reducing<br />
<strong>the</strong> risk <strong>of</strong> fines and penalties<br />
from noncompliance with laws,<br />
rules, regulations, and standards<br />
can pay <strong>of</strong>f in a big way. Now is<br />
a great time for hospitals, physician<br />
groups and o<strong>the</strong>r health care<br />
providers to resolve to reduce <strong>the</strong><br />
risk <strong>of</strong> fines and penalties that<br />
frequently stem from investigations<br />
by government agencies by<br />
enhancing <strong>the</strong> effectiveness <strong>of</strong><br />
<strong>the</strong>ir compliance programs. And<br />
<strong>the</strong> best way to ensure success<br />
with this resolution is with an<br />
accountability partner.<br />
Reducing <strong>the</strong> risk<br />
With dozens <strong>of</strong> federal, state, and<br />
local government agencies overseeing,<br />
monitoring, auditing, and<br />
enforcing a plethora <strong>of</strong> laws, rules,<br />
regulations, and standards, health<br />
care stands out as one <strong>of</strong> <strong>the</strong> most<br />
highly regulated industries in <strong>the</strong><br />
United States. Following all <strong>the</strong><br />
requirements can be daunting.<br />
Earlier years <strong>of</strong> health care law<br />
enforcement efforts <strong>of</strong>ten resulted<br />
in widely disparate punishment<br />
for comparatively similar cases,<br />
because <strong>the</strong>re were no uniform<br />
standards for sanctioning organizational<br />
violators. The Sentencing<br />
Reform Act <strong>of</strong> 1984 created <strong>the</strong><br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
United States Sentencing Commission,<br />
which is responsible for<br />
promulgating <strong>the</strong> Federal Sentencing<br />
Guidelines. It wasn’t until<br />
1991, however, and after much<br />
debate and input, that <strong>the</strong> Commission<br />
issued an entirely new<br />
chapter dealing with sentencing<br />
for organizational <strong>of</strong>fenders. This<br />
new approach to enforcement<br />
has had a significant impact on<br />
corporate conduct.<br />
The Federal Sentencing Guidelines<br />
have created an incentive<br />
for organizations to establish<br />
far-reaching programs that<br />
promote legal compliance and<br />
ethical behavior. The approach<br />
set forth in <strong>the</strong> 1991 guidance<br />
focused on restitution and terms<br />
for probation-type monitoring<br />
(i.e., corporate integrity<br />
agreements). Beyond that, <strong>the</strong>y<br />
promote practices focused on<br />
deterrence and provide sentencing<br />
benefits for organizations that can<br />
demonstrate “an effective program<br />
to prevent and detect violations<br />
<strong>of</strong> law.” 1 The movement toward<br />
prevention and detection has<br />
given rise to <strong>the</strong> development <strong>of</strong><br />
well-defined standards for ensuring<br />
good corporate behavior that<br />
we have come to know as corporate<br />
compliance programs.<br />
The 1991 guidance provides<br />
minimum criteria that should be<br />
present in order for a compliance<br />
program to be deemed effective.<br />
Continued on page 53<br />
<strong>December</strong> 2011<br />
51
CTfpAD:Layout 1 2/3/11 3:59 PM Page 1<br />
Let's you and I talk about effective<br />
<strong>Health</strong>care Corporate & HIPAA compliance training<br />
for your staff, contractors, and physicians<br />
<strong>Health</strong>care facilities that are serious about<br />
training and educating <strong>the</strong>ir staff choose<br />
e<strong>Health</strong>careIT and PricewaterhouseCoopers.<br />
We don’t need to tell you, healthcare compliance is a very<br />
serious business. In fact, one <strong>of</strong> <strong>the</strong> greatest risks to consider in<br />
2011 is <strong>the</strong> increase in targeted healthcare fraud enforcement<br />
efforts by <strong>the</strong> government’s <strong>Health</strong> <strong>Care</strong> Fraud Prevention<br />
and Enforcement Action Team (HEAT).<br />
Expertise<br />
PricewaterhouseCoopers’ <strong>Health</strong> Industries Practice and<br />
e<strong>Health</strong>careIT is comprised <strong>of</strong> highly qualified healthcare<br />
pr<strong>of</strong>essionals specializing in regulatory compliance. Included<br />
within this group <strong>of</strong> pr<strong>of</strong>essionals are physicians, registered<br />
nurses, certified coding specialists, registered records<br />
administrators, certified public accountants and attorneys.<br />
You know as well<br />
as we do that one<br />
size does not fit all:<br />
• Over 100 engaging,<br />
department specific<br />
HIPAA <strong>Compliance</strong>,<br />
Clinical Research<br />
<strong>Compliance</strong>, and<br />
Corporate <strong>Compliance</strong><br />
courses.<br />
• Customization that allow<br />
you to embed your<br />
policies, procedures,<br />
welcome messages, site<br />
specific pictures and<br />
“contact information”.<br />
• Department specific topics<br />
ensures that your staff<br />
will receive compliance<br />
education geared specifically<br />
to <strong>the</strong>ir needs and<br />
responsibilities.<br />
Your compliance education<br />
should not be a matinee at<br />
<strong>the</strong> movies. Contact<br />
e<strong>Health</strong>careIT for fur<strong>the</strong>r<br />
information or consultation.<br />
Engaging & Practical Learning<br />
Reliable, engaging, IT friendly and up to date content is key<br />
to a successful compliance education program, which is what<br />
e<strong>Health</strong>careIT brings to <strong>the</strong> table.<br />
e<strong>Health</strong>careIT<br />
e L e a r n i n g & I T S o l u t i o n s<br />
email: info@ehealthcareit.com<br />
or call 1-800-806-0874.<br />
www.ehealthcareit.com<br />
<strong>December</strong> 2011<br />
52<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org
Accountability is <strong>the</strong> key to compliance effectiveness ...continued from page 51<br />
These minimum criteria are<br />
also reflected in guidance issued<br />
by <strong>the</strong> United States Office <strong>of</strong><br />
Inspector General, Department<br />
<strong>of</strong> <strong>Health</strong> and Human Services<br />
(OIG DHHS) to “promote<br />
voluntarily developed and implemented<br />
compliance programs for<br />
<strong>the</strong> health care industry.” 2 OIG<br />
fur<strong>the</strong>r explains, “The adoption<br />
and implementation <strong>of</strong> voluntary<br />
compliance programs significantly<br />
advance <strong>the</strong> prevention <strong>of</strong> fraud,<br />
abuse, and waste in <strong>the</strong>se health<br />
care plans while at <strong>the</strong> same time<br />
fur<strong>the</strong>ring <strong>the</strong> fundamental mission<br />
<strong>of</strong> all hospitals, which is to<br />
provide quality care to patients.” 2<br />
Substantially similar guidance has<br />
been issued by <strong>the</strong> OIG for physician<br />
groups, clinical laboratories,<br />
home care providers, and o<strong>the</strong>r<br />
health care organizations.<br />
Common to all <strong>the</strong> guidances<br />
issued by <strong>the</strong> OIG are <strong>the</strong> following<br />
seven elements as identified<br />
by <strong>the</strong> United States Sentencing<br />
Commission and which <strong>the</strong><br />
OIG believes are, at a minimum,<br />
necessary for compliance program<br />
effectiveness:<br />
1. Standards <strong>of</strong> conduct that<br />
demonstrate overarching<br />
ethical principles supported by<br />
detailed internal controls set<br />
forth in written policies and<br />
procedures.<br />
2. Designation <strong>of</strong> a compliance<br />
<strong>of</strong>ficer who is a member<br />
<strong>of</strong> senior management and<br />
who reports directly to <strong>the</strong><br />
governing body and <strong>the</strong> chief<br />
executive <strong>of</strong>ficer; and <strong>the</strong><br />
establishment <strong>of</strong> a <strong>Compliance</strong><br />
Committee to advise and assist<br />
<strong>the</strong> compliance <strong>of</strong>ficer.<br />
3. General compliance training<br />
for all employees and specialized<br />
training appropriate to <strong>the</strong><br />
high-risk positions <strong>of</strong> <strong>the</strong> diverse<br />
workforce in health care.<br />
4. Self-monitoring <strong>of</strong> <strong>the</strong> organization’s<br />
operations to evaluate<br />
ongoing compliance with laws<br />
and regulations; auditing <strong>of</strong> highrisk<br />
activities by independent and<br />
qualified auditors; and an overall<br />
assessment <strong>of</strong> <strong>the</strong> effectiveness <strong>of</strong><br />
<strong>the</strong> compliance program.<br />
5. Confidential and retaliationfree<br />
reporting mechanisms<br />
(including methods such as a<br />
hotline to provide <strong>the</strong> option<br />
to remain anonymous) and a<br />
commitment to log, track, and<br />
investigate all credible reports.<br />
6. Fair, equitable, and consistent<br />
enforcement <strong>of</strong> <strong>the</strong> standards<br />
<strong>of</strong> conduct, policies and<br />
procedures, and appropriate<br />
disciplinary measures (progressively<br />
intensified for severe<br />
infractions) for engaging in<br />
unlawful conduct or violating<br />
<strong>the</strong> standards, policies, and<br />
procedures.<br />
7. Prompt and appropriate<br />
response to identified violations<br />
(including notification <strong>of</strong> law<br />
enforcement or o<strong>the</strong>r government<br />
agencies, as applicable, and<br />
restitution or reimbursement <strong>of</strong><br />
identified overpayments) and<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
<strong>the</strong> imposition <strong>of</strong> processes to<br />
prevent and detect recurrences.<br />
Demonstrating compliance program<br />
effectiveness can significantly<br />
reduce fines and penalties in <strong>the</strong><br />
event violations are identified<br />
by government agencies or law<br />
enforcement <strong>of</strong>ficials. Chapter 8 <strong>of</strong><br />
<strong>the</strong> Federal Sentencing Guidelines<br />
allows for mitigation <strong>of</strong> sentencing<br />
for organizations that have<br />
documented <strong>the</strong> effective implementation<br />
<strong>of</strong> <strong>the</strong> seven essential<br />
compliance program elements,<br />
have self-reported, and cooperate<br />
with authorities. In assessing organizational<br />
culpability, <strong>the</strong> Justice<br />
Department will consider:<br />
n how well <strong>the</strong> organization’s<br />
compliance program is<br />
designed;<br />
n <strong>the</strong> extent to which <strong>the</strong> organization’s<br />
compliance program is<br />
earnestly applied;<br />
n whe<strong>the</strong>r good faith efforts have<br />
been exerted to assure effectiveness<br />
in all phases <strong>of</strong> <strong>the</strong> compliance<br />
program; and<br />
n whe<strong>the</strong>r <strong>the</strong> organization’s compliance<br />
program has, in fact, been<br />
effective at preventing, detecting,<br />
and correcting violations.<br />
In order to measure up, <strong>the</strong><br />
presence <strong>of</strong> <strong>the</strong> seven minimally<br />
necessary elements <strong>of</strong> an effective<br />
compliance program will have<br />
to be well documented, along<br />
with due diligence exhibited on<br />
<strong>the</strong> part <strong>of</strong> governing bodies, <strong>the</strong><br />
Continued on page 54<br />
<strong>December</strong> 2011<br />
53
Accountability is <strong>the</strong> key to compliance effectiveness ...continued from page 53<br />
<strong>December</strong> 2011<br />
54<br />
compliance <strong>of</strong>ficer, and o<strong>the</strong>rs<br />
designated to carry out <strong>the</strong> day-today<br />
functions <strong>of</strong> <strong>the</strong> compliance<br />
program. Effective implementation<br />
<strong>of</strong> <strong>the</strong> seven elements means<br />
going beyond mere adoption <strong>of</strong><br />
standards and policies to integrating<br />
compliance principles into <strong>the</strong><br />
business activity <strong>of</strong> <strong>the</strong> organization<br />
at all levels.<br />
In order to receive credit for<br />
maintaining an effective compliance<br />
program under <strong>the</strong> Federal<br />
Sentencing Guidelines, <strong>the</strong> new<br />
amendment adopted in 2010 sets<br />
forth four criteria that must be<br />
evident when members <strong>of</strong> senior<br />
management are involved with,<br />
condoned, or willfully ignored <strong>the</strong><br />
criminal activity:<br />
n The compliance <strong>of</strong>ficer is<br />
required to and has, in fact,<br />
reported directly to <strong>the</strong> governing<br />
body or a designated<br />
subcommittee <strong>the</strong>re<strong>of</strong>.<br />
n The compliance program was<br />
effective in discovering <strong>the</strong><br />
criminal activity before it was<br />
discovered by or was likely to<br />
be discovered by governmental<br />
authorities.<br />
n The organization self-reported<br />
<strong>the</strong> <strong>of</strong>fense to <strong>the</strong> appropriate<br />
federal agency.<br />
n No compliance <strong>of</strong>ficials were<br />
complicit with, condoned, or<br />
willfully ignored <strong>the</strong> criminal<br />
activity. 3<br />
In addition, <strong>the</strong> organization may<br />
receive credit for making timely<br />
restitution to victims. This is a<br />
two-pronged process. To receive<br />
credit, <strong>the</strong> organization must not<br />
only remedy <strong>the</strong> harm done, but<br />
must have made demonstrable<br />
changes to its compliance program<br />
to prevent recurrences.<br />
Accountability<br />
As previously noted, <strong>the</strong> Federal<br />
Sentencing Guidelines provide<br />
incentives, such as favorable sentencing<br />
benefits, for organizations<br />
that can demonstrate an effective<br />
compliance program to prevent<br />
and detect violations. The key term<br />
is “effective.” Adopting a welldefined<br />
compliance program and<br />
giving it lip service is simply not<br />
enough. Organizational compliance<br />
programs must become part<br />
and parcel with <strong>the</strong> fabric <strong>of</strong> <strong>the</strong><br />
entity at all levels—starting with<br />
<strong>the</strong> governing body and extending<br />
to entry-level staff and volunteers.<br />
And, to obtain favorable treatment<br />
under <strong>the</strong> Federal Sentencing<br />
Guidelines, organizations must be<br />
able to prove <strong>the</strong> effectiveness <strong>of</strong><br />
<strong>the</strong>ir compliance programs.<br />
The 1998 <strong>Compliance</strong> Program<br />
Guidance for Hospitals issued<br />
by <strong>the</strong> OIG, as reinforced with<br />
supplemental guidance issued in<br />
2005, sets forth <strong>the</strong> expectation for<br />
every provider to periodically assess<br />
<strong>the</strong> effectiveness <strong>of</strong> its compliance<br />
program. The assessment should be<br />
completed no less than once a year.<br />
Many health care providers perform<br />
a self-assessment. Although<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
reviewing your own program will<br />
be considered more favorably than<br />
failing to do so altoge<strong>the</strong>r, selfevaluations<br />
are fraught with <strong>the</strong><br />
shortcomings that lack <strong>of</strong> objectivity<br />
brings to any monitoring or<br />
auditing activity. Self-reviews are<br />
frequently overseen by <strong>the</strong> compliance<br />
<strong>of</strong>ficer who is charged with<br />
<strong>the</strong> overall responsibility for <strong>the</strong><br />
success <strong>of</strong> <strong>the</strong> compliance program<br />
in <strong>the</strong> first place, thus creating a<br />
conflict with <strong>the</strong> need to disclose<br />
inadequacies that may reflect<br />
poorly on <strong>the</strong> compliance <strong>of</strong>ficer’s<br />
personal job performance.<br />
Having an independent review <strong>of</strong><br />
<strong>the</strong> effectiveness <strong>of</strong> <strong>the</strong> compliance<br />
program, performed by a qualified<br />
outside consultant, can yield big<br />
benefits for any health care organization.<br />
An independent review<br />
provides <strong>the</strong> kind <strong>of</strong> outside<br />
accountability needed to ensure<br />
<strong>the</strong> success <strong>of</strong> <strong>the</strong> compliance<br />
program. Engaging <strong>the</strong> review<br />
can demonstrate to <strong>the</strong> governing<br />
body how seriously <strong>the</strong> compliance<br />
<strong>of</strong>ficer takes his/her responsibilities.<br />
Outside reviewers bring in<br />
fresh ideas and leverage a knowledge<br />
base o<strong>the</strong>rwise inaccessible<br />
to <strong>the</strong> organization’s compliance<br />
program. By implementing objective<br />
recommendations coming out<br />
<strong>of</strong> <strong>the</strong> assessment, <strong>the</strong> compliance<br />
<strong>of</strong>ficer adds value to <strong>the</strong> organization<br />
he/she serves, supporting <strong>the</strong><br />
continuous quality improvement<br />
culture found in top-notch health<br />
care organizations.
