SO - Health Care Compliance Association

A re you nuts?That was myreactionwhen it wasproposedat an HCCA Board meeting that LewMorris, Deputy Chief Counsel of theInspector General, Office of InspectorGeneral (OIG), U.S. Department ofHealth and Human Services, be asked tojoin our Board. As it turns out, I was theone who was nuts. This was one of themore strategic moves we have made.GREG WARNERLew’s involvement with the HCCA Board has demonstratedto him and in turn to the OIG that most health careproviders and others in the health care community are committedto ensuring that their organizations are in compliance.When all of one’s interactions are only with those who areeither purposely defrauding the government or so lax in theirefforts to be compliant that the results are similar, it is easy tounderstand how one can perceive all of health care as noncompliant.His interactions with the Board, HCCA members,and others at our meetings, which he regularly attends, hasgiven him a different perspective and appreciation for whatmost in health care are striving to do/be in compliance. And,he has taken this message back to Washington.Another benefit from Lew’s participation on the HCCABoard is the partnership that has developed between the OIGand the HCCA. HCCA and the OIG have partnered on tworoundtables–compliance programsand physician compliancein small physician practices.I am pleased toannounce that HCCA andOIG are again partnering tosponsor our third roundtablediscussion. The topic thistime is the OIG’s corporate integrity agreements (CIAs).The CIA Roundtable will take place on July 30, 2001. Aselect number of participants who are currently under theseagreements will meet to discuss the strengths and weaknessesof these agreements. Topics such as how to improve theprocess, contain costs, and the relative effectiveness of theseprograms will be discussed. This is yet another opportunityfor HCCA to work with the OIG’s office to improve communicationsand working relationships between the healthcare community and the government.In addition to the roundtable, HCCA and OIG are partneringon a CIA Survey. This survey will be sent to about 300 ofyou currently under an agreement. I urge you to completeand return the survey as soon as possible. Again, HCCA ispleased to be involved in this important process.The OIG is committed to improving the CIA process. Theresults of the survey and the outcome of the roundtable arevital to achieve any improvements. So, watch your mail forthe survey; complete it and return it as soon as possible, andlook for the results of the roundtable in future mailings.Please let us know if you have any questions or concerns.Enjoy your summer! ■July 20012HCCA’SM I S S I O NHCCA exists to championethical practice and compliancestandards in the health care community and to provide the necessaryresources for compliance professionals and others who share theseprinciples.roundtable

DON’TUse HCCA’s Information SourcesHere are just a few:HCCA’s Fax-on-demand ServicesMembership information and upcoming events are just two ofthe items available when you call the Health Care ComplianceAssociation Fax-on-demand service. It’s as easy as 1, 2, 3.1. Dial 888/840-4359, press 2 after the system answers,2. Enter the three-digit code of the document you wish toreceive and press #. Once all of the document codes have beenentered press #.3. When prompted, enter the number of the fax machine towhich you wish the material faxed followed by # key.NB: If you enter #1 when the system answers and enter your faxnumber when prompted, you will receive a menu of the currentdocuments available.Online NewsIf you haven’t already, be sure to subscribe to This Week inCorporate Compliance (TWCC), containing a weekly wrap upof compliance news. It is published each Friday afternoon on theHCCA Website, www.hcca-info.org, and emailed to subscriberson Monday mornings.ENews Service – HCCA’s version of the Pony Express.ENews is used when news breaks that just won’t wait untilFriday. To subscribe to ENews and/or TWCC go to HCCA’sWebsite and click on “subscribe”.Newsletter – Compliance TodayCompliance Today is HCCA’s monthly newsletter. It containsover 32 pages of peer review articles, compliance news andresources, notices of important upcoming events, and associationactivities. It’s your compliance resource. If you are not receivingit, we want to know. So call 888/580-8373 and let HCCA knowyour new address.Website – www.hcca-info.orgHCCA’s Website provides an updated listing of HCCA’s upcomingconferences and regional activities. We publish classifiedlistings, the latest HCCA compliance resources in our Onlinestore, This Week in Corporate Compliance, important anduseful compliance related Website links, HCCA membershipinformation, and much much more. Be sure to visit www.hccainfo.org.■ONMISS OUT!HCCA R■ JUN 27,HCCA AudioConference on Self Disclosure■ JUL 30, HCCA/OIGRoundtable on CorporateIntegrity Agreements■ SEP 12-14, ComplianceLeadership: Session I,Sacramento, CA■ SEP 30-OCT 2, AHLA/HCCAFraud and Compliance Forum,Washington, DC■ OCT 4, Second AnnualRegion VII Conference,Kansas City, MO■ OCT 19, Region IICompliance Conference, LongIsland, NY■ Individual & Small GroupPhysician Practice Compliance:What every physician shouldknow, HCCA’s audio trainingprogram designed specificallyfor physicians.■ HCCA’s book, Compliance101, is now availableONT H E C A L E N D A RMark your calendars for the followingHCCA sponsored events:■ OCT 24-26, ComplianceLeadership: Session II,Sacramento, CA■ NOV 11-15, Academy ofHealth Care Compliance,Dallas, TX■ NOV 29-30, HCCA SpecialtyCompliance Summit:Academic and ResearchCompliance, Anaheim, CA■ DEC 3-5, HCCA HIPAAForum, HCCA’s ONLY HIPAAConference in 2001, SanDiego, CA2002■ APR 21-24, HCCA’s AnnualCompliance Institute,Chicago, ILE S O U R C E S■ HCCA’s Compliance,Conscience and Conduct, avideo-based compliancetraining programFor more information about events or resources,check out the HCCA Website, www.hcca-info.orgor call 888/580-8373. Be sure to ask about yourmember discount.■ The Health Care ComplianceProfessional’s Manual, toorder, call 800/638-8437 ■3July 2001

July 2001By Al Josephs, CHCEditor’s note: Mr.HCCA’s activities toJosephs serves aseach state and citySecretary of the Healthacross the country.Care ComplianceOne of the mostAssociation (HCCA)important goalsand Regional Coordinator.Mr. Josephs istinued developmentadopted was the con-also Director of CorporateCompliance forregional and stateand improvement ofHillcrest Health Systemeducation and netin Waco, TX. He mayworking activities.be reached at254/202-8620.Critical to the successof this goal is the membership.Organizations often times The development and recruitment ofdivide themselves unnecessarily.This is a tendency the expand it’s reach across the country ismembers willing to help HCCAHCCA has worked to avoid. It would essential. At present, the organizationalbe very easy to divide the HCCA into structure of the HCCA is designed totwo parts “national” and “regions”, promote active leadership within eachwhich might imply separate goals and of the 50 states. The development ofmissions. In fact, the only reason for the local networking activities is an areadistinction is to allow for the distributionof the HCCA’s labor (mostly volvideleadership to help grow the HCCA.where all members of HCCA can prounteer)and resources to reach themembership where they live and work. Regional steering committeeWith the many changes we all face inAs Roy Snell, CEO of HCCA, has this industry it is important that weoften said, “there is no national and stay “connected” as we work to addressregional organization we are all the regulatory compliance within each oursame”. So just what has the HCCA organizations. If you do not know yourbeen doing “Across the Country”? Regional President or State Liaison callthem and ask what you can do to help.Strategic planningIn mid January, the HCCA leadership The benefits of working together withinyour state and region are numerous.(Board of Directors and RegionalPresidents) and management staff came For example;together for a two-day strategic planningsession. One full day of planning Inspector General for you region?■ Do you know the OIG Regionalwas devoted to the development of a ■ Have you met with the U.S.strategic plan that will extend theAttorneys in your region?4■ Have the Peer Review Organizationswithin your state talked with youabout the PEPP Program?■ Are their other professional organizationsin your state or region in needof compliance resources?■ Do you know the individuals thathead-up the Benefits IntegrityProgram for your FiscalIntermediary?■ How can you contact the HCFAoffice in your region?■ Who is the Medical Director forLocal Medical Review Policies inyour region?The HCCA can help you answer all theabove questions. On page 17 you willfind a list of State liaisons and RegionalPresidents; please get involved. ■HCCA WANTSYOU!The HCCA is issuing a call to allmembers to become involved in ourcampaign to meet the special needsof members in the following fourspecial interest areas: payor/managedcare, academic/research, long termcare/home care/hospice, and pharmaceuticals.Each of these task forces will becharged with developing sub-specialtynetworking, communications, andeducational opportunities for memberspracticing in these areas. If youare willing to serve on a task force inany one of the four areas mentionedabove, please contact the HCCA viaemail, info@hcca-info.org. Be sure toinclude your telephone and fax numberand the special interest area inwhich you wish to participate. ■

