Hospital regulatory risk management: ...continued from page 5of Diagnosis-Related Group (DRG) outlierpayments; improper claims for clinical trials;and improper claims for cardiac rehabilitationservices. These are just a few of the manyvulnerabilities that, if not properly addressed,can result in fines, penalties, and CorporateIntegrity Agreements.General subcategories may include: billing,coding, admissions and discharges, ChargeDescription Master, Advanced BeneficiaryNotice, and medical records.Specific subcategories may include: evaluationand management; outpatient observation services;three-day stays; and incident-to services.6. Laboratory servicesLaboratory services could be included in theClaims development and submission category,but they earned their own risk categorydue to the many different regulatory agenciesto which they are subject. In addition to OIGand CMS, a laboratory must comply withFDA, CDC, and OSHA regulations. Claimssubmission, particularly unbundling, is onlyone part of the risks encountered in thelaboratory environment.Subcategories may include: documentation,lab requisition forms, standing orders, physiciannotification, customized profiles, and labadministration.7. HIPAA privacy and securityThe <strong>Health</strong> Insurance Portability andAccountability Act of 1996 (HIPAA) addressestwo areas of protection for individuals’ healthinformation: privacy and security. Theseare vital areas to be addressed in a myriad ofdaily actions occurring in a health facility. Themovement to electronic health records (EHR)has helped to mitigate some HIPAA risks, butit also presented new problems. Recent actionsby federal regulators indicate that HIPAA willbe enforced more actively in the days to come.Subcategories may include: privacy, security,information technology, and documentation.8. Physicians at Teaching HospitalsThe Physicians at Teaching Hospitals (PATH)initiative focuses on compliance with federalregulations that govern reimbursement tophysicians at teaching hospitals. The specificobjectives of the PATH audit initiative are toverify compliance with the Medicare rules thatgovern payment for physician services providedby residents and interns, and to ensure that allclaims for physician services accurately reflectthe level of service provided to the patient.Submitting claims to government health careprograms for resident and intern servicesthat were not properly supervised can lead tocriminal and/or civil penalties under the FalseClaims Act.Subcategories may include: billing, documentation,education, and oversight.9. ResearchMedicare covers the routine costs of qualifiedclinical trials as well as reasonable andnecessary items and services used to diagnoseand treat complications arising from participationin clinical trials. Hospitals thatparticipate in clinical trials should reviewthe requirements for submitting claims forpatients who participate in clinical trials.In addition, informed consent regulationsrequire clinical investigators to obtain legallyeffective informed consent in an appropriatemanner from the subject or the subject’s legallyauthorized representative before initiating aclinical trial using human research subjects.Time and effort reporting, financial conflictof interest, researcher misconduct, and propercost allocation are some of the other risk areasin research activities.Subcategories may include: time and effortreporting; financial support from othersources; principal investigator conflict ofinterests; patent, trademark, and copyrightunder federal funds; human subjects research;and animal subjects research.10. <strong>Compliance</strong> program effectivenessHospitals with an organizational culture thatvalues compliance are more likely to haveeffective compliance programs and will beable to better prevent, detect, and correctfraud, waste, and abuse, while at the sametime furthering the fundamental missionof all hospitals: providing quality care tothe patients. <strong>Compliance</strong> programs shouldeffectively articulate and demonstrate theorganization’s commitment to the complianceprocess. The annual risk assessment shouldinclude an assessment of the complianceprogram itself.Subcategories may include: complianceofficer, corporate compliance, and boardoversight; written standards of conduct; policiesand procedures; training; enforcement;auditing and monitoring; and investigationand remediation.It is critical to establish a functional andinclusive yet simple framework to successfullymanage the hundreds of risk areas prevalentin the current compliance environment.Whether you are preparing for a governmentaudit by a RAC, Medicare-affiliatedcontractor (MAC), Zone Program IntegrityContractor (ZPIC), or conducting yourannual internal assessment, the correct useof these ten categories and their respectivesubcategories can guide you through the fourcompliance steps (risk assessment, risk remediation,risk monitoring and auditing, andrisk response and reporting) that are essentialto an effective compliance program. nSeptember 20086<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org
YOURINFORMATIONFYIFORHIV Infusion Clinic Administrator SentencedMiami resident Aisa Perera, 42, was sentenced to 30 months in prison for herrole in an $11 million scheme to defraud the Medicare program, Acting AssistantAttorney General Matthew Friedrich of the Criminal Division and U.S. AttorneyR. Alexander Acosta of the Southern District of Florida announced on July 10,2008. For more: http://www.usdoj.gov/opa/pr/2008/July/08-crm-599.htmlFlorida Doctor Sentenced to 41 Months in Prison for Medicare FraudA Miami-area doctor was sentenced to 41 months in prison for her role inschemes to defraud the Medicare program, Acting Assistant Attorney GeneralMatthew Friedrich of the Criminal Division and U.S. Attorney R. AlexanderAcosta of the Southern District of Florida announced on July 11, 2008. Inaddition to the prison term, U.S. District Court Judge Cecilia M. Altonagasentenced Ana Caos, M.D., 62, to three years of supervised release followingher release from prison and ordered her to pay $294,614 in restitution. Caoswas remanded into federal custody at the conclusion of the sentencing. Aftera nine-day trial in Miami, a federal jury found Caos guilty on April 30, 2008,on all charged counts, including conspiracy to defraud the U.S. government,to cause the submission of false claims to Medicare, and to solicit and receivekickbacks; and conspiracy to commit health care fraud. For more: http://www.usdoj.gov/opa/pr/2008/July/08-crm-605.htmlDC Doctor Sentenced to 37 Months in PrisonOn July 11, 2008, U.S. Attorney for the District of Columbia Jeffrey A.Taylor announced that a local physician, Martin R. McLaren, 65, of ThorndenTerrace, Bethesda, Maryland, was sentenced by U.S. District Judge ColleenKollar-Kotelly to 37 months of incarceration for making false statements inrelation to health care matters. In addition to the sentence, McLaren agreed topay $5 million in restitution, forfeiture, and a civil settlement. For more: http://www.usdoj.gov/usao/dc/Press_Releases/2008%20Archives/July/08-169.htmlMedicare ScammedThe July 9, 2008 Wall Street Journal reported that “The federal governmentpaid scam artists nearly $100 million for claims of wheelchairs, canes,prescription drugs and other items submitted under the names of dead doctorsin recent years, according to a Congressional investigation.” For more: http://online.wsj.com/article/SB121556119847437537.html?mod=googlenews_wsjCalifornia Doctor Sentenced to 10 Year Prison TermOn July 7, 2008 the Associated Press reported that “A Southern Californiadoctor was sentenced to 10 years in federal prison Monday for billing healthinsurance companies more than $9 million in unnecessary surgical procedures,prosecutors said.” For more: http://www.signonsandiego.com/news/Continued on page 17<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org7September 2008