Regulatory compliance for research in an academic medical center<br />
...continued from page 37<br />
In addition to overall compliance<br />
program effectiveness reviews,<br />
organizations can benefit from<br />
targeted monitoring by independent<br />
experts. For organizations<br />
that have detected violations, <strong>the</strong><br />
2010 amendment to <strong>the</strong> Federal<br />
Sentencing Guidelines permits a<br />
health care organization to decide<br />
whe<strong>the</strong>r to retain an independent<br />
monitor to ensure that changes to<br />
<strong>the</strong> compliance program which<br />
were designed to prevent recurrences<br />
have been effectively implemented.<br />
3 This form <strong>of</strong> accountability<br />
will be seen quite favorably<br />
when serious infractions have been<br />
discovered and will demonstrate to<br />
<strong>the</strong> government that <strong>the</strong> organization<br />
is serious about remediating<br />
<strong>the</strong> harm done and preventing<br />
future misconduct.<br />
Having an effective compliance<br />
program not only reduces <strong>the</strong><br />
likelihood <strong>of</strong> fines and penalties<br />
in <strong>the</strong> event <strong>of</strong> a government<br />
investigation, but it protects <strong>the</strong><br />
organization’s public image and<br />
reputation from damage and<br />
fosters trust by investors, patients,<br />
and <strong>the</strong> community. n<br />
1. United States Sentencing Guidelines,<br />
Chapter 8, Subsection 8A1.2<br />
2. Publication <strong>of</strong> <strong>Compliance</strong> Program Guidance<br />
for Hospitals, Federal Register, Vol.<br />
63, No. 35, Monday, February 23, 1998/<br />
Notices<br />
3. US Sentencing Commission, Amendment<br />
to <strong>the</strong> Sentencing Guidelines at 17-18<br />
(April 30, 2010)<br />
completed per month increased<br />
by 250%. Federal and state<br />
awards increased by more than<br />
200% in three years, and <strong>the</strong><br />
number <strong>of</strong> research projects that<br />
are part <strong>of</strong> <strong>the</strong> residency training<br />
programs increased 375%.<br />
These increases occurred as a<br />
consequence <strong>of</strong> <strong>the</strong> institution’s<br />
commitment to growth in capacity<br />
and resources for <strong>the</strong> Department<br />
<strong>of</strong> Research. A strategy was<br />
developed for systems, policies,<br />
and processes that required<br />
prioritization in development and<br />
implementation. Also, a focus<br />
was placed on education before<br />
regulation to identify appropriate<br />
growth <strong>of</strong> research administration<br />
functions. The steps outlined in<br />
this article reflect <strong>the</strong> experience<br />
<strong>of</strong> this institution and Department<br />
<strong>of</strong> Research, but should<br />
have applicability to o<strong>the</strong>r standalone<br />
academic medical centers. n<br />
1. Elliott C. Kulakowski and Lynne U. Chronister:<br />
Research Administration and Management.<br />
Jones and Bartlett Publishers, 2006.<br />
2. Goldenberg NA, Spyropoulos AC,<br />
Halperin JL, et al: Antithrombotic Trials<br />
Leadership and Steering Group. Improving<br />
academic leadership and oversight in<br />
large industry-sponsored clinical trials:<br />
<strong>the</strong> ARO-CRO model. Blood; 2011 Feb<br />
17;117(7):2089-92.<br />
3. Campbell, JM: Assessing and managing<br />
research compliance risks in <strong>the</strong> health care<br />
setting. <strong>Compliance</strong> Today, 12(11):20-25, 2010.<br />
4. Epic<strong>Care</strong> EMR is a product <strong>of</strong> Epic. More<br />
information at http://www.epic.com/<br />
s<strong>of</strong>tware-ambulatory.php<br />
<strong>Health</strong> <strong>Care</strong> Auditing &<br />
Monitoring Tools<br />
More than 100 sample<br />
policies, procedures,<br />
guidelines, and forms to<br />
enhance your compliance<br />
auditing and monitoring<br />
efforts. Updated<br />
biannually with new tools.<br />
For more information,<br />
visit www.hcca-info.org/books, or<br />
call 888-580-8373.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
<strong>December</strong> 2011<br />
55
COMPLIANCE<br />
101<br />
<strong>December</strong> 2011<br />
56<br />
Pay now or pay<br />
later<br />
By Joyce Freville, PhD, CHC<br />
Editor’s Note: Joyce Freville is <strong>the</strong><br />
Vice Presidentand Chief <strong>Compliance</strong><br />
Officer for Trilogy <strong>Health</strong> Services,<br />
LLC in Louisville, Kentucky.<br />
Joyce may be contacted by telephone<br />
at 502/213-1725 or by e-email at<br />
joyce.freville@trilogyhs.com.<br />
Fraud, waste and abuse are<br />
spiraling out <strong>of</strong> control<br />
in <strong>the</strong> United States. The<br />
federal government is <strong>the</strong> biggest<br />
target for fraudsters because<br />
it spends hundreds <strong>of</strong> billions<br />
<strong>of</strong> dollars subsidizing more than<br />
1,800 federal programs. 1 The<br />
government is cracking down on<br />
fraud, waste, and abuse one regulation<br />
at a time. Amendments<br />
and new regulations overlap and<br />
reinforce each o<strong>the</strong>r to streng<strong>the</strong>n<br />
<strong>the</strong> government’s oversight.<br />
The False Claims Act (FCA) is<br />
<strong>the</strong> grandfa<strong>the</strong>r <strong>of</strong> <strong>the</strong>m all. The<br />
FCA was first passed during <strong>the</strong><br />
Civil War and later amended in<br />
1943, 1986, 2009, and 2010. The<br />
federal FCA permits a person with<br />
knowledge <strong>of</strong> fraud against <strong>the</strong><br />
United States government (referred<br />
to as <strong>the</strong> qui tam plaintiff) to<br />
file a lawsuit on behalf <strong>of</strong> <strong>the</strong><br />
government against <strong>the</strong> person or<br />
business that committed <strong>the</strong> fraud.<br />
If <strong>the</strong> action is successful, <strong>the</strong> qui<br />
tam plaintiff is rewarded with a<br />
percentage <strong>of</strong> <strong>the</strong> recovery. The<br />
enforcement initiatives have been<br />
very successful. In fact, over 80%<br />
<strong>of</strong> all new FCA actions were filed<br />
by whistleblowers. 2<br />
A whistleblower is a person who<br />
tells <strong>the</strong> public or someone in<br />
authority about alleged dishonest<br />
or illegal activities (misconduct)<br />
occurring in a government department,<br />
a public or private organization,<br />
or a company. The alleged<br />
misconduct may be classified<br />
in many ways. For example, it<br />
may be a violation <strong>of</strong> a law, rule,<br />
regulation, and/or a direct threat<br />
to public interest, such as fraud,<br />
health/safety violations, or corruption.<br />
Whistleblowers may make<br />
<strong>the</strong>ir allegations internally (e.g., to<br />
o<strong>the</strong>r people within <strong>the</strong> accused<br />
organization) or externally (e.g.,<br />
to regulators, law enforcement<br />
agencies, to <strong>the</strong> media, or to<br />
groups concerned with <strong>the</strong> issues).<br />
Recoveries related to health care<br />
fraud make up a large percentage<br />
<strong>of</strong> <strong>the</strong> total recoveries. In fiscal<br />
year 2009, health care fraud<br />
recoveries reached $1.6 billion,<br />
encompassing two-thirds <strong>of</strong> <strong>the</strong><br />
year’s total for recoveries <strong>of</strong> all<br />
government programs. 3 In 2010,<br />
Medicare covered <strong>47</strong> million<br />
people and had <strong>estimate</strong>d outlays<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
<strong>of</strong> $509 billion. The Centers for<br />
Medicare & Medicaid Services<br />
(CMS) <strong>estimate</strong>d improper payments<br />
for Medicare fee-for-service<br />
and Medicare Advantage <strong>of</strong><br />
almost $70 billion in 2010. 4<br />
More than 2,400 qui tam suits<br />
have been filed since 1986,<br />
at which time <strong>the</strong> statute was<br />
streng<strong>the</strong>ned to make it easier and<br />
more rewarding for private citizens<br />
to sue. The government has<br />
recovered more than $24 billion<br />
as a result <strong>of</strong> <strong>the</strong> suits, <strong>of</strong> which<br />
almost $340 million has been<br />
paid to whistleblowers as rewards.<br />
Because Medicare and Medicaid<br />
programs make up <strong>the</strong> largest<br />
percent <strong>of</strong> government spending,<br />
<strong>the</strong> Department <strong>of</strong> <strong>Health</strong> and<br />
Human Services benefited <strong>the</strong><br />
most from <strong>the</strong> recoveries. In addition,<br />
recoveries were made by <strong>the</strong><br />
Office <strong>of</strong> Personnel Management,<br />
which administers <strong>the</strong> Federal<br />
Employees <strong>Health</strong> Benefits Program;<br />
<strong>the</strong> Department <strong>of</strong> Defense<br />
for its TRICARE insurance<br />
program; and <strong>the</strong> Department<br />
<strong>of</strong> Veterans Affairs. 3 Since 1986,<br />
billions in taxpayer money that<br />
o<strong>the</strong>rwise would have been lost to<br />
fraud have been recovered through<br />
tips from whistleblowers. <strong>Health</strong><br />
care is not <strong>the</strong> only industry<br />
affected by fraud. Occupational<br />
fraud and abuse are found in every<br />
industry.<br />
According to <strong>the</strong> 2006 ACFE<br />
Report to <strong>the</strong> Nation on
Occupational Fraud and Abuse, it<br />
is <strong>estimate</strong>d that organizations lose<br />
7% <strong>of</strong> <strong>the</strong>ir revenue to fraud each<br />
year. This equates to over $994<br />
billion nationwide. The Association<br />
<strong>of</strong> Certified Fraud Examiners<br />
(ACFE) defines occupational fraud<br />
as “<strong>the</strong> use <strong>of</strong> one’s occupation for<br />
personal enrichment through <strong>the</strong><br />
deliberate misuse or misapplication<br />
<strong>of</strong> <strong>the</strong> employing organization’s<br />
resources or assets.” It reaches all<br />
levels <strong>of</strong> <strong>the</strong> organization, although<br />
accountants commit approximately<br />
30% <strong>of</strong> occupational fraud. Fur<strong>the</strong>rmore,<br />
20% is committed by<br />
upper management or executives. 5<br />
ACFE found that <strong>the</strong> amount <strong>of</strong><br />
<strong>the</strong> loss from occupational fraud is<br />
directly related to <strong>the</strong> position <strong>of</strong><br />
<strong>the</strong> perpetrator. The study showed<br />
that losses by owners and executives<br />
averaged $900,000, which<br />
was six times higher than <strong>the</strong> losses<br />
caused by managers, and 14 times<br />
higher than <strong>the</strong> losses caused by<br />
employees. Unfortunately, <strong>the</strong><br />
medium recovery is only 20% <strong>of</strong><br />
<strong>the</strong> loss, and 40% <strong>of</strong> <strong>the</strong> defrauded<br />
organizations recovered nothing<br />
at all. Even though <strong>the</strong> owners<br />
and executives were <strong>the</strong> primary<br />
perpetrators, organizations were<br />
more likely to forgo legal action<br />
against <strong>the</strong>m. However, legal action<br />
against managers and employees<br />
was prevalent. 5 Organizations that<br />
do not take legal action against<br />
all violations put <strong>the</strong>mselves at a<br />
greater risk <strong>of</strong> being defrauded.<br />
Many organizations have adopted<br />
<strong>the</strong> zero tolerance policy that<br />
imposes automatic punishment for<br />
infractions <strong>of</strong> a stated rule, regardless<br />
<strong>of</strong> <strong>the</strong> position <strong>the</strong> individual<br />
holds in <strong>the</strong> organization.<br />
A zero tolerance policy imposes a<br />
pre-determined punishment for<br />
any infraction <strong>of</strong> a rule, regardless<br />
<strong>of</strong> accidental mistakes, ignorance,<br />
or extenuating circumstances and<br />
regardless <strong>of</strong> individual culpability,<br />
extenuating circumstances, or<br />
past history. Management should<br />
always consistently apply <strong>the</strong> punishment.<br />
Failure to do so could<br />
expose <strong>the</strong> organization to higher<br />
risks <strong>of</strong> fraud. Fur<strong>the</strong>rmore, zero<br />
tolerance policies forbid persons<br />
in positions <strong>of</strong> authority from<br />
exercising discretion or changing<br />
punishments to subjectively fit<br />
<strong>the</strong> circumstances. Zero tolerance<br />
policies deter fraud, waste, and<br />