July 20016Editor’s note: Victoria Wesseleris President, Ethics & ComplianceStrategies and JosephLansing is Senior Vice President,Learning Insights. Ms. Wesselermay be reached by email,c o m p l i a n c e @ i q u e s t . n e t. Mr.Lansing may also be reachedby email, jlansing@learninginsights.com.Please select the statementyou believe to bemost true with regard tothe delivery of ethics andcompliance trainingprograms:A) Classroom delivery issuperior to web-baseddelivery for ethics andcompliance training.B) Web-based delivery isCombiningclassroomandWeb-basedtraining formaximumlearning atminimumcostBy Victoria Wesseler andJoseph Lansingrequires immediate, frequent,and detailed interactionwith the instructorand discussion with otherparticipants. When itcomes to an initial rollout of an ethics and complianceprogram includingnew hire orientationwhere your goal is notonly to inform but also tomotivate and create participantenthusiasm,nothing is better than adynamic session conductedby an informed andenthusiastic instructor.But for content richinformation with geographicallydispersed participantswho wish tosuperior to classroom delivery for ethics take the course at their own pace, nothingworks like web-based training. Youand compliance training.can’t beat its effectiveness and efficiencyThe debate continues as ethics and in terms of time and cost to deliver thecompliance officers prepare to design learning experience plus the addedand implement their annual training advantage of online certification andplans–What method should be used for tracking.ethics and compliance training programdelivery–classroom- or web-based? So, what’s a compliance officer to do?What’s the best choice: classroom orAnd, depending on which article you web? Maybe the answer is both!read or which consultant you talk withon any given day, you can make a compellingargument for either side. Combining two or more delivery sys-Use bothCertainly both delivery systems have tems or strategies within a trainingtheir advantages and disadvantages experience is referred to as “blendeddepending on your training goals and learning”. The concept of deliveringaudience characteristics and needs. training through multiple methods iscertainly nothing new. Whether or notClassroom-based programs are best they have been conscious of it, trainerssuited for presenting material which have been doing this for a long time.It is not uncommon for classroombound trainees to receive pre-class workassignments, generally in a written format,that must be completed prior toattending an instructor-led trainingexperience. The goal of the pre-classassignment is to bring all participantsup to a certain level of knowledge andcontent awareness so the actual classroomtime can be used more productivelyon interaction and discussion.Now, the availability of web-basedtraining technology adds another preclassassignment delivery system to consider.According to Joseph Lansing, SeniorVice President of Learning Insights, aChicago based e-learning company,web-based learning in conjunction withtraditional instructor-based training canprovide a highly effective learning experiencefor the trainee while reducingoverall training expenses. “We have hadexcellent results with clients who use ablended approach of both classroomandweb-based programs in their trainingprogram delivery. A blended solutionleverages the advantages of bothtypes of training.”Benefits of blended learning“E-learning is a convenient way tobring employees up to the same level ofskills and knowledge. And, it’s morecost effective because it reduces thecosts of travel and lodging. Moreimportantly, e-learning enables theinstructor to maximize the face to facetime with students to focus on issuesbest covered in person. Less time isspent in the classroom covering basics,and more time can be devoted to discussionand interaction,” saidLansing.

July 20018risk assessment for their organizations.All health care entities, regardless oftheir size or structure, encounter compliancerisk at some level of their organization.Compliance risk impacts manyactivities in the health care industry.According to the Office of InspectorGeneral's (OIG) Compliance ProgramGuidance, compliance risk should beidentified and analyzed. The guidancestates that policies and proceduresshould be developed to address thespecific risk identified.Identifying riskSo where and how does a complianceofficer begin to identify and analyzerisk? There are many ways of identifyingrisk in an organization. This discussionis not intended to be all inclusiveof the risk assessment methodologies,nor is it intended as a template or guidefor any specific compliance officer toutilize to conduct risk assessments intheir facilities. This discussion is merelyintended to help stimulate ideas thatother compliance officers may find use-By John FalcetanoEditor's note: Johnful as they workFalcetano, ComplianceOfficer, Univercationin their owntoward risk identifisityHealth Systemsinstitutions.of Eastern Carolina,is also the HCCAOne method thatRegion IV President.compliance officersHe may be reachedcould use to evaluateat 252/816-0125.compliance risk inOne task thatcomplianceofficers face on an annual basisis the task of conducting a compliancetheir institutions isknown as ControlSelf-Assessment(CSA). CSA is a process by which internalcontrols are examined and evaluated.CSA involves managers and lineemployees in the process of evaluatinginternal controls since they are theprocess owners.Begin with high-risk departmentsOne of the first places a complianceofficer could start when conducting acompliance risk assessment is with themanagers of high-risk departments suchas: Human Resources, Patient Billing,Health Information and ManagementServices, Information Systems,Pharmacy Services, Radiology, andLaboratory Services. These managersare responsible for ensuring compliancewith the rules and regulations that governtheir particular products or servicesand are most familiar with the processesin place to ensure compliance.The compliance officer should meetwith these managers to review thoseprocesses to identify if they have theproper internal controls in place tocomply with rules and regulations thatgovern their area. For example, whenmeeting with the director of HumanResources, the compliance officer mightquestion the director about the processesin place for complying with such regulationsas the:■ Civil Rights Act■ Equal Pay Act■ Age Discrimination Act■ Rehabilitation Act■ Pregnancy Discrimination Act■ Wage & Hour Act■ Americans with Disabilities Act■ Family and Medical Leave ActAfter the compliance officer hasreviewed the processes in place he/shemay also want to review the trainingdocumentation to determine if themanager has provided the necessary jobspecific training to line employees.OIG Work PlanOnce the compliance officer has completedthis task and identified some ofthe potential risk areas, the next placehe/she may want to examine is theOIG's annual Work Plan. The OIG'sWork Plan gives you an idea of whatcompliance-related issues the OIG willfocus on in the upcoming year. Thecompliance officer along with seniormanagement may want to review eachfocus area identified in the OIG's WorkPlan and ask the question, "Is this aproblem for our organization?" If theanswer is yes, or, we are not sure, thecompliance officer may want to placethat issue on the list with the otherpotential areas identified.The compliance officer may want toconsider meeting with senior managementto identify other potential organizationalcompliance risks. A good wayto achieve this is by having senior man-

agement brainstorm a list of potentialcompliance risks. The purpose of brainstormingis to generate a large numberof ideas from all participants withoutcriticism or judgment.You may choose to conduct the brainstormingsession either by "freewheeling"where everyone participates in noset order or "structured" where everyoneparticipates, however you goaround the room calling on one personat a time. After they have completedthe brainstorming session, the risk areasidentified should be discussed to decidewhich risk areas should be added to thelist.Analyze risk exposureThe next phase of completing the compliancerisk assessment is to analyze therisk exposure and prioritize the risk tothe organization. Analyzing the compliancerisk implies making a judgementand may require some fact-findingactivities in order to quantify the risk.Risk analysis is one of the greatest challengesfor compliance officers. Itrequires skill, experience, knowledge ofoperations, personal contacts, andawareness of the organizational culture.ance officer to conduct an educationalworkshop with the managers of highriskdepartments to provide necessarymanager education on how to conductcontrol self-assessments for their areas.During that educational session, thecompliance officer may want to explainthe levels of internal controls to themanagers.One way of controlling compliance riskto an organization is to have appropriatecontrols in place. There may besome confusion surrounding the variouslevels of internal controls that needto be in place to help ensure complianceand reduce risk. The complianceofficer may wish to explain the differentlevels of control so the manager hasa better understanding of their responsibilities.Those levels of control includeIt may also be beneficial for the complioperatingcontrols, monitoring controls,oversight controls and internalaudit controls. The higher the risk thegreater the need for controls. It is alsoimportant to remember that it may beunreasonable to expect controls thatwould cost more than the risk you aretrying to prevent.Identifying and analyzing compliancerisk is an important function of anysuccessful compliance program. Compliancerisk assessment should be conductedas comprehensive as possible.However, it is important to rememberthat it is not expected that every possiblerisk area will be identified. There isno best way to conduct a risk assessment.The important thing is to identifyand analyze the compliance risk. ■Your physiciancompliance trainingjust got easier!Once this has been completed, thecompliance officer can plan the complianceactivities for the calendar year. Theactivities should be selected based onthese priorities in order to reduce, eliminate,or manage the compliance risk tothe organization. The compliance activitymay include a process review, complianceeducation, or may require thecreation of a compliance policy andprocedure.Order a copy of HCCA’s 39-minute audio-training pro g r a mIndividual & Small Group Physician Compliance:What every physician should knowan essential re s o u rce for eve ry compliance department.Visit HCCA’s Website, w w w. h c c a - i n f o. o r g, to ord e r.9July 2001

