Health Law Blog - Healthcare Legal Issues

Archive for the ‘Self-Disclosure’ Category

Using the Self Disclosure Protocols to Minimize Risk

Tuesday, June 27th, 2017

When to Use the OIG’s Self Disclosure Protocols

Self Disclosure Mitigate RiskThe HHS Office of Inspector General offers providers an opportunity to self-disclose certain violations in exchange for avoiding some of the more draconian penalties that may otherwise apply under applicable regulations.  Even though the OIG’s Provider Self-Disclosure Protocols (“SDP”) can be very compelling, the decision whether to utilize the OIG’s self-disclosure protocols is often very difficult.

To begin, the SDP is not available in all situations.  The SDP is limited to situations that potentially violate Federal criminal, civil, and administrative laws for which Civil Monetary Penalties are authorized.  The SDP requires the disclosing party to Continue

Credible Information Indicating Overpayment – Duty to Investigate

Tuesday, June 27th, 2017

Addressing Potential Over-payment Situations – Exercising Reasonable Care

known overpayment credible informationThe new final regulations under the 60-day repayment rule, require providers to affirmatively exercise reasonable diligence to identify potential overpayment situations. The obligations to further investigate is triggered when a provider receives “credible information” that indicates a potential overpayment.  Affirmative steps must be taken in a timely and good faith manner to investigate the situation further. Failing to use reasonable diligence can result in significant penalties under the False Claims Act (FCA). In some cases criminal liability can attach as well; particularly when evidence strongly indicates a problem might exist and a deliberate decision is made not to investigate or repay an amount due.

By now most health care providers are at least generally aware of the 60-day repayment rule. That rule originated as part of the Affordable Care Act in 2010. The rule provides that the failure to repay a known overpayment within 60 days after discovery results in potential penalties under the FCA. This means a simple overpayment is multiplied by a factor of three. Additionally, penalties can be assessed in amounts ranging from a minimum of $11,000 and a maximum of approximately $22,000 per claim. Financial exposure under the FCA can be very substantial; particularly when there is a systematic billing error that impacts a large number of claims over a significant period of time. The lookback period for imputed False Claims is 6 years, which amplifies the potential exposure when the “tip of the iceberg” is discovered in a current year audit.

The initial statutory provision left some ambiguity regarding application of the 60-day repayment rule. One significant ambiguity relates to when the 60-day time period begins to run. The statute states the 60-day period commences upon “identification” of the overpayment but included no clarification of when a provider is deemed to have identified the existence of an overpayment. It was not clear whether identification occurred when there was an allegation that an overpayment exists, when an amount of overpayment was calculated, when the existence of the overpayment was verified, or at some other time. It was also unclear whether actual knowledge of an overpayment was required or whether knowledge could be imputed in certain circumstances.

CMS provided clarification on the issue of identification in the final regulations, but the clarification places significant burdens on providers. Under the final rules, the provider is deemed to have identified an overpayment not when actual knowledge is obtained, but rather when the provider “should have” identified the overpayment through the exercise of “reasonable diligence.” The new standard requires providers to conduct a timely and good faith investigation when it receives credible information an overpayment might exist. Failing to take reasonable steps to investigate will result in imputed knowledge and deemed “identification” of the overpayment. In other words, the 60-day clock starts to run when the investigation should have commenced.

It is useful at this point to mention what constitutes an overpayment that invokes the statutory requirement. An overpayment exists when the provider receives any funds to which they are not entitled. There is no requirement of an amount threshold, substantiality, or materiality. Any overpayment invokes the statute and becomes a potential false claim if not repaid within the 60-day period. There are situations where the amount of overpayment is so small that the provider might determine it not worth the resources to identify, quantify and repay. When making this determination, it should be kept in mind the FCA will apply if a whistleblower case is brought or a government investigation is commenced and finds the overpayment. FCA liability can result in large penalties; particularly where there are multiple claims involved. It should also be kept in mind that criminal statutes impose felony penalties for the willful failure to return known overpayments.

Overpayments that are self-discovered and repaid before they become false claims are relatively easy to manage. Once the FCA potentially attaches, these situations become increasingly complicated to manage. The OIG Self Disclosure process should be considered where potential for significant penalties is present. The Self Disclosure Protocols permit resolution at a minimum of 1.5 times the amount of the overpayment. Full disclosure of the facts and investigation is required as part of the self-disclosure process. Only civil penalties are subject to settlement under the protocol. The wrong facts disclosed as part of the SDP process can lead to criminal charges against the entity or individuals. Criminal charges cannot be settled using the SDP.

Where amounts are smaller, a provider may decide to repay without going through the protocol process. A determination of which option is right in the specific situation should be made with the involvement of legal counsel that has experience with these issues.

Proper operation of a compliance program is the best defense to mitigating exposure under the 60-day rule. Prompt investigation should be conducted whenever there is a credible allegation of an overpayment. Compliance risk identification and proactive auditing can also help mitigate risk by identifying problems early and by demonstrating the compliance process is being effectively operated. This will help avoid allegations that overpayments should have been discovered sooner through the exercise of a reasonable compliance program. Most importantly, ignoring alleged overpayments is never an answer that mitigates risk. All credible allegations must be investigated and appropriate repayment should be made using one of the available methods. The requirements of the final rule should be baked into compliance program policies and procedures and staff should be educated on the need to investigate and return overpayments within required timeframes.