abuse <strong>of</strong> company assets.<br />
Combating fraud, waste,<br />
and abuse<br />
The best way to combat fraud,<br />
waste, and abuse is through prevention.<br />
After all, prevention efforts are<br />
usually very cost- and time-effective,<br />
compared to reactive efforts<br />
after <strong>the</strong> fact. Methods <strong>of</strong> detecting<br />
and preventing fraud and abuse<br />
include but are not limited to:<br />
n confidential reporting mechanisms<br />
such as hotlines, e-mail<br />
accounts, customer satisfaction<br />
surveys, and employee satisfaction<br />
surveys;<br />
n surprise audits;<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
n anti-fraud training and education;<br />
and<br />
n internal controls.<br />
Of <strong>the</strong>se options, studies show that<br />
confidential reporting mechanisms<br />
are <strong>the</strong> primary way <strong>of</strong> detecting<br />
fraud. This is consistent with <strong>the</strong><br />
data that shows whistleblowers are<br />
responsible for 80% <strong>of</strong> <strong>the</strong> money<br />
returned to <strong>the</strong> federal government. 6<br />
The 2006 ACFE study found that<br />
organizations with confidential<br />
reporting mechanisms, such<br />
as hotlines, had an average <strong>of</strong><br />
$100,000 in fraud related losses<br />
as compared with $200,000 for<br />
companies without hotlines. Fur<strong>the</strong>rmore,<br />
hotlines cut <strong>the</strong> time it<br />
took to detect fraud from 24 to<br />
15 months. 5 Hotlines work not<br />
only for people employed by your<br />
company, but also for third parties<br />
who work with you and need a<br />
way to inform you <strong>of</strong> what you<br />
may not know. Additionally, 44%<br />
<strong>of</strong> <strong>the</strong> million-dollar fraud cases in<br />
<strong>the</strong> study were detected by tips.<br />
Ano<strong>the</strong>r deterrent <strong>of</strong> fraud is<br />
an Internal Audit department.<br />
Organizations with an Internal<br />
Audit department that conducts<br />
surprise audits experienced a<br />
median loss <strong>of</strong> $120,000, while<br />
those that did not had a median<br />
loss <strong>of</strong> $218,000. What’s more,<br />
organizations that conduct routine<br />
compliance and anti-fraud<br />
training have fewer instances <strong>of</strong><br />
Continued on page 58<br />
<strong>December</strong> 2011<br />
57
Pay now or pay later ...continued from page 57<br />
<strong>December</strong> 2011<br />
58<br />
fraud. Internal audits detected<br />
fraud in 18 months, as opposed<br />
to 24 months for those without<br />
an Internal Audit function. 5<br />
Without a doubt, organizations<br />
benefit from confidential reporting<br />
mechanisms as well as auditing<br />
and monitoring mechanisms<br />
as part <strong>of</strong> an effective compliance<br />
plan. In addition to providing a<br />
mechanism to report fraud, waste,<br />
and abuse, it is important to have<br />
adequate internal controls.<br />
Internal controls<br />
Lack <strong>of</strong> adequate internal controls<br />
was commonly cited as <strong>the</strong> factor<br />
that allowed fraud to occur. 5<br />
Internal controls are processes to<br />
ensure <strong>the</strong> integrity <strong>of</strong> financial<br />
and accounting information,<br />
meet operational and pr<strong>of</strong>itability<br />
targets, broadcast management<br />
policies throughout <strong>the</strong> organization,<br />
and comply with laws and<br />
regulations. Lack <strong>of</strong> management<br />
review and override <strong>of</strong> existing<br />
controls open <strong>the</strong> doors for fraud<br />
and abuse. A few procedures will<br />
improve internal control.<br />
1. Develop well-written policies<br />
and procedures manuals which<br />
address significant activities<br />
and unique issues. Clearly<br />
communicate employee responsibilities,<br />
limits to authority,<br />
performance standards, control<br />
procedures, and reporting<br />
relationships.<br />
2. Train all employees on <strong>the</strong> policies<br />
and procedures that pertain<br />
to <strong>the</strong>ir job responsibilities.<br />
3. Conduct mandatory compliance<br />
and ethics training. With <strong>the</strong><br />
passage <strong>of</strong> <strong>the</strong> Deficit Reduction<br />
Act <strong>of</strong> 2005, this is required for<br />
health care providers.<br />
4. Make sure that employees<br />
comply with <strong>the</strong> Conflict <strong>of</strong><br />
Interest policy and disclose<br />
potential conflicts <strong>of</strong> interest<br />
(e.g., ownership interest in<br />
companies doing business or<br />
proposing to do business with<br />
<strong>the</strong> organization).<br />
5. Develop job descriptions that<br />
clearly state responsibility for<br />
internal control, and correctly<br />
translate desired competence<br />
levels into requisite knowledge,<br />
skills, and experience. Make<br />
sure that hiring practices result<br />
in hiring qualified individuals.<br />
6. Conduct employee performance<br />
evaluations periodically.<br />
Good performance should be<br />
valued highly and recognized in<br />
a positive manner.<br />
7. Take appropriate disciplinary<br />
action when an employee does<br />
not comply with policies and procedures<br />
or behavioral standards.<br />
<strong>Compliance</strong> program<br />
The Office <strong>of</strong> Inspector General<br />
(OIG) contends that an effective<br />
compliance plan helps detect and<br />
prevent fraud, waste, and abuse<br />
and will significantly reduce losses<br />
to both <strong>the</strong> government and<br />
private sectors. OIG recommends<br />
that compliance plans include<br />
<strong>the</strong> following seven elements that<br />
are taken from <strong>the</strong> United States<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
Federal Sentencing Guidelines. 7<br />
1. Establish compliance standards<br />
and procedures that provide reasonable<br />
assurance <strong>of</strong> reducing <strong>the</strong><br />
possibility <strong>of</strong> criminal conduct.<br />
2. Assign high-level personnel<br />
with overall responsibility to<br />
oversee compliance.<br />
3. Use due care not to delegate<br />
substantial discretionary authority<br />
to individuals whom <strong>the</strong><br />
organization knows, or should<br />
have known through <strong>the</strong> exercise<br />
<strong>of</strong> diligence, had a propensity<br />
to engage in illegal activities<br />
(i.e., screen employees).<br />
4. Communicate compliance<br />
standards and procedures<br />
effectively to all employees<br />
by requiring participation<br />
in training programs and by<br />
disseminating publications that<br />
explain in a practical manner<br />
what is required.<br />
5. Achieve compliance with standards<br />
by utilizing monitoring<br />
and auditing systems designed<br />
to provide reasonable assurance<br />
<strong>of</strong> detecting misconduct<br />
by employees and by having a<br />
reporting system in place whereby<br />
employees can report misconduct<br />
without fear <strong>of</strong> retaliation.<br />
6. Enforce standards through<br />
appropriate disciplinary mechanisms,<br />
including discipline<br />
<strong>of</strong> individuals responsible for<br />
failure to detect an <strong>of</strong>fense.<br />
7. Respond appropriately to<br />
an <strong>of</strong>fense once it has been<br />
detected and take reasonable<br />
steps to prevent fur<strong>the</strong>r
<strong>of</strong>fenses, including modification<br />
<strong>of</strong> <strong>the</strong> program to prevent<br />
and detect violations <strong>of</strong> <strong>the</strong> law.<br />
A solid infrastructure that<br />
includes <strong>the</strong> seven elements is vital<br />
to any compliance program. Each<br />
element is important; but confidential<br />
reporting mechanisms,<br />
employee fraud awareness training,<br />
and surprise audits are <strong>the</strong><br />
most effective elements.<br />
A compliance plan sets <strong>the</strong> standards<br />
for how an organization and<br />
its employees will conduct business.<br />
It demonstrates <strong>the</strong> organization’s<br />
commitment to comply with<br />
federal and state laws and regulations<br />
as well as <strong>the</strong> organization’s<br />
own policies. <strong>Compliance</strong> programs<br />
help organizations establish<br />
clear standards and polices that<br />
are designed to detect and prevent<br />
fraud, waste, and abuse. The code<br />
<strong>of</strong> ethical conduct is <strong>the</strong> foundation<br />
<strong>of</strong> a compliance program.<br />
Code <strong>of</strong> ethical conduct<br />
Codes <strong>of</strong> ethical conduct generally<br />
entail documents at three levels:<br />
code <strong>of</strong> business ethics, code <strong>of</strong><br />
conduct for employees, and code<br />
<strong>of</strong> pr<strong>of</strong>essional practice. The code<br />
<strong>of</strong> business ethics sets out general<br />
principles about an organization’s<br />
beliefs on matters such as mission,<br />
quality, privacy, or <strong>the</strong> environment.<br />
It outlines proper procedures to<br />
determine whe<strong>the</strong>r a violation <strong>of</strong> <strong>the</strong><br />
code <strong>of</strong> ethics has occurred and, if so,<br />
what remedies should be imposed.<br />
A code <strong>of</strong> conduct for employees<br />
sets out <strong>the</strong> procedures to be<br />
used in specific ethical situations,<br />
such as conflicts <strong>of</strong> interest or <strong>the</strong><br />
acceptance <strong>of</strong> gifts, and delineate<br />
<strong>the</strong> procedures to determine<br />
whe<strong>the</strong>r a violation <strong>of</strong> <strong>the</strong> code <strong>of</strong><br />
ethics occurred and, if so, what<br />
remedies should be imposed. A<br />
code <strong>of</strong> practice may be designed<br />
as a code <strong>of</strong> pr<strong>of</strong>essional responsibility<br />
that will discuss difficult<br />
issues and decisions that will <strong>of</strong>ten<br />
need to be made, and provide a<br />
clear account <strong>of</strong> what behavior is<br />
considered “ethical” or “correct”<br />
or “right” in <strong>the</strong> circumstances.<br />
The effectiveness <strong>of</strong> a code <strong>of</strong> ethical<br />
conduct depends on <strong>the</strong> extent to<br />
which management supports it with<br />
sanctions and rewards. The code <strong>of</strong><br />
ethical conduct provides guidelines<br />
to employees as well as assists those<br />
in <strong>the</strong> organization when called<br />
upon to make decisions.<br />
Conclusion<br />
Effective compliance programs are<br />
an essential tool for identifying and<br />
mitigating risks. One <strong>of</strong> <strong>the</strong> most<br />
significant benefits <strong>of</strong> a compliance<br />
program is that it reinforces that<br />
<strong>the</strong> organization’s culture does not<br />
tolerate illegal or actionable behavior<br />
and prompts management and<br />
staff to consider <strong>the</strong> potentially<br />
adverse legal consequences <strong>of</strong><br />
certain conduct. Equally important,<br />
it increases <strong>the</strong> likelihood <strong>of</strong><br />
early detection if potentially illegal<br />
or actionable conduct does occur,<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
thus creating <strong>the</strong> opportunity to<br />
correct or self-report. Fur<strong>the</strong>rmore,<br />
it serves as a basis to persuade<br />
governmental authorities to decline<br />
prosecution or <strong>the</strong> initiation <strong>of</strong> a<br />
civil or regulatory action, <strong>the</strong>reby<br />
significantly reducing penalties<br />
or fines. The efforts and time a<br />
company puts into proper prevention<br />
practices and procedures can<br />
have concrete pay<strong>of</strong>f in terms <strong>of</strong><br />
financial and regulatory problems<br />
associated with trying to fix a<br />
problem after <strong>the</strong> fact. As <strong>the</strong> old<br />
saying goes “an ounce <strong>of</strong> prevention<br />
is worth a pound <strong>of</strong> cure”, so<br />
pay now or pay later. n<br />
1. Chris Edwards: “Number <strong>of</strong> Federal Subsidy<br />
Programs Tops 1,800.” Cato Institute<br />
Tax and Budget Bulletin no. 56, April<br />
2009. Available at http://www.cato.org/<br />
pubs/tbb/tbb_56.pdf.<br />
2. The 1986 False Claims Act Amendments:<br />
A Retrospective Look At Twenty Years <strong>of</strong><br />
Effective Fraud Fighting In America. Available<br />
at http://www.quitamhelp.com/static/<br />
false_claims/retrospective.pdf<br />
3. Department <strong>of</strong> Justice: Justice Department<br />