By Wendy Rotz and Sara Dorn-HavlikJuly 200110Editor’s Note: Ms. Rotz and Ms. Dorn-Havlik are from the QuantitativeEconomics and Statistics practice at Ernst &Young LLP in Washington, D.C. They maybe reached on 202/327-7822.Sampling of medical records inhealth care has many regulatoryand non-regulatory applications.These include CorporateIntegrity Agreements (CIAs), providerself-disclosure studies, quality improvementefforts, and administrative initiatives.The cost of these studies is directlytied to the sample size.Understanding key factorsTen key factors affect sample size andultimately the cost of these studies.Understanding the key factors and howthey relate to sample size may helpestablish clear sample goals, plan moreefficient studies, and negotiate less costlyCIAs.Typically, a random sample is selectedfrom a data file (or sampling frame) consistingof medical records. These recordscomprise the population or universe of allrecords of interest for the study, forexample, all billed CPT codes from aparticular department.A sample of records is used to estimatea value for the population, such as thetotal amount overpaid by an insurer.Below are common factors that affectsample sizes in this typical setting.The ten factors1. Variance. A major driver of samplesizes is variance, which measures theinherent spread or variability in data.In general, more consistent data requiresmaller sample sizes and highly variabledata require larger samples. For example,when the overpaid amounts perrecords are consistently between $30and $50 a smaller sample is neededthan when the overpaid amounts arebetween $30 and $600 with erraticamounts as low as $5 or as high as$4,500. Variance is a characteristic ofthe data itself. It cannot be altered;however, it can be controlled throughefficient sample designs.2. Sample design. The choice of sampledesign has a significant impact onthe sample size. A simple random sample,one where each item in the populationhas an equal chance of selection, usuallyre q u i res an inefficient large sample, especiallywhen the data are highly va r i a b l e .By contrast, the size of a stratified randomsample can be 30 to 70% smaller.In stratified designs, the population isdivided into homogenous groups, orstrata, and each stratum is sampled separately.This controls variation andreduces the sample size. Other complexdesigns may provide smaller samplesizes in the right settings. A statisticianmay help determine the right design foryour data.3. Confidence and precision requirements.The desired level of reliability forthe estimates has a major impact on thesample size. Accuracy re q u i rements forestimates are typically specified usingc o n f i d e n c eand p re c i s i o n. Confidencedescribes the chances of drawing a samplethat will produce an estimate in theb a l l p a rk of the true value, and the pre c i-sion describes how large the ballpark is.Higher confidence levels and better precisionre q u i re larger samples.Precision requirements can be specifiedin terms of the desired margin of error,or absolute precision. This is the plus orminus amount reported with an estimate.For example, an overpayment isestimated to be $100,000 ± $20,000.Precision can also be specified with relativeprecision, which is the margin oferror divided by the estimate. In thisexample, it is 20,000/$100,000=20%.How the precision is specified caninfluence the sample size. Paradoxically,smaller estimates require larger samplesizes to meet relative precision goals.When a small error is anticipated, anabsolute precision goal is more easilyattained.Specifying the right level of confidence

and precision depends upon the type ofstudy, the desired level of comfort, andthe ultimate consequences of the findings.Requirements for a qualityimprovement effort could be moreamount paid. It is essential to determinethe estimates that will be reportedso the right sample size calculations canbe performed.Many sample size tables are availablefor estimates of percentages from a6. Estimating on subgroups. Thenumber of population subgroupsrequiring separate reliable estimates willinfluence the sample size. If separateerror rate estimates are required foreach of Medicaid, Medicare, andChampus, the sample size needed couldsimple random sample. A commonerror is to estimate a total dollaramount from a sample based on oneof these tables. The sample size for apercentage may be insufficient for abe three times as much as the samplerequired for just one overall estimate.Specifying confidence and precisionlevels for each insurer essentiallyexpands the scope to three separatedollar estimate.samples.Another common error is to use a percentage-basedsample size to estimate aBy contrast, expanding the populationto encompass multiple years of theratio such as the dollar error rate,same types of records will usually onlyrelaxed than a study designed to estimatean overpayment amount that willbe the basis of severe penalties andfines.which can seem like a percent but isnot. Ratio data is comprised of differentvalues (such as $5, $20, $300,...)while percentage data can be summarizedby the counts of two mutuallymildly influence the sample size, if ithas any impact at all. As long as onlyone overall cumulative estimate isdesired and not separate annual estimates,the scope is a single sample.exclusive categories such as “correct”Confidence levels of 90 or 95% arecommon, but 95% confidence oftenrequires forty percent more sample than90%. The OIG provider self-disclosureprotocols and many CIAs require 90%confidence and 25% relative precision.Ironically, this relative precisionrequirement of 25% may seem relaxedand “incorrect.”5. Quantity to estimate. Even amongestimates of the same type, the quantityto estimate can have a substantialimpact on the sample size. For example,an estimate of net financial impact(of overpayments and underpayments)7. Population size. A common misconceptionis that a population tentimes as large needs ten times as muchsample, but the population size usuallyonly plays a minor role. If the recordsare of the same type and variability, apopulation of five thousand and a populationof five million normally requirebut it can require a costly large samplemay require more sample than an esti-about the same sample size to meet thewhen the amount in error is small.mate restricted to just overpayments.same design specifications.4. Type of estimate. Different types ofThe main reason for this is different esti-The population size will more heavilyestimates require different sample sizemated quantities have different va r i a-influence the sample size when it isformulas. Some examples of health careestimates are: i) a percentage, as in thetion. Net financial impact data can haveboth positive and negative values so itsmall, say a few hundred records.However, the relation between the sizepercent of records that are in error, ii) ahas more variability than overpayments.of the sample and the size of the popu-total count, as in the number of recordslation is not directly proportional. Athat are in error, iii) a total amount, as inIf relative precision is specified, the sizepopulation of 200 may require a sam-the total dollar amount that was over-of an estimate also plays a role. Netple of 40, while a population of 100paid, iv) an average, as in the averagefinancial impact is usually smaller thanmay require a sample of 34 (only 15%length of stay, and v) a ratio, as in thethe amount overpaid and, therefore,less).overpaid amount divided by therequires a larger sample.Continued on page 1211July 2001

TEN KEY FACTORS...continued from page 11Understanding the key factors and how they relate tosample size may help establish clear sample goals, planmore efficient studies, and negotiate less costly CIAs.July 200112A large population will influence the 9. Sampling for rare events.sample size when it is comprised of heterogeneousgroups, such as a collection events, such as a rare error, may requireSampling for infrequently occurringof records from multiple departments large samples. The ultimate sizeacross multiple facilities involving depends upon rarity of the event anddozens of DRG codes. The larger diversitydrives up the sample size.determine whether errors exist,the goal of the sample. If the goal is toenough8. Sampling unit. The sampling unit records must be sampled so there is adefines what is contained in each re c o rd good chance of finding at least oneto be sampled. The sampling unit could error in the sample. This could requirebe a paid amount for an individual CPT a sample of several hundred to over onecode, or it could be a summary of all thousand depending upon the sampleCPT paid amounts for a part i c u l a r specifications and assumptions.patient. The sampling unit affects samplesizes when it influences the va r i a b i l i- If the goal is to estimate the error ratety of the data. Paid amounts by individualCPT codes will have less va r i a t i o n may be required in order to observefrom the sample, even more recordsthan paid amounts summarized by enough occurrences to produce a reasonablyprecise estimate. If the dollarpatient. T h e re f o re, a sample selected byCPT code could be smaller than a sampleselected by patient.the sample requirement may be largervalue of the errors is to be estimated,still.However, it is often logistically moreconvenient to pull and review an entire 10. Design information inadequacies.patient chart rather than select and conducta review by CPT code. Sometimes assumptions based on the population,Sample size calculations are made usingan issue, such as lab unbundling, is easierto address by patient rather than When there are too few probe items toprobes, and/or historical information.individual CPT codes.design a complex sample, or when thepopulation definition changes after theLogistical convenience and the review probe is completed, the design informationmay be inadequate for accurateprocess should be weighed against thesample size and cost. Some CIAs specify sample size calculations. When thisthe sampling unit. This is an important occurs, it is prudent to use conservativeconsideration before committing to an assumptions, such as a larger variance, ainconvenient or inefficient sampling more extreme error rate, or more stringentconfidence and precision unit.requirements.However, these solutions lead tolarger sample sizes than would be necessarywith more accurate design information.SummaryWhen preparing for a statistical sample,bear in mind the factors that may affectthe sample size and cost of the study.There are key planning decisions thataffect the ultimate sample sizes. Theseinclude the sampling unit and designspecifications for the confidence andprecision. Specifying absolute or relativeprecision will influence sample sizes aswill the number of subgroups requiringseparate estimates with confidence andprecision requirements.Know what is to be estimated from thesample because total dollars, ratios, anderror rates all have different sample sizerequirements. Also, different quantitieshave different variances and thereforedifferent sample size needs.The size of the population usually onlyplays a minor role in sample size determination,unless the population is verysmall. However, variation in the populationdata will heavily influence thesample size.Complex samples are generally smallerthan simple random samples, especiallywhen the population is diverse. However,complex samples require more statisticaland subject matter expertise todesign and produce properly weightedestimates.Sample size is determined by many factors.There is no “one size fits all” samplesize. ■