Recovers $2.4 Billion in False Claims Cases<br />
in Fiscal Year 2009; More Than $24 Billion<br />
Since 1986. Available at http://www.<br />
justice.gov/opa/pr/2009/November/09-<br />
civ-1253.html<br />
4. U.S. General Accounting Office: Medicare<br />
Program Remains at High Risk Because<br />
<strong>of</strong> Continuing Management Challenges.<br />
(Publication No. GAO-11-430T, 2011).<br />
Available at http://www.gao.gov/new.items/<br />
d11430t.pdf<br />
5. Association <strong>of</strong> Certified Fraud Examiners.<br />
2006 ACFE Report to <strong>the</strong> Nation on<br />
Occupational Fraud & Abuse. Available at<br />
www.acfe.com/documents/2006-rttn.pdf<br />
6. Kardell, Robert L: “Three Steps to<br />
Fraud Prevention in <strong>the</strong> Workplace.”<br />
The Nebraska Lawyer, 2007. Available<br />
at http://www.bkd.com/docs/news/<br />
WorkplaceFraud-NebLawyer.pdf<br />
7. U.S. Sentencing Guidelines Manual<br />
Section 8A1.2 cmt.n3(k)(1). Available<br />
at http://www.ussc.gov/2009guid/TAB-<br />
CON09.htm<br />
<strong>December</strong> 2011<br />
59
<strong>December</strong> 2011<br />
60<br />
How internal controls<br />
support compliant<br />
business practices:<br />
Editor’s note: Kelly Nueske is a<br />
Managing Director in Enterprise<br />
Risk Services, Internal Audit &<br />
<strong>Compliance</strong> at Sinaiko <strong>Health</strong>care<br />
Consulting, Inc. in Los Angeles.<br />
Kelly may be contacted by e-mail at<br />
kelly.nueske@altegrahealth.com.<br />
Recently, a number <strong>of</strong><br />
us “seasoned” compliance<br />
pr<strong>of</strong>essionals spoke<br />
with a group <strong>of</strong> new compliance<br />
<strong>of</strong>ficers who had varying degrees<br />
<strong>of</strong> health care experience. We<br />
spent a fair amount <strong>of</strong> that time<br />
discussing <strong>the</strong> evolution <strong>of</strong> compliance-related<br />
regulatory guidance.<br />
A number <strong>of</strong> <strong>the</strong> seasoned<br />
compliance pr<strong>of</strong>essionals started<br />
our careers in Internal Audit and<br />
transitioned into <strong>the</strong> <strong>Compliance</strong><br />
space over <strong>the</strong> past 15 years. We<br />
have observed or read about a<br />
number <strong>of</strong> <strong>the</strong> scandals over <strong>the</strong><br />
years that have lead to much <strong>of</strong><br />
<strong>the</strong> current health care regulatory<br />
environment. This article is<br />
part one <strong>of</strong> a two-part series and<br />
outlines <strong>the</strong> framework <strong>of</strong> internal<br />
control as it relates to health care<br />
compliance. The second article<br />
will discuss monitoring and auditing<br />
<strong>of</strong> various internal controls.<br />
Part 1<br />
By Kelly Nueske<br />
In <strong>the</strong> beginning, <strong>the</strong>re were five<br />
pr<strong>of</strong>essional associations that<br />
independently worked to address<br />
<strong>the</strong> needs <strong>of</strong> various accounting,<br />
financial, and auditing pr<strong>of</strong>essionals<br />
and to establish standards,<br />
including guidance on internal<br />
controls:<br />
1. American Institute <strong>of</strong> CPAs,<br />
formed in 1887<br />
2. American Accounting Association,<br />
formed in 1916<br />
3. Institute <strong>of</strong> Management<br />
Accountants, formed in 1919<br />
4. Financial Executives International,<br />
formed in 1931<br />
5. The Institute <strong>of</strong> Internal Auditors,<br />
formed in 1941<br />
These five pr<strong>of</strong>essional organizations<br />
joined forces in 1985 to form <strong>the</strong><br />
Committee <strong>of</strong> Sponsoring Organizations<br />
<strong>of</strong> <strong>the</strong> Treadway Commission<br />
(COSO or Treadway Commission).<br />
The US Congress and <strong>the</strong> Security<br />
and Exchange Commission (SEC)<br />
asked COSO to inspect, analyze,<br />
and make recommendations on<br />
fraudulent corporate financial reporting<br />
due to questionable corporate<br />
political campaign finance practices<br />
and corrupt foreign practices in <strong>the</strong><br />
mid-1970s.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
COSO is a voluntary, private-sector<br />
organization that provides guidance<br />
concerning organizational<br />
governance, business ethics, internal<br />
control, enterprise risk management,<br />
fraud, and financial reporting.<br />
COSO studied <strong>the</strong> issues for a few<br />
years and published a four volume<br />
report in 1992, entitled Internal<br />
Control—Integrated Framework. The<br />
report established a common internal<br />
control model that companies and<br />
organizations may use to assess <strong>the</strong>ir<br />
control systems. However, “may”<br />
hasn’t become much <strong>of</strong> an option,<br />
given <strong>the</strong> framework is a common<br />
<strong>the</strong>me in <strong>the</strong> US Federal Sentencing<br />
Guidelines, OIG model compliance<br />
program guidance, and Corporate<br />
Integrity Agreements (CIAs).<br />
So what is an internal control<br />
The COSO framework defines<br />
internal control as “a process,<br />
effected by an entity’s board <strong>of</strong><br />
directors, management and o<strong>the</strong>r<br />
personnel, designed to provide<br />
‘reasonable assurance’ regarding<br />
<strong>the</strong> achievement <strong>of</strong> objectives in<br />
<strong>the</strong> following categories:<br />
n Effectiveness and efficiency <strong>of</strong><br />
operations,<br />
n Reliability <strong>of</strong> financial reporting,<br />
and<br />
n <strong>Compliance</strong> with applicable<br />
laws and regulations.”<br />
If you are like me, <strong>the</strong> first time<br />
you read <strong>the</strong> COSO definition,<br />
your question was still “So what is<br />
an internal control” Simply, it is<br />
<strong>the</strong> following five components.
n Control environment<br />
The control environment sets <strong>the</strong><br />
tone <strong>of</strong> an organization, influencing<br />
<strong>the</strong> control consciousness <strong>of</strong><br />
its people. It is <strong>the</strong> foundation for<br />
all o<strong>the</strong>r components <strong>of</strong> internal<br />
control, providing discipline and<br />
structure. Control environment<br />
factors include <strong>the</strong> integrity, ethical<br />
values, management's operating<br />
style, delegation <strong>of</strong> authority<br />
systems, as well as <strong>the</strong> processes<br />
for managing and developing<br />
people in <strong>the</strong> organization.<br />
n Risk assessment<br />
Every entity faces a variety <strong>of</strong><br />
risks from external and internal<br />
sources that must be assessed. A<br />
precondition to risk assessment<br />
is <strong>the</strong> establishment <strong>of</strong> objectives<br />
and thus, risk assessment<br />
is <strong>the</strong> identification and analysis<br />
<strong>of</strong> relevant risks to <strong>the</strong> achievement<br />
<strong>of</strong> assigned objectives.<br />
Risk assessment is a prerequisite<br />
for determining how <strong>the</strong> risks<br />
should be managed.<br />
n Control activities<br />
Control activities are <strong>the</strong> policies<br />
and procedures that help ensure<br />
management directives are carried<br />
out. Control activities occur<br />
throughout <strong>the</strong> organization, at<br />
all levels and in all functions.<br />
They include a range <strong>of</strong> activities<br />
as diverse as approvals, authorizations,<br />
verifications, reconciliations,<br />
reviews <strong>of</strong> operating<br />
performance, security <strong>of</strong> assets<br />
and segregation <strong>of</strong> duties.<br />
n Information and<br />
communication<br />
Information systems play a key<br />
role in internal control systems<br />
as <strong>the</strong>y produce reports, including<br />
operational, financial and<br />
compliance-related information.<br />
In a broader sense, effective<br />
communication must ensure<br />
information flows down, across<br />
and up <strong>the</strong> organization. Effective<br />
communication should also be<br />
ensured with external parties, such<br />
as customers, suppliers, regulators,<br />
and shareholders about related<br />
policy positions.<br />
n Monitoring<br />
Internal control systems need<br />
to be monitored—a process<br />
that assesses <strong>the</strong> quality <strong>of</strong> <strong>the</strong><br />
system's performance over time.<br />
This is accomplished through<br />
ongoing monitoring activities<br />
or separate evaluations. Internal<br />
control deficiencies detected<br />
through <strong>the</strong>se monitoring activities<br />
should be reported upstream<br />
and corrective actions should<br />
be taken to ensure continuous<br />
improvement <strong>of</strong> <strong>the</strong> system.<br />
If you are in <strong>the</strong> “compliance<br />
business” <strong>the</strong> concepts may look<br />
familiar to you if you have read<br />
<strong>the</strong> Office <strong>of</strong> Inspector General’s<br />
(OIG) model compliance program<br />
guidance, <strong>the</strong> US Federal<br />
Sentencing Guidelines, and/or a<br />
Corporate Integrity Agreement<br />
(CIA). To write this article, I<br />
checked out <strong>the</strong> OIG website to<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
make sure I had <strong>the</strong> correct dates<br />
for program guidance, and this<br />
is <strong>the</strong> OIG’s introduction to <strong>the</strong><br />
program guidance section:<br />
OIG has developed a series <strong>of</strong><br />
voluntary compliance program<br />
guidance documents directed<br />
at various segments <strong>of</strong> <strong>the</strong><br />
health care industry, such as<br />
hospitals, nursing homes,<br />
third-party billers, and durable<br />
medical equipment suppliers,<br />
to encourage <strong>the</strong> development<br />
and use <strong>of</strong> internal controls to<br />
monitor adherence to applicable<br />
statutes, regulations, and program<br />
requirements. (Emphasis<br />
added)<br />
When I came across <strong>the</strong> word<br />
“voluntary” my initial reaction<br />
was “not really,” if you look at <strong>the</strong><br />
Federal Sentencing Guidelines and<br />
<strong>the</strong> content <strong>of</strong> CIAs. Table 1 on<br />
page 62 illustrates how <strong>the</strong> COSO<br />
framework maps to <strong>the</strong> “reality” <strong>of</strong><br />
health care compliance.<br />
For <strong>the</strong> sake <strong>of</strong> simplicity, this<br />
table does not address Sarbanes<br />
Oxley, <strong>the</strong> Government Auditing<br />
Office “Yellow Book” Standards,<br />
and o<strong>the</strong>r guidelines that exist.<br />
However, <strong>the</strong>se standards or<br />
regulations could also be mapped<br />
to <strong>the</strong> original COSO framework<br />
around internal control.<br />
So who is responsible for all <strong>of</strong><br />
this Well, <strong>the</strong> guidance suggests<br />
Continued on page 62<br />
<strong>December</strong> 2011<br />
61
How internal controls support compliant business practices: Part 1 ...continued from page 61<br />
“management” is responsible<br />
for internal control. Managers<br />
are responsible for establishing<br />
policies and processes and<br />
providing management oversight<br />
(monitoring) to ensure <strong>the</strong> procedures<br />
(controls) are being executed<br />
as management intended. 1<br />
What about <strong>the</strong> chief compliance<br />
<strong>of</strong>ficer (CCO) Well, <strong>the</strong> guidance<br />
suggests <strong>the</strong> CCO is responsible<br />
for overseeing (monitoring) and<br />
managing compliance issues within<br />
an organization, ensuring <strong>the</strong><br />
Table 1<br />
COSO Internal<br />
Control Framework<br />
Component (1992)<br />
Control<br />
Environment<br />
Risk Assessment<br />
Control Activities<br />
Information &<br />
Communication<br />
Monitoring<br />
OIG <strong>Compliance</strong> Program Guidance<br />
– exact language from model guidance<br />
(1998 – 2008)<br />
Designation <strong>of</strong> a chief compliance <strong>of</strong>ficer<br />
and o<strong>the</strong>r appropriate bodies, (e.g., a<br />
Corporate <strong>Compliance</strong> Committee,<br />
charged with <strong>the</strong> responsibility <strong>of</strong> operating<br />
and monitoring <strong>the</strong> compliance<br />
program, and who report directly to <strong>the</strong><br />
CEO and <strong>the</strong> governing body)<br />
Additional risk areas should be assessed as well<br />
and incorporated into <strong>the</strong> written policies and<br />
procedures and training elements developed<br />
as part <strong>of</strong> <strong>the</strong>ir compliance programs.<br />
Development and distribution <strong>of</strong> written<br />
standards <strong>of</strong> conduct, as well as written<br />
policies and procedures that promote<br />
commitment to compliance.<br />
Development and implementation <strong>of</strong><br />
regular, effective education and training<br />
programs for all affected employees.<br />
Maintenance <strong>of</strong> a process, such as a<br />
hotline, to receive complaints, and <strong>the</strong><br />
adoption <strong>of</strong> procedures to protect <strong>the</strong><br />
anonymity <strong>of</strong> complainants and to<br />
protect whistleblowers from retaliation.<br />
Use <strong>of</strong> audits and/or o<strong>the</strong>r evaluation techniques<br />
to monitor compliance and assist in<br />
<strong>the</strong> reduction <strong>of</strong> identified problem area.<br />
Although many monitoring techniques<br />
are available, one effective tool to<br />
promote and ensure compliance is <strong>the</strong><br />
performance <strong>of</strong> regular, periodic compliance<br />
audits by internal or external auditors<br />
who have expertise in federal and<br />
state health care statutes, regulations, and<br />
federal health care program requirements.<br />
Federal Sentencing<br />
Guidelines Chapter 8<br />
(2004)<br />
§8B2.1.(a)(2) Promote<br />
organizational culture<br />
§8B2.1.(b)(2)(A)<br />
Governing authority’s<br />
knowledge <strong>of</strong> program<br />
§8B2.1.(b)(1) Standards<br />
and procedures<br />
§8B2.1.(c) Periodic<br />
assessment <strong>of</strong> risk<br />
§8B2.1.(b)(1)<br />
Standards and<br />
procedures<br />
§8B2.1.(b)(4)(A)<br />
<strong>Compliance</strong> training<br />
§8B2.1.(b)(5)(A)<br />
Monitoring and<br />
auditing activities<br />
§8B2.1.(b)(5)(B)<br />
Evaluate effectiveness<br />
<strong>of</strong> compliance and<br />
ethics program<br />
Corporate Integrity<br />
Agreement,<br />
typically Section III<br />
<strong>Compliance</strong> Officer<br />
& Committee<br />
Board <strong>of</strong> Director’s<br />
compliance<br />
obligations<br />
Code <strong>of</strong> Conduct<br />
Language can be<br />
present but not<br />
standard<br />
Policies and<br />
procedures<br />
Board reporting<br />
Training & Education<br />
Notifications to<br />
government<br />
Implementation and<br />
annual reporting<br />
(Section V, typically)<br />
Review procedures<br />
<strong>December</strong> 2011<br />
62<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org
organization is complying with<br />
regulatory requirements, and that<br />
<strong>the</strong> organization and its employees<br />
are complying with internal policies<br />
and procedures (controls). 2<br />
What about <strong>the</strong> Internal Audit<br />
department Again <strong>the</strong> Institute<br />
<strong>of</strong> Internal Auditors pr<strong>of</strong>essional<br />
practice standards indicate internal<br />
auditors perform audits to evaluate<br />
whe<strong>the</strong>r <strong>the</strong> policies and processes<br />
are designed and operating effectively<br />
and providing recommendations<br />
for improvement. 3<br />
Internal controls can be preventive<br />
or detective and manual or<br />
automated. Ideally, <strong>the</strong>re would<br />
be higher reliance on preventive<br />
controls, activities, and processes<br />
that support “doing it right <strong>the</strong><br />
first time” ra<strong>the</strong>r than detective<br />
controls that identify errors<br />
after <strong>the</strong> fact. The reason is that<br />
detective controls can be a lower<br />
priority and overlooked, with so<br />
many competing priorities in a<br />
manager’s busy day. In <strong>the</strong> age<br />
<strong>of</strong> technology, it is also ideal to<br />
have automated controls ra<strong>the</strong>r<br />
than manual controls. Automated<br />
controls can serve as prompts to<br />
help employees follow established<br />
processes or help ensure accurate<br />
information is entered that o<strong>the</strong>rs<br />
can rely on later in <strong>the</strong> process,<br />
to name a few. With <strong>the</strong> rapid<br />
implementation <strong>of</strong> electronic<br />
medical records, we <strong>of</strong>ten don’t<br />
maximize <strong>the</strong> functionality during<br />
<strong>the</strong> design processes, which is a<br />
significant lost opportunity to<br />
address ongoing compliance issues<br />
that could be improved with <strong>the</strong><br />
help <strong>of</strong> technology.<br />
Conclusion<br />
In <strong>the</strong> end, an effective internal<br />
control structure is <strong>the</strong> foundation<br />
<strong>of</strong> good business, which includes<br />
compliance. As <strong>the</strong> voice <strong>of</strong> <strong>the</strong><br />
seasoned compliance pr<strong>of</strong>essionals,<br />
we challenge you, as a compliance<br />
<strong>of</strong>ficer, to learn more about<br />
internal controls. When something<br />
is not going right, look at <strong>the</strong><br />
internal control structure to help<br />
determine what could be implemented<br />
to mitigate <strong>the</strong> risk going<br />
forward. I have seen many corrective<br />
action plans that state policies<br />
and procedures will be developed<br />
and/or training will be provided.<br />
Granted <strong>the</strong>se elements are part<br />
<strong>of</strong> <strong>the</strong> internal control framework<br />
but <strong>the</strong>y are not <strong>the</strong> most reliable<br />
controls. Dig fur<strong>the</strong>r and see what<br />
can be done to implement checks<br />
and balances in <strong>the</strong> process, as <strong>the</strong><br />
process is occurring. That is <strong>of</strong>ten<br />
<strong>the</strong> key to mitigating many compliance<br />
risks. n<br />
1. COSO Internal Control-Integrated Framework,<br />
1994<br />
2. Scott Cohen, editor and publisher <strong>of</strong><br />
<strong>Compliance</strong> Week, dates <strong>the</strong> proliferation<br />
<strong>of</strong> CCOs to a 2002 speech by SEC commissioner<br />
Cynthia Glassman. (See http://<br />
en.wikipedia.org/wiki/Chief_compliance_<br />
<strong>of</strong>ficer)<br />
3. Institute <strong>of</strong> Internal Auditors: International<br />
Pr<strong>of</strong>essional Practices Framework (IPPF).<br />
Published by The IIA Research Foundation,<br />
2009.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
False Claims<br />
Act Training<br />
Doesn’t Have<br />
to Be Hard<br />
A Supplement to Your<br />
Deficit Reduction Act<br />
<strong>Compliance</strong> Training<br />
Program <strong>of</strong>fers a clear,<br />
concise review <strong>of</strong> <strong>the</strong><br />
False Claims Act and<br />
its impact on federal<br />
health care programs.<br />
Bulk pricing<br />
available for<br />
HCCA members.<br />
To order, visit<br />
www.hcca-info.org,<br />
or call 888-580-8373.<br />
<strong>December</strong> 2011<br />
63
SaVe tHe Date!<br />
Space is limited to 70 attendees<br />
Improving Governance Practices<br />
Audit &<br />
<strong>Compliance</strong><br />
committee conference<br />
February 13–14, 2012<br />
Scottsdale, AZ<br />
This conference is designed for board members and<br />
members <strong>of</strong> a board audit and/or compliance committee <strong>of</strong><br />
not-for-pr<strong>of</strong>it health care organizations. <strong>Compliance</strong> <strong>of</strong>ficers<br />
may attend with <strong>the</strong>ir board member(s). CEOs, CFOs, and<br />
o<strong>the</strong>r senior <strong>of</strong>ficers are also welcome to attend.<br />
Learn more at<br />
www.auditcompliancecommittee.org<br />
<strong>December</strong> 2011<br />
64<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org
Publisher: <strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association<br />
888-580-8373<br />
Executive Editor: Roy Snell, CEO, roy.snell@hcca-info.org<br />
Contributing Editor: Gabriel Imperato, Esq., CHC<br />
Editor: Margaret R. Dragon<br />
781-593-4924, margaret.dragon@hcca-info.org<br />
Copy Editor: Patricia Mees, CHC, CCEP<br />
888-580-8373, patricia.mees@hcca-info.org<br />
Layout and Production Manager: Gary DeVaan<br />
888-580-8373, gary.devaan@hcca-info.org<br />
HCCA Officers:<br />
Frank Sheeder, JD, CCEP<br />
HCCA President<br />
Partner<br />
DLA Piper<br />
Shawn Y. DeGroot, CHC-F,<br />
CHRC, CCEP<br />
HCCA Vice President<br />
Vice President <strong>of</strong> Corporate<br />
Responsibility<br />
Regional <strong>Health</strong><br />
John Falcetano, CHC-F, CIA,<br />
CCEP-F, CHRC, CHPC<br />
HCCA Second Vice President<br />
Chief Audit/<strong>Compliance</strong> Officer<br />
University <strong>Health</strong> Systems <strong>of</strong><br />
Eastern Carolina<br />
Gabriel L. Imperato, JD, CHC<br />
HCCA Treasurer<br />
Managing Partner<br />
Broad and Cassel<br />
Sara Kay Wheeler, JD<br />
HCCA Secretary<br />
Partner–Attorney<br />
King & Spalding<br />
Sheryl Vacca, CHC-F, CHRC,<br />
CCEP, CHPC<br />
Non-Officer Board Member<br />
Senior Vice President/Chief<br />
<strong>Compliance</strong> and Audit Services<br />
University <strong>of</strong> California<br />
Jenny O’Brien, JD, CHC, CHPC<br />
HCCA Immediate Past President<br />
Chief Medicare <strong>Compliance</strong> Officer<br />
United<strong>Health</strong>care Medicare & Retirement<br />
CEO/Executive Director:<br />
Roy Snell, CHC, CCEP-F<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association<br />
Counsel:<br />
Keith Halleland, Esq.<br />
Halleland Habicht PA<br />
Board <strong>of</strong> Directors:<br />
Urton Anderson, PhD, CCEP<br />
Chair, Department <strong>of</strong> Accounting and<br />
Clark W. Thompson Jr. Pr<strong>of</strong>essor in<br />
Accounting Education<br />
McCombs School <strong>of</strong> Business<br />
University <strong>of</strong> Texas<br />
Deann M. Baker, CHC,<br />
CCEP, CHRC<br />
Chief Corporate <strong>Compliance</strong> Officer<br />
Corporate <strong>Compliance</strong> & Integrity<br />
Services, Alaska Native Tribal <strong>Health</strong><br />
Consortium<br />
Ca<strong>the</strong>rine Boerner, JD, CHC<br />
President<br />
Boerner Consulting, LLC<br />
Julene Brown, RN, MSN, CHC, CPC<br />
Regional <strong>Compliance</strong> Director<br />
Organizational Integrity and <strong>Compliance</strong><br />
Essentia <strong>Health</strong> West Region<br />
Brian Flood, JD, CHC,<br />
CIG, AHFI, CFS<br />
National Managing Director<br />
KPMG LLP<br />
Margaret Hambleton, MBA,<br />
CPHRM, CHC<br />
Senior Vice President<br />
Ministry Integrity, Chief <strong>Compliance</strong><br />
Officer, St. Joseph <strong>Health</strong> System<br />
Robert A. Hussar, JD, MS, CHC<br />
Of Counsel<br />
Manatt, Phelps and Phillips LLP<br />
Robert H. Oss<strong>of</strong>f, DMD,<br />
MD, CHC<br />
Assistant Vice-Chancellor for<br />
<strong>Compliance</strong> & Corporate Integrity<br />
Vanderbilt University Medical Center<br />
Daniel Roach, JD<br />
Vice President<br />
<strong>Compliance</strong> and Audit<br />
Catholic <strong>Health</strong>care West<br />
Mat<strong>the</strong>w F. Tormey, JD, CHC<br />
Vice President<br />
<strong>Compliance</strong>, Internal Audit, and<br />
Security<br />
<strong>Health</strong> Management Associates<br />
Debbie Troklus, CHC-F, CCEP-F,<br />
CHRC, CHPC<br />
Managing Director<br />
Aegis <strong>Compliance</strong> and Ethics Center<br />
<strong>Compliance</strong> Today (CT) (ISSN 1523-8466) is published by <strong>the</strong> <strong>Health</strong> <strong>Care</strong><br />
<strong>Compliance</strong> Association (HCCA), 6500 Barrie Road, Suite 250, Minneapolis, MN<br />
55435. Periodicals postage-paid at Minneapolis, MN 55435. Postmaster: Send address<br />
changes to <strong>Compliance</strong> Today, 6500 Barrie Road, Suite 250, Minneapolis, MN 55435.<br />
Copyright 2011 <strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association. All rights reserved. Printed in<br />
<strong>the</strong> USA. Except where specifically encouraged, no part <strong>of</strong> this publication may be<br />
reproduced, in any form or by any means without prior written consent <strong>of</strong> <strong>the</strong> HCCA.<br />
For Advertising rates, call Margaret Dragon at 781-593-4924. Send press releases to<br />
M. Dragon, 41 Valley Road, Nahant, MA 01908. Opinions expressed are not those <strong>of</strong><br />
this publication or <strong>the</strong> HCCA. Mention <strong>of</strong> products and services does not constitute<br />
endorsement. Nei<strong>the</strong>r <strong>the</strong> HCCA nor CT is engaged in rendering legal or o<strong>the</strong>r<br />
pr<strong>of</strong>essional services. If such assistance is needed, readers should consult pr<strong>of</strong>essional<br />