featurearticleMeet Steven W. OrtquistEditor’s note: This is an interview conductedby Odell Guyton, Corporate ComplianceOfficer, University of Pennsylvania, andmember of the HCCA Board with SteveOrtquist, Director of Corporate Compliancefor Rush Presbyterian St. Luke’s MedicalCenter in Chicago. Odell may be reached at215/573-4806. Steve may be reached at312/942-8123.OG: Good morning, Steve.What is your position?SO:I am Director of CorporateCompliance at Rush Presbyterian St.Luke’s Medical Center in Chicago, IL.OG:SO:What is your background?I have worked in the healthcare industry for nearly 15 years. Forseveral years I worked in financial managementroles with a national physicianorganization. In the mid-1990’s, I leftthese roles to attend law school andthen practiced law with a boutiquehealth care firm in Michigan, where Iassisted several clients with reimbursementand fraud and abuse matters aswell as with establishing complianceprograms.In 1998, Rush offered me my currentrole as its Director of CorporateCompliance. I actually came to Rushspecifically to take the compliance role.I had not worked with Rush in anycapacity prior to doing this. However, Ihad worked with several clients onCompliance Officer for RushPresbyterian St. Luke’s Medical Centercompliance programs or compliancematters as an attorney. I enjoyed thiswork and thought, correctly, that an inhouseposition more focused on compliancewould be enjoyable as well.OG: And what is the major thrustof Rush’s business?SO:Rush is an academic medicalcenter on Chicago’s West Side. It is alsothe lead hospital in the Rush Systemfor Health, a health care system thatincludes four other Chicago area hospitals.Rush’s compliance program appliesonly to Rush-Presbyterian-St. Luke’sMedical Center itself. The other hospitalsin the Rush system are operatingtheir own compliance programs. Rush-Presbyterian also includes a 150 bedfreestanding skilled nursing facility, ahome health agency, about 350employed physicians, and RushUniversity.Rush also is a significant researchinstitution. In terms of fundingreceived, in 1999 it ranked near the topof the second quartile among all recipientsof Federal research funding forhealth care related research, and is typicallyamong the top ten hospital recipientsof Federal research funds.OG:And how large of a staff doyou have in your compliance department?SO:Currently, the staffing inRush’s compliance office equals about12 FTEs [full time employees]. Thecompliance office is actually structuredin an interesting way that has workedvery well for Rush.Both the Director of Internal Auditand myself are Assistant ComplianceOfficers at Rush. The Chief ComplianceOfficer is Cathy Jacobson,Associate Vice President for ProgramEvaluation and Special Assistant tothe President.Cathy spends about 25% of her timeon compliance matters and the remainderon a variety of other duties. Thedirector of internal audit and I tend todo most of the day-to-day workContinued on page 1413July 2001

July 200114Steven W. Ortquistinvolved in operating Rush’s complianceprogram. The reason that I say ourstaff is at about 12 FTEs is becausemany individuals on the internal auditstaff work both on compliance auditand on internal audit issues.OG:Is Rush’s compliance programstructured to provide an independentreporting obligation to the Board?SO:Cathy Jacobson, the ChiefCompliance Officer, makes quarterlyreports to the Finance and AuditCommittee of the Board of Trustees,and has direct access to the Board andto the CEO for any matter that sheneeds to report to them outside of thesequarterly reports.OG:I’m interested in your hotline.Do you find that you get a number ofhotline calls? Also, do you find that thehotline calls are not germane to compliance?SO:You know, our hotline actuallydoes get used fairly frequently. We have,probably, an equal number of calls thatjust come in directly to one of the threeof us, to Cathy, Kelly Bireley, theDirector of Internal Audit, or to myself.Now, like most hotlines, the majority ofthe calls are issues that don’t get handledin the compliance office. They getturned over to other areas like humanresources for follow-up.OG: Is there a structured system ofinvestigating those reports for allegationsthat come to the hotline?SO:Yes. As calls come in that arenot directly related to compliance theyare forwarded to other departments,like human resources. These otherdepartments then conduct any investigationthat may be necessary andaddress the concerns expressed in thecall. I receive a closing memo on theissue, and on the actions they havetaken to resolve it.For those that are truly complianceissues, we take a similar approach.Either Kelly or I or one of our managerswill take the call and investigateit, figure out what’s going on and then,when necessary, formulate a correctiveaction plan. All substantive complianceissues are discussed with the compliancecommittee, and all call reports that arenot substantive compliance issues arereviewed by the committee on a quarterlybasis.OG: You mentioned that you have350 employed physicians at Rush.Working with physicians on compliance-relatedmatters may sometimes bedifficult. Have you developed any specialway of handling those issues?SO:The thing that we have foundmost important in winning physiciansover is to really know what we’re talkingabout when we assist a group ofphysicians. When we do a training sessionor work with doctors on an issuewe try in preparation to become knowledgeableabout the issue and aboutrelated laws, regulations, and rules.Usually, once they have spent sometime with us and see that we have doneour research, and have thought aboutthe issues and know what we are talkingabout, most physicians comearound relatively easily.The majority of physicians I workwith understand the risks of non-compliance.They want to do the rightthing. So when they know that theycan trust us to tell them correctly whatthe right thing is, they are generallywilling to come around.OG: Academic medical centershave unique problems. Could you tellour readers the types of things that theRush compliance program may bedoing to address those unique problems.SO:One of the biggest problemsthat many academic medical centers arehaving right now is figuring out how tohandle the financial pinch that they arein. I really think that for a billing complianceprogram to be valuable duringtight times it needs to be finding, notonly the situations where errors may beresulting in more reimbursement thanis proper, but also situations where aprovider is missing reimbursement towhich it is entitled. The Rush compliancedepartment usually ends upspending a significant amount of timeassisting departments in fixing problemsin both directions, so that hopefullyin the end Rush is getting paid foreverything that it is entitled to andnothing more.OG:Well, in terms of compliance,as a compliance officer in an academicmedical center myself, one of the keyareas is focusing on the seven sentencingguidelines and getting people receptiveto, let’s say, the codes of conduct orto the idea of compliance in whateverform it takes. Does Rush have an identifiedcode of conduct?SO:You know, we have not titledour compliance manual as a code ofconduct. The Rush compliance manualand policies serve the same function asa “code of conduct”, but we have notused that terminology.Our compliance manual walksthrough each employees’ obligations asit relates to the compliance program, toRush policy, and to the law. Rush’s

Board of Trustees has adopted a policyon business ethics that is the basis ofour compliance program and is set outinitially in the compliance manual.Then the compliance manual walksthrough the various elements of thecompliance program and explains them.For example, the ability to confidentiallyor anonymously report problemsto the compliance office either directlyor using the hotline is explained in thecompliance manual. Rush’s policyagainst retaliation is also explained inthe manual, along with other complianceprogram activities like auditingand monitoring. We also have includedparagraph summaries of each of Rush’scompliance policies, and a section thatsummarizes some of the most importantlaws.Our hope is that people will walkaway from reading the compliancemanual with a good idea of what isexpected of them, and a good understandingof the compliance program,how it operates, and how to use it as aresource.OG:One of the components of theseven sentencing guidelines, is to havehigh level oversight of the compliancefunction. Does your compliance committeeperform that high level oversight?And if so, what types of peopledo you have serving on the compliancecommittee?SO:The compliance committee atRush really does help with meeting thissentencing guideline’s requirement.Rush’s compliance committee is madeup primarily of associate and assistantvice presidents from around the organization.People who are in roles that arekey to the compliance function. Forinstance, our Associate Vice Presidentfor Patient Finance sits on the compliancecommittee. An assistant VP fro mhuman re s o u rces is a member of thecommittee, as are several AV Ps from diffe rent operational areas of the hospital.Because of the high level positions ourcompliance committee members hold,they are very effective in keeping thecompliance function on track and inassisting the compliance office inresolving issues and conducting investigations.OG: Well, the new HIPAA privacyregulations create a number of issuesfor academic medical centers. Has Rushthought through some of these issues?And if so, how are you handling those?SO:Like many hospitals we are inthe initial stages of figuring out howwe’re going to handle HIPAA. We haveput together a high-level working groupwith key stakeholders from our generalcounsel’s office, from information services,and from the compliance office.We have not appointed a privacy officeryet, but it appears that what will probablyhappen is that the privacy officerrole will be assigned to our ChiefCompliance Officer, with the complianceoffice managing the complianceprogram-likeelements of HIPAA privacy.I think this is probably the mostsensible way of handling privacy, especiallyfor organizations with well-developedcompliance functions.OG:The sentencing guidelines talkabout proactive measures in compliance;could you tell us about some ofthe proactive measures that you haveimplemented at Rush.SO:One way that our ChiefCompliance Officer assured we weremeeting this sentencing guidelinesrequirement was to make internal auditan official part of Rush’s compliancefunction. Rush’s internal audit staffconducts a large portion of the auditingand monitoring functions of compliance.They work very effectively from arolling three-year auditing and monitoringplan that the Director of InternalAudit does a fantastic job of maintaining.Many of the internal audit staffhave been at Rush in other roles andContinued on page 1615July 2001