counsel or o<strong>the</strong>r pr<strong>of</strong>essional advisors for specific legal or ethical questions.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
<strong>December</strong> 2011<br />
65
All 2011 Basic <strong>Compliance</strong><br />
Academies sold out.<br />
Register now for<br />
2012<br />
BAsiC CompliAnCe<br />
ACADeMieS<br />
New York, NY<br />
January 23–26, 2012<br />
San Francisco, CA<br />
Feb 13–16 , 2012<br />
San Antonio, TX<br />
March 26–29 , 2012<br />
Scottsdale, AZ<br />
June 4–7 , 2012<br />
New York, NY<br />
August 6–9 , 2012<br />
Location TBD<br />
Sept 10–13 , 2012<br />
Boston, MA<br />
Oct 1–4 , 2012<br />
Orlando, FL<br />
Nov 5–8 , 2012<br />
San Diego, CA<br />
Dec 10–13 , 2012<br />
REGIONAL<br />
CONFERENCES<br />
2012 REGIONAL CONFERENCES<br />
Sou<strong>the</strong>ast<br />
January 20 | Atlanta, GA<br />
South Atlantic<br />
January 27 | Orlando, FL<br />
Southwest<br />
February 17 | Dallas, TX<br />
Alaska<br />
March 1 - 2<br />
Anchorage, AK<br />
Upper North Central<br />
May 11 | Columbus, OH<br />
Upper North East<br />
May 18 | New York, NY<br />
NEW!<br />
Gulf Coast<br />
June 8 | Houston, TX<br />
Pacific Northwest<br />
June 15<br />
Seattle, WA<br />
West Coast<br />
June 22 | Newport Beach, CA<br />
New England<br />
September 7 | Boston, MA<br />
Upper Midwest<br />
September 14<br />
Minneapolis, MN<br />
Midwest<br />
September 21<br />
Overland Park, KS<br />
North Central<br />
October 5 | Indianapolis, IN<br />
East Central<br />
October 12 | Pittsburgh, PA<br />
Hawaii<br />
October 19 | Honolulu, HI<br />
Mountain<br />
October 26 | Denver, CO<br />
Mid Central<br />
November 9 | Louisville, KY<br />
Desert Southwest<br />
November 16 | Phoenix, AZ<br />
South Central<br />
November 30 | Nashville, TN<br />
NEW!<br />
Upper West Coast<br />
<strong>December</strong> 7 | Oakland, CA<br />
Learn more & register at<br />
www.hcca-info.org<br />
regiSTrATiON FOr eACh ACADeMY LiMiTeD<br />
TO 75 ATTeNDeeS<br />
HCCA’s <strong>Compliance</strong> Academy is a four-day intensive program<br />
focusing on subject areas at <strong>the</strong> heart <strong>of</strong> health care compliance<br />
practice. Courses are designed for participants who have a basic<br />
knowledge <strong>of</strong> compliance concepts and some pr<strong>of</strong>essional<br />
experience in a compliance function.<br />
ChC ® CerTiFiCATiON eXAM OFFereD<br />
FOLLOwiNg eACh ACADeMY<br />
Be recognized for your experience and knowledge in health care<br />
compliance! Take advantage <strong>of</strong> <strong>the</strong> opportunity to sit for an optional<br />
CHC ® exam on <strong>the</strong> last day <strong>of</strong> <strong>the</strong> Academy.<br />
LEARN MORE AND REGISTER AT<br />
WWW.HCCA-INFO.ORG<br />
<strong>December</strong> 2011<br />
66<br />
2012-HCCA-ALL-Academies_halfpage_2c_ad.indd 1<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
9/30/2011 2011-12-HCCARegionals_halfpage_2c_ad.indd 12:<strong>47</strong>:41 PM<br />
1<br />
10/27/2011 12:23:18 PM
esearch<br />
<strong>Compliance</strong><br />
Conference<br />
June 3–6, 2012<br />
austin, tX<br />
This is <strong>the</strong> research conference<br />
you cannot miss if you work for<br />
a research site, a CRO or SMO,<br />
a hospital or hospital system,<br />
a sponsor, or for clinicians/<br />
investigators who conduct<br />
research. Learn <strong>the</strong> latest<br />
trends in compliance with<br />
research accounting standards,<br />
clinical trial billing and process<br />
improvements, effort reporting,<br />
scientific misconduct, conflicts<br />
<strong>of</strong> interest, <strong>of</strong>f-label use issues,<br />
FDA compliance, and government<br />
enforcement trends. Hear from<br />
industry experts who can provide<br />
practical perspectives for handling<br />
research compliance risks.<br />
Learn more<br />
& register at<br />
www.hcca-info.org<br />
Try one <strong>of</strong> HCCA’s upcoming<br />
Web Conferences<br />
earn 1.2 CEU credits.<br />
It doesn’t get any easier.<br />
Records & Information Management-<br />
Managing Information Overload for<br />
<strong>Compliance</strong><br />
<strong>December</strong> 06, 2011<br />
HIPAA Audits<br />
<strong>December</strong> 08, 2011<br />
Ready for Action: Preparing Your<br />
Organization for Governmental Audits<br />
with Practical Steps for <strong>Compliance</strong><br />
<strong>December</strong> 19, 2011<br />
Stark-Beyond <strong>the</strong> Basics<br />
January 11, 2012<br />
Auditing Hospital/ Physician Financial<br />
Arrangements<br />
January 12, 2012<br />
How to Cope With <strong>Compliance</strong> Liabilities<br />
Using Technology<br />
January 17, 2012<br />
learn more at<br />
www.hcca-info.org/<br />
webconferences<br />
2012Research_halfpagevert_CTad.indd 1<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
10/27/2011 HCCAWebConferences_halfpage_2c.indd 12:34:16 PM<br />
1<br />
67<br />
<strong>December</strong> 2011<br />
10/27/2011 12:55:49 PM
<strong>December</strong> 2011<br />
68<br />
Documenting fair<br />
market value for<br />
physician contracting<br />
Editor’s note: Penny Stroud is<br />
Founder and CEO <strong>of</strong> MD Ranger,<br />
Inc., located in Burlingame,<br />
California. She may be contacted by<br />
telephone at 650/692-8873 or by<br />
e-mail at pstroud@mdranger.com.<br />
The rising costs <strong>of</strong> physician<br />
service contracts and<br />
compliance documentation<br />
is affecting hospitals across<br />
<strong>the</strong> country. California hospitals<br />
spend in excess <strong>of</strong> 3% <strong>of</strong> all<br />
expenses on non-salary physician<br />
costs for a broad range <strong>of</strong> services<br />
that includes medical direction,<br />
emergency call coverage, leadership<br />
positions, administrative<br />
services, diagnostic test interpretations,<br />
and more. In addition to<br />
<strong>the</strong> cost <strong>of</strong> service contracts, <strong>the</strong><br />
cost <strong>of</strong> fair market value (FMV)<br />
documentation for service contracting<br />
is rising as government<br />
oversight and enforcement efforts<br />
are increasing.<br />
All health care providers are<br />
subject to <strong>the</strong> regulations that<br />
require FMV compliance and<br />
documentation. There are a<br />
number <strong>of</strong> approaches to consider<br />
for <strong>the</strong> review <strong>of</strong> physician<br />
contracts and documentation <strong>of</strong><br />
compliance. The costs, associated<br />
By Penny Stroud<br />
risks, and benefits <strong>of</strong> each <strong>of</strong> <strong>the</strong>se<br />
approaches varies considerably.<br />
This article will explore <strong>the</strong> growing<br />
number <strong>of</strong> tools that enable<br />
hospitals, health systems, and<br />
o<strong>the</strong>r providers to institute cost<br />
effective strategies for controlling<br />
<strong>the</strong> cost and burden <strong>of</strong> compliance<br />
while upgrading <strong>the</strong> level<br />
<strong>of</strong> documentation for physician<br />
contracts.<br />
Trends in physician contracting<br />
and compliance costs<br />
The cost <strong>of</strong> physician contracts<br />
for non-salaried, non-billable<br />
services is rising rapidly for health<br />
facilities. Physicians are demanding<br />
more and higher pay for<br />
call coverage; medical direction;<br />
attendance at meetings; leadership<br />
positions; and many o<strong>the</strong>r teaching,<br />
research, and administrative<br />
functions that <strong>the</strong>y formerly provided<br />
without pay in exchange for<br />
medical staff privileges or visibility<br />
in a medical community.<br />
Data submitted to <strong>the</strong> California<br />
Office <strong>of</strong> Statewide <strong>Health</strong> Planning<br />
and Development 1 show<br />
that since 2000, <strong>the</strong>se costs<br />
have increased 14% per year<br />
for California hospitals, reaching<br />
more than $8 million per<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
hospital annually (see graph 1).<br />
Trauma hospitals pay considerably<br />
more. O<strong>the</strong>r types <strong>of</strong> providers,<br />
including nursing homes, dialysis<br />
centers, ambulatory surgery<br />
centers, and clinics experience<br />
similar demands for physician<br />
services. The growing burden <strong>of</strong><br />
administrative compliance, quality<br />
and peer review activities, and<br />
evidence-based practice protocols<br />
has increased <strong>the</strong> need for physician<br />
involvement in administrative<br />
and leadership functions at<br />
most health care organizations.<br />
Ano<strong>the</strong>r factor and trend impacting<br />
call compensation is <strong>the</strong> increasing<br />
number <strong>of</strong> uninsured patients who<br />
are treated in America’s dwindling<br />
Emergency Rooms. One recent<br />
study 2 found that <strong>the</strong> number <strong>of</strong><br />
hospital Emergency Departments<br />
(EDs) in urban areas fell 27%<br />
from 1990 to 2009, from 2,446<br />
EDs to 1,779. Overall, about<br />
two-thirds <strong>of</strong> EDs are at safety<br />
net hospitals, which tend to have<br />
a worse payer mix. Many call<br />
payments begin when physicians<br />
ask for compensation for treating<br />
uninsured patients in <strong>the</strong> ED, and<br />
later expand into full-fledged per<br />
diem payments for call coverage.<br />
Clinical integration initiatives,<br />
planning for health reform,<br />
electronic health records (EHR),<br />
and <strong>the</strong> development <strong>of</strong> Accountable<br />
<strong>Care</strong> Organizations also<br />
benefit from physician participation<br />
and leadership. Yet, decreased
eimbursement and <strong>the</strong> growing<br />
separation <strong>of</strong> many physicians’<br />
hospital and ambulatory practices<br />
have increased <strong>the</strong> challenge <strong>of</strong><br />
engaging physicians to participate<br />
in <strong>the</strong>se non-billable services.<br />
These trends, coupled with regulatory<br />
mandates, such as <strong>the</strong> Emergency<br />
Medical Treatment and<br />
Active Labor Act (EMTALA), are<br />
increasing <strong>the</strong> demand for services<br />
and <strong>the</strong> demand for payment by<br />
physician contractors.<br />
Government regulations mandate<br />
that payments to physicians by<br />
a provider meet FMV. <strong>Compliance</strong><br />
requires documentation <strong>of</strong><br />
comparable rates for comparable<br />
services. Many providers seek an<br />
outside FMV opinion from an<br />
expert valuation consultant, <strong>of</strong>ten<br />
at a cost <strong>of</strong> $3,000 to $10,000 per<br />
opinion. An analysis conducted<br />
by MD Ranger to evaluate <strong>the</strong><br />
FMV costs for outside opinions at<br />
a sample <strong>of</strong> 40 hospitals in California,<br />
found annual expenditures<br />
ranging from $5,000 to $100,000<br />
per hospital, with a strong upward<br />
Graph 1<br />
$8000<br />
$7000<br />
$6000<br />
$5000<br />
$4000<br />
$3000<br />
$2000<br />
$1000<br />
$0<br />
trend driven by heightened<br />
administrative and board requirements<br />
for objective documentation<br />
<strong>of</strong> FMV. 3<br />
As enforcement efforts raise <strong>the</strong><br />
bar on compliance documentation,<br />
<strong>the</strong>se costs are escalating at a time<br />
when most hospitals are working<br />
to reduce costs in anticipation <strong>of</strong><br />
health reform. Strategies to control<br />
<strong>the</strong> cost <strong>of</strong> physician contracts and<br />
<strong>the</strong> cost <strong>of</strong> documentation can be<br />
a critical component <strong>of</strong> addressing<br />
budget challenges.<br />
<strong>Compliance</strong> landscape<br />
Regulations governing FMV<br />
payment for physician contracts<br />
include <strong>the</strong> Stark, anti-kickback,<br />
and private inurement rules. These<br />
laws were passed to deter health<br />
care providers from paying physicians<br />
for referrals, colluding on<br />
price, or o<strong>the</strong>rwise manipulating<br />
physician relationships to disguise<br />
fraud and abuse.<br />
There is growing evidence that<br />
government enforcement efforts<br />
to ensure FMV are intensifying.<br />
Average Physician Expense in California Hospitals<br />
2000-2008, in thousands<br />
2000<br />
2001<br />
2002<br />
2003<br />
2004<br />
SOURCE: OSHPD Annual Financial Reports 1995-2008.<br />
2005<br />
2006<br />
2007<br />
2008<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
OIG reported in June 2011 that it<br />
expected to collect more than $3.4<br />
billion from fraud investigations,<br />
including anti-kickback cases, in<br />
2011. Between 2000 and 2010,<br />