Steven W. Ortquisthave moved into internal audit. BecauseJuly 200116OG:For the benefit of our readers,could you describe in a bit more detailhow your compliance office is set up?SO:Cathy Jacobson, our Chief ComplianceOfficer, is Associate Vice President forProgram Evaluation and SpecialAssistant to the President. In her role asSpecial Assistant to the President, shehas direct access to the President forany matter. Cathy is also usuallyinvolved in new initiatives, and so isoften able to incorporate compliancefrom the beginning. Cathy is officially amember of the President’s office atRush and has direct access not only tothe President but also to the threeSenior VPs who are responsible formanaging the organization on a day-todaybasis.Both Kelly Bireley, the Director ofInternal Audit and I, as Director ofCorporate Compliance, report to Cathyand we are both Assistant ComplianceOfficers at Rush. Kelly primarily takescare of the auditing and monitoringfunctions along with some investigationson the hospital side. She alsooversees some training and correctiveaction that is the result of her auditwork.I have been responsible for developingthe structural components of thecompliance program and overseeingtheir operation, for instance, institutingcompliance policies. My staff and Ihave compiled a policy manual thataddresses approximately 50 risk areas.Rush’s compliance policies go beyondsetting out a statement of policy. Ineach policy document we have includeda section titled Executive Summary thatdiscusses underlying laws and how thepolicy should work itself out in theorganization. Where relevant, we haveincluded hypothetical examples andmodel forms. So, it’s not just a policymanual, really, but it’s also a trainingtool and a reference.The training component of the complianceprogram is also my responsibility.Josie Corbett is Rush’s compliancetraining coordinator. Josie has a dualreporting relationship to me and to theemployee and organizational developmentsection of our human resourcesdepartment. While Josie spends 100%of her time on compliance training, shealso knows what’s going on elsewhere inthe organization because of this dualreport, and so, can coordinate the trainingcomponent of compliance withother organizational training requirements.OG:Well, it seems like it’s wellCoupled with this is the issue of whatof this they have a real good understandingof how Rush works–both itspliance office–do you self-disclose or doto do if a problem is found by the com-systems and politics of the organization–andthey are able to move throughk n ow that Rush recently did do a self-you try to work the problem internally? Ithose very effectively.d i s c l o s u re, which has gained some notori e t y. Could you tell us how the complianceprogram impacted that eve n t .SO:Yes. Actually the problem thatwas self-disclosed was discove red as theYes. As I mentioned earlier,compliance office was doing a risk assessmentof the organization–so discove ry ofthe problem was the direct result of havinga compliance program at Ru s h .OG:It might be helpful for ourreaders if you would generally describethe problem.SO:Sure. It was a billing problemin our abdominal transplant clinic. Ourtransplant physicians had developed astaff of nurses that they really trusted toprovide care for the patients. And theyhad gotten into the habit of not alwaysbeing present when those nurses wereseeing patients for routine post-operativecheck-ups.The transplant clinic at Rush is notprovider-based. It is a freestandingphysician clinic. So, had the physiciansbeen providing proper supervision, itprobably would have been possible forthem to bill for some of these visits aslevel one nursing visits using the incident-torule. But supervision was notoccurring consistently, and the clinicwas billing visit levels higher than levelone.OG:And what was the process ofself-disclosure that Rush took?SO:Pretty quickly after we hadthought out. One of the areas of concernconfirmed that there was a problem infor most compliance professionals this practice, our outside counsel wentis this idea of effective compliance. to the U.S. Attorney’s Office in the

Northern District of Illinois and disclosedthe problem.OG: And that was a disclosure tothe Department of Justice, rather thanto the OIG?SO: Right.OG:There was an unusual twistafter the disclosure was made. So I’msure our readers would be interested inreading about it.SO:Yes. After the disclosure wasmade, the U.S. Attorney’s Officerequested interviews with some of thetransplant clinic’s employees. We held ameeting with the clinic staff and toldthem that we had found this problem,self-disclosed it to the government, andthat there would be two or three of theindividuals from the clinic with whomwe would set up interviews with governmentrepresentatives. This meetingoccurred in June 1999. In September1999, a nurse who was in the June clinicstaff meetings, and who had discontinuedher clinic employment over thesummer, filed a qui tam complaintagainst Rush alleging the same problemsthat we had self-disclosed.OG:And did that cause some consternationfor Rush people?SO:Not initially, the qui tam complaintwas filed under seal and we didn’tknow about it until some time later.OG:What happened when Rush didlearn that the qui tam suit had been filed?SO:We discussed it and there wasa fairly strong sentiment that it wouldnot be proper to allow our former nurseto benefit personally from our attemptsto make this situation right. So, Rushfiled a motion to dismiss the qui tam onthe theory that the problems hadalready been publicly disclosed in ourself-disclosure and the government’ssubsequent investigation, and thatbecause of the public disclosure theDistrict Court did not have jurisdictionto hear the qui tam plaintiff’s complaint.OG:So, Rush initially filed amotion to dismiss?SO:That’s right. The next eventwas even more notable. The JusticeDepartment actually filed its ownmotion supporting the arguments inour motion to dismiss.OG:That’s quite an unusual stepfor the government to actually move inand ask a court to dismiss a qui tam suitbecause of a self-disclosure.SO: Very unusual.OG:So this really has an impact interms of the industry.SO:It does. I think that it isimportant to note that Rush had thebenefit of some favorable case law inthe 7th Circuit. The Bank of Farmingtoncase in the 7th Circuit was heavilyrelied on by the District Court in dismissingRush’s qui tam plaintiff, and I’mnot sure that there are any parallels tothe Farmington case in other Circuitsyet.However, I think that the JusticeDepartment’s support of our motion todismiss may say something significantabout the government’s enforcementpolicy in cases like this. The Rush caseshould provide some assurance thatprotection is available for providerswith active compliance programs whenthey self-disclose and work with thegovernment to correct errors. ■HCCA RE G I O N A LC O N TA C T SHCCA Secretary: Al W.Josephs, Di rector ofCorporate Compliance forHi l l c rest Health Sy s t e m,Ajosephs@hillcrest.netHCCA Region I ChapterStates: CT, ME, MA, NH, RI, VTContact: Robert Freeman, President617/246-3533, robert.freeman@bcbsma.comBoard Liaison: Mike Hemsley, Mhemsley@chenet.orgHCCA Region II ChapterStates: NY, NJ, Puerto Rico, Virgin IslandsContact: Bret Bissey, President609/893-3014, bisseyb@deborah.orgBoard Liaison: Brent Saunders, Bsaun7570@aol.comHCCA Region III ChapterStates: DE, DC, MD, PA, VA, WVContact: Glenna Jackson, President202/877-3868, gsj2@mhg.eduBoard Liaison: Teresa L. Mullett, Mullett@erols.comHCCA Region IV ChapterStates: AL, FL, GA, KY, MS, NC, SC, TNContact: John Falcetano, President252/816-0125, JFALCETA@pcmh.comBoard Liaison: Debbie Troklus,debbie.troklus@us.pwcglobal.comHCCA Region V ChapterStates: IL, IN, MI, MN, OH, WIContact: David Orbuch, President952/992-2795, dorbuch@allina.comBoard Liaison: F. Lisa Murtha, Lmurtha@mail.ptd.netHCCA Region VI ChapterStates: AR, LA, OK, NM, TXContact: David Lancaster, President817/810-1358, davidl@cookchildrens.orgBoard Liaison: Al Josephs, Ajosephs@hillcrest.netHCCA Region VII ChapterStates: IA, KS, MO, NEContact: Millie Johnson, President402/280-2107, milliej@creighton.eduBoard Liaison: L. Stephan Vincze, vinfraz@mindspring.comHCCA Region VIII ChapterStates: CO, MT, ND, SD, WY, UTContact: Shawn DeGroot, President605/333-6360, degroots@siouxvalley.orgBoard Liaison: Debbie TroklusHCCA Region IX ChapterStates: AZ, CA, HI, NV, Amer. Samoa, GuamContact: Paul Belton, Secretary/Treasurer858/499-4015, paul.belton@sharp.comBoard Liaison: Sheryl Vacca, Svacca@dttus.comHCCA Region X ChapterStates: AK, ID, OR, WAContact: Cherry Cox, Vice President503/650-6869, Coxc@teleport.comBoard Liaison: Sheryl Vacca ■17July 2001

July 200118Editor’s note: MarianneLabahn is Corporate IntegrityCoordinator, at NorthwesternMemorial Hospital. She maybe reached at 312/926-3605or by email at mlabahn@nmh.org.The health care industry isHow tokeep keystaffinformedBy Marianne LabahnAfter reviewing the information,the compliance officemust decide what area(s)need the information andwhether or not the informationrequires action by thearea(s). The informationshould then be sent to thatarea’s manager. In order togoverned by over 30 different governmentalagencies, each of which write ed, one of two methods is used,document that information was provid-rules, regulations, opinions, policies, depending on whether or not the informationrequires action. The informa-and a variety of informational bulletins.The onslaught of information comes in tion can be sent as a Regulatory Updatevarious forms, including advisory opinions,Local Medical Review PoliciesMemo. The process is outlined below.(LMRPs), audit reports, inspection reports,Medicaid notices, notices, rules, If the information being sent requiresInformation-onlyand proposed rules published in the no action, then it can be handled oneFederal Register, fiscal intermediary (FI) of three ways. For information sentnotices, IRS notices, FTC rulings, etc. electronically, the email could be printedand saved to a paper file, saved in anSo, how can compliance departments electronic folder, or both.keep everybody informed about all ofthe new and revised information with For printed information, the Regulatorythe constant influx of data? Even more Update Memo is attached to the printedimportant is being able to prove, if necessary,that the appropriate staff was compliance responsibilities are author-information. Only individuals withgiven information in a timely fashion. ized to use this memo. There may bedepartmental compliance individuals inOne approach is to schedule time daily, key departments who work closely withor at least two to three times per week, the Compliance Office, but do notto visit the appropriate regulatory report directly to it. These individualsWebsites and to gather printed materialsreceived and read the information. they have compliance responsibilities.are authorized to use the memo sinceSome entities, such as the U.S. Departmentof Health and Human ing information:The memorandum includes the follow-Services, provide a free email update ■ To whom the information is beingof postings. There are a variety of other sentsources that can be used for email or ■ The date the information is beingprint notification of news related to sentcompliance issues, including private ■ The statement “The attached copiessources.are reprints of legal/regulatoryupdates and/or information from theMedicare/Medicaid programs(HCFA, the FI’s name, the carriersname, State Department of PublicAid) relating to the area that youoversee. No response is necessary,unless you have questions/concerns.”■ The statement “If you have anyquestions or concerns, please contactme at extension xxx”Both the memo and a copy of theprinted information also are placed in apaper file in the Compliance Office. Ifthe individual sending the informationis not part of the Compliance Office, acopy is sent to the Compliance Officeso it can be maintained in a central fileand easily located if the need arises.Information requiring actionIf the information being sent mightrequire action on the recipient’s part, adifferent process should be followed.email is not used for these. If the noticeof new information was received viaemail, it is printed and follows the sameprocedure as the one for printed material.For printed material, a copy of thematerial is made and attached to theRegulatory Update Memo.In addition to the information listedabove, the memo also should include:■ The statement “Please review theattached and respond by checkingone of the boxes indicated below.Please return to me within twoweeks–with a copy to theCompliance Office.”■ One of the following statementsmust be checked off:❏ The attached information wasreviewed. Due to its content, nofurther action is necessary.

❏ The attached information wasreviewed. Due to its content,information was circulated and/or staff educated as appropriate.❏ The attached information wasreviewed. Due to its content,additional review and followup/policy revisions may benecessary. Target date forcompletion is _____.■ A line for the recipient to sign anddate the response before returning itto the Compliance Officer.The original printed material is placed ina file, along with a copy of the memo, towait for the signed memo to be re t u r n e d .Having the signature ensures that thea p p ropriate person(s) has been notified ofthe information and responded to it. T h einformation is also entered into a databaseso that it can be monitored and follow upcan be scheduled if necessary.Follow-up memoIn the event that the signed memo isnot returned within two weeks, theinformation is sent again with a secondnotice memo. The second notice memois the same as the original Re g u l a t o ryUpdate Me m o, but states it is a secondnotice. This information is also entere dinto the database. If there is still noresponse after the second notice is sent, anotice is sent to the Compliance Of f i c e rwith a copy to the re c i p i e n t’s Vi c ePresident. The notice gives the detailsabout the subject, dates the memo wassent, any other follow-up done and thefact that no response has been re c e i ve d .To date, the last step has been neededi n f requently–but when used, has beensuccessful in getting the re s p o n s e .When the signed memo is returned,receipt is logged into the database. Ifany additional action is indicated asbeing needed, the target date for completionwhich is indicated on the memois also entered into the database. TheCompliance Office then does follow upafter that date to ensure that action hasbeen taken.The Compliance Officer, or a memberof the Compliance Office staff, reviewsthe responses. Any response that is notclear or does not seem appropriate isdiscussed with the Compliance Officer.With the appropriate approval, theindividual who signed the form is contacted.The response is discussed andclarified. Occasionally, meetings arescheduled with the Compliance Officerand other appropriate individuals todiscuss the issue(s), although this hasrarely been needed.Steps are documentedThese steps are documented when theyare taken and the documentation isattached to packet. The signed formsare then matched up with the copies inthe paper file. The entire packet ofinformation is put together and placedin a departmental file.Using this process has made it easier totrack the information being distributedto staff members. Most of the staff hasexpressed gratitude that they are receivingimportant information in a timelymanner. Keeping the database has mademonitoring the information very simple.Various reports can be run to identifywhatever we need to monitor forfollow up. Finally, having the memosigned and returned with actionstaken/actions planned helps prove weare attempting to do the right thing. ■S AVE THE DAT Efor this exciting joint conference,co-sponsored by theAmerican HealthLawyers Associationand theHealth CareCompliance AssociationFR AU D &CO M P L I A N C EFO RUMREGULATORY TRENDS INTHE NEW ADMINISTRATIONSe p t .3 0 – Oc t .2 , 2001Washington Hilton, Washington, DCProgram available in late JulyFor more information visitw w w. h c c a - i n f o.orgor call 888/580-8373

Conferenceoptions?Make sureit is HCCA.other meetings, as well as provided itsown programming on a wide variety of topics. It is important tonote though that every conference is not an HCCA Conference.Because of this proliferation of HIPAA and other compliancerelatedconferences I thought I would list the following conferencesHCCA currently has on its 2001 agenda:■ Sept. 12-14–Compliance Leadership: Session 1, Sacramento, CA■ Sept. 30-Oct. 2–AHLA/HCCA Fraud and ComplianceForum, Washington, DC■ Oct. 24 - 26–Compliance Leadership: Session 2, Sacramento, CA■ Nov. 11-15–Academy of Health Care Compliance, Dallas, TX■ Nov. 29-30–HCCA Academic and Research ComplianceSummit, Anaheim, CA■ Dec. 3-5–HCCA HIPAA Forum, San Diego, CAROY SNELLIt seems that every day a new conferenceis announced dealing with HIPAA privacyor other health care compliance topics.In the past, the Health Care ComplianceAssociation (HCCA) has affiliated withpriced at $799 - $699 forHCCA Members–this conferenceis a bargain compared tomany other conferences currentlyadvertised. And like allHCCA events, the program isdesigned with the complianceprofessional in mind.If the HCCA logo is printed on the conference brochuresyou receive, you can be sure it is an HCCA event. We hopeyou make the same choice as thousands of compliance professionalsand choose HCCA programs.HCCA Focus Group Survey resultsIn May, 2001, the HCCA conducted three group surveysto learn the answers to the following:■ What three issues do you perceive as having the greatestimpact on your duties as a compliance professional overthe next 18 months?■ In the coming ye a r, what are the key content areas you willlook for when you re v i ew programs for your own pro f e s-sional continuing education as a compliance pro f e s s i o n a l ?■ Do you or your organization’s compliance departmenthave all or part of the responsibilities relating to HIPAAimplementation or oversight?HCCA’s HIPAA privacy conference, the HIPAA Forum, sched-The three groups surve yed consisted of a focus group of fiveuled for December 3-5, 2001 in San Diego, CA, is co-sponsoredindividuals who met via conference call and discussed eachby the American Hospital Association. This program, for healthothers responses; a group of 12 contacted by direct email andcare providers of all sizes and all settings, will provide usefulresponding electronically; and subscribers to This Week intools and information. The HIPAA Forum will feature numer-C o r p o rate Compliance, which resulted in 87 re s p o n s e s .Theous case studies and operational workshops that go beyond theoverwhelming tone of all comments returned in the openregulatory updates and legal interpretation offered in many ofended answers led to a strong desire for programs, prod-the conferences currently available.ucts, and services focusing on operationalizing an issue ortrend, rather than analysis of the issue or trend. To that endSessions will be delive red by your fellow compliance pro f e s s i o n a l srespondents called for provision of sample forms, policies,and will focus on your expressed needs. The HCCA HIPAA Do c -procedures, tools, and benchmarking data which theyument Re s o u rce Library will be issued at this meeting, sharingcould apply themselves to the issues they identified.over 300 pages of documents, policies, pro c e d u res, and tools p repa red and used by compliance professionals across the nation. InThe survey responses were discussed by the HCCA Officersaddition, HCCA survey information on the state of HIPA A c o m p l i-during the May Officers Call. HCCA committees are usingance will be re p o rted at the HCCA HIPAA Fo rum and will pro-the data as they prepare future programs. Thank you forvide important benchmark information for you to use as a dash-your responses–your answers will help us as we developJuly 200120b o a rd for your HIPAA compliance effort s . The HIPAA Forum isprograms and services to meet your needs. ■