almost 100 anti-kickback cases were<br />
settled with health care organizations,<br />
ranging from less than<br />
$100,000 to several million. Twenty<br />
new cases alone occurred in 2010<br />
through May 2011, with settlements<br />
ranging between $50,000<br />
and $7.3 million. At least five <strong>of</strong><br />
<strong>the</strong>se settlements included medical<br />
direction, administrative services, or<br />
call coverage components. 4<br />
Hospitals found guilty <strong>of</strong> noncompliance<br />
with FMV and documentation<br />
guidelines risk lawsuits,<br />
civil and monetary penalties,<br />
and even <strong>the</strong> loss <strong>of</strong> Medicare<br />
and Medicaid funding, as well as<br />
long and complicated settlement<br />
agreements.<br />
What and when to document<br />
In short, any negotiated agreements<br />
regarding physician<br />
compensation should always<br />
be documented, with pro<strong>of</strong> <strong>of</strong><br />
sources for FMV. The risk is just<br />
too high not to have documentation<br />
on file for all contracts.<br />
The laws require documentation<br />
for any type <strong>of</strong> payment to physicians<br />
(or o<strong>the</strong>r providers) who<br />
are in a position to refer patients,<br />
including payments for:<br />
n On-call coverage<br />
Continued on page 70<br />
<strong>December</strong> 2011<br />
69
Documenting fair market value for physician contracting ...continued from page 69<br />
<strong>December</strong> 2011<br />
70<br />
n Medical direction<br />
n Hospital-based services, such as<br />
emergency, radiology, anes<strong>the</strong>siology,<br />
or hospitalists<br />
n Leadership positions, such as<br />
chiefs <strong>of</strong> staff or o<strong>the</strong>r medical<br />
staff <strong>of</strong>ficers<br />
n Ad hoc or ongoing committee<br />
or administrative services work<br />
n Consulting for quality initiatives,<br />
peer review, and electronic<br />
health records<br />
n Over-read and test<br />
interpretations<br />
All <strong>of</strong> <strong>the</strong>se physician payment<br />
arrangements are eligible for<br />
review in a <strong>Compliance</strong> audit,<br />
as would any o<strong>the</strong>r agreement to<br />
pay a physician or group who is<br />
in a position to refer patients to<br />
ano<strong>the</strong>r provider.<br />
Fair market value is generally<br />
considered to be <strong>the</strong> price at<br />
which a service would change<br />
hands between a willing buyer and<br />
willing seller on <strong>the</strong> open market<br />
at arm’s length, when nei<strong>the</strong>r is<br />
under compulsion to complete <strong>the</strong><br />
transaction. Because <strong>the</strong>re is not<br />
an open market for most physician<br />
services, hospitals and valuators<br />
must find o<strong>the</strong>r ways to evaluate<br />
<strong>the</strong> FMV for arrangements.<br />
In addition to <strong>the</strong> FMV standards,<br />
payments must also be “commercially<br />
reasonable.” This term<br />
is a subjective test <strong>of</strong> a “standard<br />
<strong>of</strong> reasonableness” (i.e. what a<br />
reasonable entity would do in <strong>the</strong><br />
specific circumstance, taking all<br />
factors into account, and judged<br />
by <strong>the</strong> standards <strong>of</strong> <strong>the</strong> applicable<br />
business community). For a health<br />
care entity, this means that <strong>the</strong><br />
payment should reflect <strong>the</strong> business<br />
practice both for payment for<br />
<strong>the</strong> specific service, as well as for<br />
<strong>the</strong> amount <strong>of</strong> payment or time<br />
required to perform <strong>the</strong> service.<br />
Examples <strong>of</strong> agreements that do<br />
not pass <strong>the</strong> commercial reasonableness<br />
standard could include<br />
payment for excessive hours for a<br />
medical direction or administrative<br />
services agreement, payment<br />
for call coverage to a specialty<br />
with limited or no demand in<br />
<strong>the</strong> Emergency Department, or<br />
payment for multiple medical<br />
directors for <strong>the</strong> same or very<br />
similar services.<br />
Tools for documentation<br />
So, what can a provider do to<br />
ensure an agreement is within<br />
FMV and is commercially reasonable<br />
There are a few options for<br />
staying compliant. Some hospital<br />
administrators call colleagues at<br />
o<strong>the</strong>r health care organizations<br />
to ask about going rates. This<br />
method could help determine<br />
what o<strong>the</strong>r hospitals in a similar<br />
geography are paying, but it is<br />
unlikely to hold up to scrutiny,<br />
and at worst, could be construed<br />
as anti-competitive behavior.<br />
A more objective, systematic<br />
approach will provide more<br />
“cover” from government scrutiny.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
Once it is determined that<br />
compensation is necessary for a<br />
physician contract, hospitals must<br />
document that <strong>the</strong> rate agreed<br />
upon is FMV. In many cases,<br />
high-quality market data—that<br />
with a robust sample—is acceptable<br />
as documentation <strong>of</strong> FMV.<br />
These market data also provide<br />
information that can be helpful in<br />
negotiating contracts and managing<br />
physicians’ expectations.<br />
National benchmark data for all<br />
or some <strong>of</strong> <strong>the</strong>se services is published<br />
by several sources, including<br />
MD Ranger, Inc., Sullivan<br />
Cotter, Inc., and <strong>the</strong> Medical<br />
Group Management Association<br />
(MGMA). Non-salary physician<br />
service cost data is a new area,<br />
with more limited information<br />
sources compared to <strong>the</strong> availability<br />
<strong>of</strong> physician salary and<br />
compensation data.<br />
Compensation benchmarking<br />
data is typically collected on an<br />
annual basis via survey to update<br />
information and benchmarks<br />
for on-call coverage, medical<br />
direction, hospital-based services,<br />
various contract non-payment<br />
terms, and certain diagnostic and<br />
testing services. Several <strong>of</strong> <strong>the</strong><br />
surveys include hourly rates and<br />
hours required for various medical<br />
directorships. Hospitals using<br />
survey data and benchmarking<br />
databases for documentation are<br />
seeing a decrease in <strong>the</strong> need for<br />
FMV consultants, and sometimes
even a decrease in physician payments,<br />
as <strong>the</strong>y bring <strong>the</strong> number<br />
<strong>of</strong> hours or hourly rates into line<br />
with industry benchmarks. Many<br />
valuation consultants recommend<br />
use <strong>of</strong> <strong>the</strong> 25th to 75th percentile<br />
range <strong>of</strong> published benchmarks to<br />
document FMV.<br />
For unusual or very expensive<br />
situations, it may still be necessary<br />
or advisable to obtain an independent<br />
FMV opinion. Examples <strong>of</strong><br />
such circumstances might include<br />
<strong>the</strong> need to justify a higher-thanmarket<br />
rate for hiring a nationally<br />
renowned physician for a specialty<br />
center, or implementation <strong>of</strong> an<br />
EHR system that requires exceptional<br />
participation <strong>of</strong> a physician<br />
champion.<br />
Ano<strong>the</strong>r instance could be when<br />
a physician is demanding higher<br />
than market rates for call coverage,<br />
because <strong>of</strong> limited supply in<br />
<strong>the</strong> community, but <strong>the</strong> hospital<br />
must provide coverage due to<br />
EMTALA. Hospitals needing<br />
a formal FMV opinion should<br />
engage a pr<strong>of</strong>essional who:<br />
n takes into account local, regional,<br />
and national market data;<br />
n has <strong>the</strong> experience to evaluate<br />
<strong>the</strong> unique features <strong>of</strong> a particular<br />
service and organizational<br />
needs; and<br />
n has experience employing <strong>the</strong><br />
cost method <strong>of</strong> valuation to<br />
<strong>estimate</strong> costs <strong>of</strong> providing <strong>the</strong><br />
service. In this method, <strong>the</strong><br />
valuation experts calculates<br />
what it will cost <strong>the</strong> physician<br />
to provide <strong>the</strong> service relative to<br />
his/her expected income from<br />
o<strong>the</strong>r sources. However, be<br />
aware that payments for nonclinical<br />
services are not meant<br />
to replace lost income. OIG<br />
specifically cautions against<br />
taking into account <strong>the</strong> value <strong>of</strong><br />
“lost opportunity” when formulating<br />
on-call or o<strong>the</strong>r physician<br />
arrangements.<br />
Finally, an organization can seek a<br />
competitive bid for a service. This<br />
can be a costly and time-consuming<br />
process that could end with <strong>the</strong><br />
lowest bid being much higher than<br />
anticipated. However, it may be necessary<br />
if payment demands exceed<br />
industry benchmarks or standards<br />
for commercial reasonableness.<br />
Summary<br />
The risk <strong>of</strong> failing to comply with<br />
FMV payments and documentation<br />
is increasing. However, new<br />
sources <strong>of</strong> published benchmark<br />
data and consistent use <strong>of</strong> standards<br />
and documentation can<br />
reduce <strong>the</strong> cost <strong>of</strong> compliance and<br />
<strong>the</strong> risk <strong>of</strong> overpayment.<br />
1. California Office <strong>of</strong> Statewide <strong>Health</strong> Planning<br />
and Development. Available at http://<br />
mdranger.com/services-benefits.html<br />
2. California <strong>Health</strong>line: Number <strong>of</strong> Emergency<br />
Departments Decreasing in U.S.,<br />
Study Concludes. http://www.californiahealthline.org/articles/2011/5/18/number<strong>of</strong>-emergency-departments-decreasing-inus-study-concludes.aspx<br />
(May 2011).<br />
3. MD Ranger analysis (proprietary information)<br />
4. Enforcement statistics available at http://<br />
oig.hhs.gov/newsroom/news-releases/2011/<br />
sar_release.asp<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
Medicaid RACs: Tool <strong>of</strong> transparency or<br />
torment ...continued from page 46<br />
support claims as appropriate<br />
from coding, clinical, and legal<br />
perspectives; and determine <strong>the</strong><br />
best approach for coordination<br />
<strong>of</strong> <strong>the</strong>se efforts. In our experience<br />
with Medicare RACs, providers<br />
are usually fully capable <strong>of</strong><br />
doing all <strong>of</strong> this with a reasonable<br />
amount <strong>of</strong> outside legal support,<br />
as opposed to outsourcing all or<br />
substantial parts <strong>of</strong> <strong>the</strong>se tasks to<br />
lawyers or consultants. n<br />
1. Medicaid Program; Recovery Audit<br />
Contractors, 76 Fed. Reg. 57,808, 57,812<br />
(Sept. 16 2011)<br />
2. From <strong>the</strong> children’s classic The Story <strong>of</strong><br />
Doctor Dolittle by Hugh L<strong>of</strong>ting, Peter<br />
Glassman, Fredrick McKissack.<br />
3. From <strong>the</strong> 1993 psychological thriller film<br />
The Good Son, directed by Joseph Ruben<br />
and written by Ian McEwan, starring Macaulay<br />
Culkin, Elijah Wood, and Wendy<br />
Crewson.<br />
4. Medicaid Program: Recovery Audit Contractors,<br />
supra note 1, at 57,814, 57,823.<br />
5. Medicaid Program: Recovery Audit Contractors,<br />
supra note 1, at 57,824.<br />
6. Medicaid Program: Recovery Audit Contractors,<br />
supra note 1, at 57,816.<br />
Contact Us!<br />
www.hcca-info.org<br />
info@hcca-info.org<br />
Fax: 952/988-0146<br />
HCCA<br />
6500 Barrie Road, Suite 250<br />
Minneapolis, MN 55435<br />
Phone: 888/580-8373<br />
To learn how to place an<br />
advertisment in <strong>Compliance</strong><br />
Today, contact Margaret<br />
Dragon: e-mail:<br />
margaret.dragon@hcca-info.org<br />
phone: 781/593-4924<br />
<strong>December</strong> 2011<br />
71
<strong>Health</strong> <strong>Care</strong> Privacy<br />
<strong>Compliance</strong> Handbook<br />
This book will help privacy pr<strong>of</strong>essionals sort through <strong>the</strong> complex<br />
regulatory framework and significant privacy issues facing health<br />
care organizations. Written by <strong>the</strong> faculty <strong>of</strong> HCCA’s Basic Privacy<br />
<strong>Compliance</strong> Academy, it <strong>of</strong>fers up-to-date guidance on:<br />
• HIPAA<br />
• HITECH<br />
• FERPA<br />
• The Federal Privacy Act<br />
• Privacy and Research<br />
• Vendor Relations<br />
• Payor Privacy Issues<br />
• Auditing & Monitoring<br />
HealtH <strong>Care</strong> PrivaCy ComPlianCe Handbook<br />
Qty<br />
Cost<br />
________ HCCA Members: $149 ..........................$ __________<br />
________ Non-Members: $169 ................................$ __________<br />
________ Join HCCA: $200 .........................................$ __________<br />
Non-members, add $200 to join HCCA, and pay member<br />
prices for your order (regulAr dues $295/yeAr)<br />
sales tax for mn (6.875%) or pa (8%) $ __________<br />
Contact information (PleAse tyPe or PriNt)<br />
total $ __________<br />
make check payable to HCCa and mail to:<br />
HCCA, 6500 Barrie Road, Suite 250<br />
Minneapolis, MN 55435<br />
or fax order to: 952-988-0146<br />
My organization is tax exempt<br />
Check enclosed<br />
Invoice me | Purchase Order #<br />
I authorize HCCA to charge my credit card (choose below):<br />
AmericanExpress Diners Club MasterCard Visa<br />
Credit Card Account Number<br />
HCCA Member ID<br />
First Name M.I. Last Name<br />
Title<br />
Organization<br />
Street Address<br />
Credit Card Expiration Date<br />
Cardholder’s Name<br />
Cardholder’s Signature<br />
Prices subject to change without notice. HCCA will charge your credit card <strong>the</strong> correct amount if <strong>the</strong><br />
total above is incorrect. All purchases within <strong>the</strong> continental U.S. receive free FedEx Ground shipping.<br />
Additional charges apply for international orders: please contact HCCA for more information. HCCA is<br />
required to charge sales tax on purchases from Minnesota and Pennsylvania. Please calculate this in<br />
<strong>the</strong> cost <strong>of</strong> your order: PA = 8% and MN = 6.875%. (Federal tax id: 23-2882664)<br />
City State Zip<br />
Telephone<br />
6500 Barrie Road, Suite 250<br />
Minneapolis, MN 55435<br />
Phone 888-580-8373 | Fax 952-988-0146<br />
www.hcca-info.org | helpteam@hcca-info.org<br />
Fax<br />
E-mail<br />
<strong>December</strong> 2011<br />
72<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org
New HCCA Members<br />
Alabama<br />
n Patricia A. Davis, <strong>Health</strong>South<br />
n Wanda Hayes, <strong>Health</strong>South<br />
n Melanie P. Medley,<br />
<strong>Health</strong>South<br />
n Rosalyn M. Spencer,<br />
<strong>Health</strong>South<br />
Arizona<br />
n Sally A. Aubrey, Abrazo<br />
<strong>Health</strong> <strong>Care</strong><br />
n Mary A. Kimmel, ABC Medical<br />
Billing Consultants<br />
n Patrick Peters, MGRMC<br />
Arkansas<br />
n Wayne Winkle, Western<br />
Arkansas Counseling &<br />
Guidance Ctr<br />
California<br />
n Merritt Quisumbing Anderson,<br />
Kaiser Permanente<br />
n Cynthia Bonner<br />
n Cheryl A. Busch, Tenet<br />
<strong>Health</strong>care Corporation<br />
n Laura Byrne, On Lok Senior<br />
<strong>Health</strong> Services<br />
n Susan K. Byrne, Los Alamitos<br />
Medical Center<br />
n Rebecca Chavez, CalOptima<br />
n Wendi Hodgen, Gardner<br />
Family <strong>Health</strong> Network, Inc<br />
n Eileen M. Kunz, On Lok Sr<br />
<strong>Health</strong> Svcs<br />
n Eric Nelson, Secure Privacy<br />
Solutions<br />
n Hanifa H. Staine, Molina<br />
<strong>Health</strong>care<br />
n Erica Stanley, UCLA-Dept <strong>of</strong><br />
Pediatrics<br />
n Gary Thompson, Nuvasive, Inc<br />
n Patricia Annabel Vaughn,<br />
CalOptima<br />
Colorado<br />
n Christine Lukowicz, Quest<br />
Diagnostics<br />
n Barbara Mettler, Spanish Peaks<br />
Mental <strong>Health</strong> Ctr<br />
n Lori Silva, Mt. San Rafael<br />
Hospital<br />
Delaware<br />
n Patty Resnik, Christiana <strong>Care</strong><br />
<strong>Health</strong> System<br />
District <strong>of</strong> Columbia<br />
n Nina Kudszus, Booz Allen<br />
Hamilton<br />
n Aaron M. Testa, Dept <strong>of</strong><br />
VA <strong>Compliance</strong> & Business<br />
Integrity<br />
Florida<br />
n Renee Bentley, Huron<br />
Consulting Group<br />
n Jayshree Chulani, West Boca<br />
Medical Center<br />
n Barbara J. Grimaldi, Indian<br />
River Med Center<br />
n Elizabeth Hernandez, Apollo<br />
Information Services<br />
n Sheila Keene-Lund, Villa<br />
Medical Group<br />
n Alexandra Plasencia, MCCI<br />
Medical Holdings, LLC<br />
n William Thomas, Protiviti, Inc<br />
n Cynthia Vorhees, Dell<br />
Georgia<br />
n Pamela J. Alexander, Atlanta<br />
Cancer <strong>Care</strong> PC<br />
n Sonia O. Delbridge, Emory<br />
University<br />
n Michell Thurmond, AWAC<br />
LLC<br />
Illinois<br />
n Lesley Arca<br />
n Amrita D. Goel, Accretive<br />
<strong>Health</strong> Inc<br />
n Katie Randall, Resurrection<br />
<strong>Health</strong> <strong>Care</strong><br />
n Susan M. Strickland, Central<br />
DuPage Hospital<br />
n Denise Sunderland, OSF Saint<br />
Francis Inc<br />
n David Verona<br />
n Denise Williams, Illinois Dept<br />
<strong>of</strong> <strong>Health</strong> Human Services<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
Indiana<br />
n LaMont Freeze, Memorial<br />
<strong>Health</strong> System, Inc<br />
n Sheila Witous, Radiology, PC<br />
Iowa<br />
n Nancy June Sharp, Harden<br />
<strong>Health</strong>care at Iowa Hospice<br />
Kentucky<br />
n Brandy Blackburn, White<br />
House Clinics<br />
Louisiana<br />
n Michael Lightfoot, Ochsner<br />
Corporate Integrity<br />
n Ann J. Mobley, North Oaks<br />
Medical Center<br />
n Pam S. Robinson, North Oaks<br />
<strong>Health</strong> System<br />
Maryland<br />
n Kylie McCleaf, Family Services, Inc<br />
n Paula Polek, Johns Hopkins<br />
<strong>Health</strong><strong>Care</strong> LLC<br />
Massachusetts<br />
n Douglas G. Bush, Fresenius<br />
Medical <strong>Care</strong> North America<br />
n Candace Darcy, Behavioral<br />
<strong>Health</strong> Network<br />
n Thomas A. Dumas, NHIC<br />
- Medicare<br />
n Joseph Passeneau, MBHP<br />
n Roxanne Van De Water,<br />
Advocates, Inc.<br />
Michigan<br />
n Margaret Chappell, Touchstone<br />
Innovare<br />
n Dirk Love, Shiawassee County<br />
CMH<br />
n Donna O’Connor, Vanguard<br />
<strong>Health</strong> Systems<br />
n Margaret Predhomme<br />
n William D. Smith, Hurley<br />
Medical Center<br />
Minnesota<br />
n Casey Berndt, Blue Cross Blue<br />
Shield <strong>of</strong> Minnesota<br />
<strong>December</strong> 2011<br />
73
New Members ...continued from page 73<br />
<strong>December</strong> 2011<br />
74<br />
n Nicholas Cichowicz, Target<br />
n Peter J. Eng, Prime<br />
Therapeutics<br />
n Chandelle Heyer, Blue Cross<br />
Blue Shield <strong>of</strong> Minnesota<br />
n Carrie Jenkins, Blue Cross Blue<br />
Shield <strong>of</strong> Minnesota<br />
n Mat<strong>the</strong>w Landis, Hill-Rom<br />
Company, Inc<br />
n Deborah Nitti, Blue Cross Blue<br />
Shield <strong>of</strong> Minnesota<br />
n Pamela Ann Shotts<br />
Mississippi<br />
n Karen Deavenport, CSCS <strong>of</strong><br />
Mississippi<br />
Missouri<br />
n Tomi Hagan, Wright Memorial<br />
Hospital<br />
n Stephen Johans, Western<br />
Anes<strong>the</strong>siology Associates, Inc<br />
n Rocky L. McLain, Northwest<br />
Medical Center<br />
n Suzanne R. Shepherd, Mobile<br />
Medial Services, Inc<br />
n Amy Stehli, Surgery Center <strong>of</strong><br />
St. Joseph, LLC<br />
Nebraska<br />
n Laurie Dubas, Deloitte<br />
New Jersey<br />
n Jennifer Krusa<br />
n Linda Penston, Cooper<br />
University Hospital<br />
n Margaret Sparks, San<strong>of</strong>i US<br />
New Mexico<br />
n Debra Gonzales<br />
n Rebecca Wahler, LCF Research<br />
New York<br />
n Ralph Hanselman, Oswego<br />
<strong>Health</strong><br />
n Chad Harris, New York<br />
Downtown Hospital<br />
n Paloma Hernandez, Urban<br />
<strong>Health</strong> Plan<br />
n Kristen Johnson, Huron<br />
Consulting Group<br />
n Kirsten Pope, CVPH Medical<br />
Center<br />
n Rosemarie Povinelli, Mercy<br />
Medical Ctr<br />
n Marie Saintelmy<br />
n Marguerite Spence, North<br />
Shore <strong>Health</strong> System<br />
n Natalya Tchedrik, Parent <strong>Care</strong><br />
Home <strong>Care</strong>, LLC<br />
n Beverly A. Welshans, UB<br />
Associates Inc<br />
n Barbara Wright, Inter-Lakes<br />
<strong>Health</strong>, Inc<br />
North Carolina<br />
n Rachel Mitchell, Applied<br />
Medical Systems<br />
North Dakota<br />
n Jeanne L. Folmer, Medcenter<br />
One<br />
n Tiffany Kramer-Richard, St<br />
Alexius Heart & Lung Clinic<br />
Ohio<br />
n Hayley Johnson, Holzer Clinic<br />
n Grace M. Lockett, The<br />
Princeton Group, Inc<br />
Oklahoma<br />
n Kari Johnston, Oklahoma<br />
Foundation for Medical <strong>Quality</strong><br />
Oregon<br />
n Kara Bastien, Agate <strong>Health</strong>care<br />
n Lisa Fischer, Hospice and<br />
Palliative <strong>Care</strong> <strong>of</strong> Washington<br />
County<br />
n Hea<strong>the</strong>r Seward, ID Experts<br />
Pennsylvania<br />
n Noelle Conners, St.<br />
Christopher’s Hospital for<br />
Children<br />
n Tracie Giles, Inglis Foundation<br />
n Kelly Hoover Thompson, The<br />
Hospital and <strong>Health</strong>system<br />
Association <strong>of</strong> Pennsylvania<br />
n Shari A. Kelly, Excela <strong>Health</strong><br />
n Kenneth Turner, Olympus<br />
Corp <strong>of</strong> <strong>the</strong> Americas<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
n Mat<strong>the</strong>w T. Uebele, Bravo<br />
<strong>Health</strong><br />
Puerto Rico<br />
n Limarie Gomez, RSM ROC &<br />
Company<br />
South Carolina<br />
n Robert Hamill, Hampton<br />
Regional Medical Center<br />
n Nancy Sprouse, Spartanburg<br />
Regional Medical Center<br />
n Rebecca Stroman, Hilton Head<br />
<strong>Health</strong>care<br />
Tennessee<br />
n John Arredondo, Tennessee<br />
Department <strong>of</strong> Mental <strong>Health</strong><br />
n Moni Cook, Church Street<br />
<strong>Health</strong> Mgmt<br />
n Jennifer S. Graham, Church<br />
Street <strong>Health</strong> Mgmt<br />
n Zack S. Griffith, Tennessee<br />
Dept <strong>of</strong> Mental <strong>Health</strong><br />
n Pamela W. Guthrie, Wright<br />
Medical Technology<br />
n Dawn Praytor, Center<br />
for Sports Medicine and<br />
Orthopaedics<br />
n Kayla Wiley, Emdeon<br />
n Jamilah Wood, St Jude<br />
Children’s Research Hosp<br />
Texas<br />
n Cynthia D. Chambers,<br />
Parkland <strong>Health</strong> & Hospital<br />
System<br />
n Robbie L. Evans, Harden<br />
<strong>Health</strong>care<br />
n Jayne Fleck Pool<br />
n Susan Jacobson, MD Anderson<br />
Cancer Center<br />
n Andy G. Navarro, Trinity<br />
Mo<strong>the</strong>r Frances <strong>Health</strong> System<br />
n Amy Osborn, Children’s<br />
Medical Ctr <strong>of</strong> Dallas<br />
n Keely Scamperle, Wright<br />
Medical Technology<br />
n Cindy Simmonds, Conifer<br />
<strong>Health</strong> Solutions
What could you do with<br />
The Power <strong>of</strong> Certainty<br />
Imagine being so consistent and accurate<br />
in outpatient charging, you’d always know<br />
where you were going to land. Your CEO<br />
could launch cost-saving finance initiatives,<br />
without putting your hospital in <strong>the</strong><br />
compliance hot seat. You could better<br />
preserve revenue, without compromising<br />
revenue integrity. And you could do it all,<br />
without takeback audit programs throwing<br />
you <strong>of</strong>f balance. This is <strong>the</strong> advantage <strong>of</strong><br />
going with a proven revenue management<br />
solution. This is The Power <strong>of</strong> Certainty TM .<br />
Proven solutions for consistent,<br />
accurate outpatient charging.<br />
www.lynxmed.com<br />
© 2011 LYNX Medical Systems, now part <strong>of</strong> OptumInsight. All rights reserved “LYNX”, LYNX Medical Systems, E/Point, I/Point, C/Point and <strong>the</strong> Power <strong>of</strong> Certainty may be trademarks or registered trademarks <strong>of</strong> LYNX Medical Systems in <strong>the</strong> United States.<br />
Highest Shallow Dive by Pr<strong>of</strong>essor Splash, image courtesy <strong>of</strong> Guinness World Records Limited.<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org<br />
<strong>December</strong> 2011<br />
75
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association’s 16 th Annual<br />
<strong>Compliance</strong> Institute<br />
April 29–May 2, 2012 • Las Vegas, NV • Caesars Palace<br />
Full Program now available<br />
HCCA 4C ad<br />
Visit www.compliance-institute.org<br />
to view <strong>the</strong> brochure and register<br />
EARLY BIRD<br />
REGISTRATION<br />
Register by or on<br />
January 6, 2012,<br />
and save $575!<br />
Join us in Las Vegas for<br />
<strong>the</strong> single most comprehensive<br />
compliance conference designed<br />
specifi cally to meet <strong>the</strong> needs <strong>of</strong><br />
today’s healthcare compliance<br />
pr<strong>of</strong>essionals and <strong>the</strong>ir staff.<br />
Register now at<br />
www.compliance-institute.org<br />
<strong>December</strong> 2011<br />
76<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> Association • 888-580-8373 • www.hcca-info.org