envelopes. Also, if appropriate, considerdeveloping bilingual posters. Usingthese tools will ensure that your messageis communicated to all employees.Many compliance officers facethe problem of continuallybuilding employee awarenessof their organization’s complianceprogram. The work of communicatingyour compliance program should notend with the training program. The initialcompliance training intro d u c e se m p l oyees to the organization’s complianceprogram, goals, hotline, code ofconduct, and the organization’s commitmentto the program. Many complianceofficers have wallet-size copies of theirCode of Conduct with the hotline numberprinted and distributed to employe e sat the time of the introd u c t o ry training.While this is a good beginning, moreaction will be necessary.Keep the message freshIt is important to constantly reinforceyour compliance commitment withyour employees. To do this, think aboutthe ways your organization communicateswith staff and consider how tobest utilize these methods to communicatecompliance, when appropriate.There are a number of communicationstools available to draw employee attentionto the compliance program. Somemay cost money, while others will not.Be sure to include some funds in yourannual compliance budget for compliancecommunications.After reviewing the communicationtools your organization already has inplace, plan a meeting with your organization’scommunications or public relationsdirector to discuss ways to bestutilize these tools; for example, theemployee newsletter, bulletin boards,Internet and Intranet, Website, email,pay envelopes, and inserts, etc.Some suggestionsAsk that the compliance hotline numberbe published in every issue of theorganization’s newsletter. This not onlykeeps the number out front, it reinforceswith employees your organization’scommitment to compliance. Also,ask that a compliance program updateto be included in the new s l e t t e r. Pu b l i s hthe dates of your compliance training inthe newsletter, post them on yourWebsite and Intranet if your organizationhas one, and email these dates toall employees requiring training.Ask your communications departmentto develop a poster and a tag line (i.e.it’s your responsibility too, do the rightthing, etc.) for your compliance programcampaign. The posters can beused effectively on various bulletinboards, in employee lounge areas, themail room, and other areas whereemployees congregate.Team workWork with your communicationsdepartment and the human resource(HR) department to develop a simplebrochure that can be inserted inemployee pay envelopes and make sureit includes the Code of Conduct, hotlinenumber, and other important complianceprogram information. Again,working with HR, you may also considerhaving the tag line and hotlinenumber reproduced on employee payPens, pads, and mugsDiscuss with your communicationsdepartment what items (pens and pencils,note pads, mouse pads, coffeemugs, etc.) the organization may beplaning to develop and discuss whetheror not the hotline number and/or tagline could be displayed on them. Youmay also want to consider having alogo developed for your complianceprogram that may be used on note padsand employee name badges.Website and IntranetIf your organization has an Intranet, besure to use it. Again, you may posttraining dates, program notices, andother important compliance information.Ask members of your staff towrite an article monthly or quarterly onsome issue you need to communicateto employees and make it available onthe organization’s Intranet. Someorganizations also have devoted spaceon their Website for the complianceprogram. Discuss with your WebsiteManager how you can best use thiscommunication resource.This is by no means a complete list ofcommunication tools. You may havea l ready instituted these tools. If so, don’tthink communicating your compliancemessage is ove r. To keep compliance programawareness needs in the fore f ro n t ,schedule meetings with the director ofthe communications department keepingone item on the agenda–how can wecommunicate our compliance messageto all of our employees? ■21July 2001

ABCsOF ACRONYMSEditor’s note: The following listing will help youthrough the health care acronym maze. The informationis provided by Erin O’Donnell, an Associate withPricewaterhouseCoopers.ABN - Advance Beneficiary Notice is a waiverthat a provider has a patient sign confirming thepatient’s understanding that certain provided servicesmay not be reimbursable under Medicare andtherefore are the patient’s responsibility. To readmore about ABN visit, http://www.codegreen.org/id13.htmlACER - Annual Contractor Evaluation Report isHCFA’s formal evaluation report of the contracto r’s performance for the fiscal ye a r. It is based uponresults of the Contractor Performance EvaluationProgram (CPEP) reviews, along with results ofother special evaluations which are considered whenevaluating contractor performance. The reviewsm e a s u re the degree to which each contractor meetsHCFA’s performance criteria and standards. Thescores in the ACER show the level of performanceachieved by the contractor for each standard andcriterion. To read more about ACER, visit http://w w w. h c f a . g ov / p u b f o rm s / 23 % 5 ro Fm / r 21005 . h t m #_ 1 _ 2ERISA - Employee Retirement Income SecurityAct was established in 1974. ERISA set up plandesign, funding, and administration requirementsfor employee pension plans to protect the rightsof plan participants and beneficiaries includingpreempting certain state laws relating to employeebenefit plans, including medical plans self-insuredby employers. Visit http://www.harp.org/erisatoc.htmHCPCS - HCFA Common Procedure CodingSystem is a set of codes used by Medicare thatdescribes services and procedures; HCPCS Level Icodes are CPT codes, Level II codes are for suppliesand other non-CPT codes, and Level III arelocally set codes. Want to read more? Visithttp://www.hcfa.gov/medicare/hcpcs.htm ■July 200122WEBR E S O U R C E SEditor’s ■ Contact HCCA President Gregnote:WarnerPeriodically ■ Review the latest compliance classifiedwe publish a listingadsof helpful Internet and email resources. ■ Review HCCA Membership informationHealth Care Compliance Association memberand sign up on the WebKaren Larson, DC, MS, CPC, helped ■ Search the Membership Directoryto compile this listing. Ms. Larson is aon HCCA’s Member’s Only SectionProgram Coordinator II in the Resource ■ Read the most recent issue ofCenter for Clinical Data Management and HCCA’s newsletter, ComplianceAnalysis at the University of Kentucky TodayChandler Medical Center (UKCMC) inLexington. She can be reached atBe sure to regularly visit HCCA’sklars2@pop.uky.edu.Website. A search feature has beenadded to better help you find complianceIf you know of In t e rnet re s o u rces that may beinformation.of help to corporate compliance pro f e s s i o n a l splease submit them to Ma r g a ret Dragon viaGovernment Websitesemail at m rd r a g o n @ z i p l i n k . n e t .■ Searchable database of all MedicallyUnderserved Areas (MUAs)–ClickHCCA Websiteon “Resources”http://www.hcca-info.orghttp://www.bphc.hrsa.dhhs.govFind the latest information on HCCANational and Regional ConferencesOther helpful WebsitesSign up for:■ Health Privacy Project–state-by-state■ AHLA/HCCA Fraud andanalysis by Georgetown UniversityCompliance Forum, September 30-http://www.healthprivacy.org/resourcesOctober 2, Washington, DCVisit HCCA’s Compliance Resources■ Quorum Health Group, Inc.,and order:Complete Medicare Cost Report■ Compliance, Conscience, andCase SettlementConduct, HCCA’s Compliance andhttp://www.prnewswire.com/cgi-bin/Ethics Training Programstories.pl?ACCT=105&STORY=■ Individual & Small Group Physician /www/story/04-23-2001/0001475504Practice Compliance, HCCA’s 39-minute audio training program ■ A Guide to Monitoring Medicaid■ Compliance 101, HCCA’s popular Managed Careseminar, now a bookhttp://www.familiesusa.org/pubs/■ Subscribe to This Week in Corporate medmngde.htmCompliance and HCCA’s ENewsAlert■ American Accreditation Healthcare■ Network with compliance professionalsCommissionusing the HCCA Forumhttp://www.urac.org■

FORYO U R I N F OONTHE LIGHTER SIDEH C FAmayundergoname changeOn May 29, Thomas Scully, was swornin as administrator for the Health CareFinancing Administration and a few dayslater he told HCFA staffers that he wantedto rename the Agency. Ac c o rding toa Bloomberg News item Scully told“ H C FA employees that his goal in re -naming the agency is ‘changing people’sa p p re c i a t i o n’ of its operation of Me d i c a re ,the U.S. health insurance program for theelderly and disabled, and Medicaid, thep rogram for the poor.” Se c re t a ry T h o m p s o nhas previously stated an interest in changingH C FA’s name to improve the agency’simage, according to a HCFA sourc e .Be yond the name change, the HCFAs o u rce noted that the new administratorwould like the agency to be morere s p o n s i ve to providers and to Congre s sas well as offer more provider education.TX children’s hospital to refund$14.5 million to MedicaidOn May 24, Texas Attorney Ge n e r a lJohn Cornyn announced that Dr i s c o l lC h i l d re n’s Hospital and Foundation inCorpus Christi had agreed to re f u n dMedicaid $14.5 million, which will bedivided between Texas and the federalg overnment. Ac c o rding to the announcement,the hospital allegedly prov i d e dfalse information to the Texas De p a rt m e n tof Health, which led the Medicaid programto overpay the Driscoll Ho s p i t a l .From 1994-1999 Driscoll allegedly filede r roneous cost re p o rts for va r i o u sexpenses not allowed for re i m b u r s e m e n t ,re p o rted inflated figures on charity workrelating to the Di s p ro p o rtionate Sh a reHospital Program, and participated inpossible violations of state and federalanti-kickback statutes.Driscoll Hospital has been negotiatingwith the Attorney General and the U.S.De p a rtment of Justice for some time toa p p ropriately reimburse the gove r n m e n t ,rectify all disputed internal billing pro c e-d u res, and ensure that problems of thiss o rt do not re c u r. “I want to emphasizethat Driscoll officials have fully cooperatedwith my office to ensure that thesemonies are returned to the public,” saidCornyn. Ac c o rding to Cornyn, theMedicaid Fraud Control Unit has identifiedabout $25 million in fraudulentMedicaid overpayments in Texas, withm o re than $9 million of that discove re din this fiscal year alone.HealthSouth to pay $7.9 million,settles fraud allegationsOn May 22, the U.S. De p a rtment ofJustice announced that Bi r m i n g h a m ,AL-based He a l t h South Corporation, then a t i o n’s largest provider of outpatients u r g e ry, diagnostic imaging, and re h a b i l i-tation services, has agreed to pay $7.9million to settle health care fraud allegations.The government alleges thatHe a l t h South improperly billed Me d i c a reand TRICARE for equipment and suppliespurchased from G.G. Enterprises, acorporation owned by the parents ofHe a l t h South CEO Richard Scru s h y.This settlement also re s o l ves allegationsthat He a l t h South overbilled T R I C A R Eand Me d i c a re for rental payments andthe costs of an abandoned computer system.This settlement arises, in part, fro ma qui tam lawsuit filed by Greg Madrid, aformer He a l t h South billing clerk .Madrid will re c e i ve $1.48 million, asp a rt of the settlement. ■Ed i t o r’s note: The following was submitted by Greg Wa rn e r,H CCA President. If you have anything you would like tosubmit for publication “on the lighter side” - please email itto Ma r g a ret Dragon, m rd r a g o n @ z i p l i n k . n . e tThe OIG is Comin' to Town!(To the tune of “Santa Clause Is Coming To Tow n” )You better watch out,You better not lie,You better not cheat,I’m tellin you why,The OIG may visit you soon!They see you when you’re coding,They know if its not right.And, if you do it wrong just once,You’ll be in a great big fight!So, you better watch out,The OIG has friends,Like the FBI and DOJ,They’ll catch you in your sins.The OIG may visit you soonThey know if you will settleThey’ll use the False Claims Act.They’ll impose a CIAAnd, in a corner you’ll be backed!So, you better watch out,HCCA’ll show you the wayA compliance plan and HCCAOr, you may have to pay.The OIG may visit you soon!They’ll see that you are auditing,They’ll like your training plan,The OIG will take to youThey’ll be your biggest fan!So, you better watch out,You better not lie,You better not cheat,I’m tellin you why,The OIG may visit you soon! ■23July 2001

PEOPLEONTHE GOJuly 200124Editor and Publisher:Margaret R. Dragon, 781/593-4924, mrdragon@ziplink.netConsulting Editors:Greg Warner, President, HCCA, 507/284-9029Roy Snell, CEO, HCCA, rsnell@hcca-info.orgAdvertising Department:Joni Lipson, 888/580-8373Design & Layout:Raven Creative,781/631-4639, ravencreative@mediaone.netCover Photo: Roy SnellHCCA Officers and Board of Directors:Greg WarnerHCCA PresidentDirector for ComplianceMayo FoundationSheryl VaccaHCCA Vice PresidentDirector, West Coast CompliancePractice, Deloitte & ToucheMichael C. Hemsley, Esq.HCCA 2 nd Vice PresidentVice President, CorporateCompliance & Legal Se rv i c e sCatholic Health EastF. Lisa MurthaHCCA TreasurerChief Audit and Compliance OfficerChildren’s Hospital of PhiladelphiaAl W. JosephsHCCA SecretaryCompliance Of f i c e rHi l l c rest He a l t h c a re Sy s t e mDebbie TroklusHCCA Imme. Past PresidentManagerPricewaterhouseCoopersEileen T. BoydManaging DirectorForensic and Litigation Services,KPMG LLPPaul E. FlanaganChief Compliance OfficerEisenhower Medical CenterCEO/Executive DirectorRoy SnellHealth Care Compliance AssociationOdell GuytonCorp. Compliance OfficerUniversity of PennsylvaniaAudit & ComplianceVickie McCormickIntegrity OfficerUnited Health Gro u pGregory Miller, Esq.Mi l l e r, Alfano & Raspanti, PCLewis Morris, Esq.Assistant Inspector Generalfor Legal AffairsDHHS Office of Inspector Ge n e r a lTeresa L. MullettSenior VPXBond CorporationDaniel RoachVP and Corporate Compliance OfficerCatholic He a l t h c a re We s tJoseph J. Russo, Esq.Russo & RussoBrent SaundersDirectorHealth Care Regulatory GroupPricewaterhouseCoopersL. Stephan Vincze, JD, LL.M, CHCPresident And CEOVi n c ze & Fr a ze r, LLCAlan Yuspeh, JD, MBASenior Vice PresidentEthics, Compliance and CorporateResponsibilityHCA –The Healthcare CompanyCounselThomas Suddath, Esq.HCCA General CounselMontgomery, McCracken, Walker &Rhoads, LLPCompliance Today (CT) (ISSN 1523-8466) is published by the Health Care ComplianceAssociation (HCCA), 1211 Locust Street, Philadelphia, PA 19107. Subscription rate is $287 a yearfor non-members. Periodicals postage-paid at Philadelphia, PA 19107. Postmaster: Send addresschanges to Compliance Today, 1211 Locust Street, Philadelphia, PA 19107. Copyright 1998the Health Care Compliance Association. All rights reser ved. Printed in the USA. Except wherespecifically encouraged, no part of this publication may be reproduced, in any form or by anymeans without prior written consent of the HCCA. For subscription information and advertisingrates, call HCCA at 888/580-8373. Send press releases to M. Dragon, PO Box 197, Nahant, MA01908. Opinions expressed are not those of this publication or the HCCA. Mention of productsand services does not constitute endorsement. Neither the HCCA nor CT is engaged in renderinglegal or other professional services. If such assistance is needed, readers should consult professionalcounsel or other professional advisors for specific legal or ethical questions.Editor’s note: If you have receiveda promotion, award, degree, orrecently changed jobs, please let CTknow. Call or fax 781/593-4924, emailmrdragon@ziplink.net, or mail your news to MargaretDragon, HCCA, P.O. Box 197, Nahant, MA 01908.➤ Steven J. Erd has been named by Raytheon as BusinessDevelopment Manager, a new position, Steve is focused onHIPAA security solutions as well as logistics, e-commerce,and data systems solutions. He can be reached at703/849.1566 or serd@raytheon.com.➤ Denise Haynes has been appointed to the 2001 MalcolmBaldrige National Quality Award Board of Examiners.Denise is the Compliance Officer at Cuyahoga FallsGeneral Hospital, Cuyahoga Falls, OH. She may bereached at 330/971-7223.➤ Joseph Ilcus was recently promoted to Compliance Officerof Pegasus Airwave Inc., a national DME manufacturer/supplier based out of Boca Raton, FL. Joseph may bereached at 800/443-4325 ext 2209 or by email atjoe.ilcus@mindspring.com.➤ Daniel Untch has joined the Healthcare Practice ofPricewaterhouseCoopers based out of the Chicago office asof May 1, 2001. Dan can be reached at 312/701-5409The following were randomly selected from the 87 respondentsto a survey conducted by HCCA to the subscribers ofThis Week in Corporate Compliance and HCCA ENewsAlert. The winners of the Compliance Institute 2002 freeregistrations are:➤ Anne Brockenauer, CCO, St. Peters Health Care Services,Albany, NY➤ Tim Regula, Compliance Officer, Aultman HealthFoundation, Canton, OH➤ Laura Cossey, Compliance Manager, Catholic HealthcareAudit Network, Bryant, AR ■