Using Self-Disclosure Protocols – CMS and OIG Self Disclosure Process

Tuesday, April 11th, 2017

Self-Disclosure Has Become a Normal Part of the Compliance Process

As the OIG and CMS make self-disclosure easier for providers, we have noticed an increase in the rate of cases that are being filed.  Assisting providers in making decisions whether to self-disclose, conducting internal investigations, and guiding the self-disclosure process when appropriate has become a large part of our compliance practice.  Here are just a few of the articles and other resources that we have released regarding self-disclosure issues:

Exercising Reasonable Care to Identify and Address Potential Overpayments

Criminal Exposure for Failing to Repay Known Overpayment

When to Use the OIG’s Self Disclosure Protocols

Excluded Party Cases Dominate OIG Published Self Disclosure Settlements

Self-Disclosure Process – Voluntary Self Disclosure Decisions are not Always Easy

When Does An Overpayment Become Fraud? How Simple Inattention Can Expose You to Penalties for Fraudulent Activities

Provider Self-Disclosure Decisions – Voluntary Disclosure Process

Provider Self Disclosure Process

For more information on the self-disclosure process and legal updates impacting the process, watch this space.

Criminal Exposure for Failing to Repay Known Overpayment

Monday, April 3rd, 2017

Known Overpayments can Implicate Criminal Statutes

failing to repay overpaymentWe hear a lot about potential liability under the False Claims Act for the failure to repay overpayments within 60 days after discovery. Focus on the 60 day rule has taken some of the focus away from the potential for criminal charges for retaining known overpayments. Section 1128B(a)(3) of the Social Security Act (42 U.S.C. § 1320a-7b(a)(3)) makes it a crime to conceal or fail to disclose any occurrence that affects the initial or conued right to any benefit payment. A violations of the statutes requires a showing that the charged individual have knowledge of the event affecting the right to the applicable benefit. A violation of the statute is a felony and is punishable by a maximum of five years in prison and a fine of $250,000 for individuals or $500,000 for corporations.

The Office of Inspector General has applied this statute, even in cases where the overpayment occurs innocently but a party fails to repayment an overpayment after receiving knowledge. This type of situation is clearly subject to the False Claims Act where repayment is not made within 60 days. Criminal responsibility is also a potential; particularly when a decision is made not to repay after learning about the existence of an overpayment. Criminal exposure is present for the entity as well as the individuals who are responsible for failing to make repayment of a known overpayment. There is an element of ambiguity regarding application of the criminal component, but this has not stopped prosecutors from asserting the statute in the past.

The Federal Criminal False Claims Statute (18 U.S.C. § 287) can also apply to impose potential criminal liability.  That statute applies potential criminal liability on any person who “makes or presents” any claim to an agency of the U.S. Government “knowing such claim to be false, fictitious, or fraudulent.”   This statute can lead to potential 5 years imprisonment plus potential criminal penalties.   Conspiracies to violate the Federal Criminal Claims Statute impose double penealties on participants.  Failing to disclose and repay known overpayments could form the basis of a violation of this statutes as well.

Other criminal statutes could potentially apply to the failure to repay known overpayments.  Mention of these above statutes is not intended to be an exhaustive list of potential exposure.

Excluded Party Cases Dominate OIG Published Self Disclosure Settlements

Friday, March 17th, 2017

Using SDP Self Disclosure Protocol – Excluded Party Disclosures

CMS Self DisclosureIn 2013, the HHS Office of Inspector General issued revised protocols outlining the process through which health care providers are able to self-disclose and resolve potential liability under the OIG’s civil monetary penalty (CMP) authorities.  The 2013 Self Disclosure Protocols (SDP) clarified the process of self-disclosure and provided answers to some of the questions that were previously impeding provider use of the self-disclosure process.  One area that the SDP clarified involved the calculation of damages where a provider discovers that an employee has been excluded from the Medicare and Medicaid programs.  When a provider is a “direct billing” provider, such a physician, it is relatively easy to identify the billings that are attached to that provider.  Prior to 2013, the process for estimating damages was unknown for employees that do not directly bill federal programs for their services.

The 2013 SDP contained a suggested process for estimating damages when non-billed employees are excluded from the program.  The process is based on the cost of employing the excluded individual.  This made it much easier for providers to use the SDP in these circumstances.  Review of the recently settled self-disclosure cases confirms that the process is working to encourage providers to use the SDP in cases involving exclusions.  The SDP uses a multiple of 1.5 times estimated program damages as a minimum baseline for settling SDP cases.  Calculation of damages resulting from exclusion involve identification of billing for the services of a physician or other provider that receives reimbursement for their services.  Other employees, such as nurses, medical assistants, administrative staff and others, use the estimated cost of employment method.

By my count there appears to have been a total of 49 excluded party SDP settlements from the beginning of 2016 through the date of publication of this article.  This is reflective of the clarified procedure in the 2013 SDP.  Settlement amounts range from around $10,000 to a high of around $800,000.  The higher dollar amount settlements likely relate to multiple excluded parties, long term employees, or large dollar “direct bill” employees.

Self Disclosure Process – Voluntary Self Disclosure Decisions are not Always Easy

Monday, February 13th, 2017

Provider Self Disclosure Decisions – Voluntary Disclosure Process

The HHS Office of Inspector General offers providers and opportunity to self-disclose certain violations in exchange for avoiding some of the more draconian penalties that may otherwise apply under applicable regulations.  Even though the OIG’s self-disclosure offer can be very compelling, the decision on whether to utilize the OIG’s self-disclosure protocols is often very difficult.

Unfortunately, it is not always clear whether a violation of a regulatory requirement has occurred.  Those involved in health care law are familiar with the level of ambiguity that often exists with respect to specific billing rules and other regulatory standards.  On the other hand, the potential liability for making the wrong call about whether an infraction has actually occurred can be quite significant.  Clearly, if a provider is deciding whether they have violated a regulation, they have knowledge that the situation has occurred.  The failure to act once knowledge is obtained or imputed can lead to sanctions being multiplied.  For example, failing to repay a known overpayment within 60 days can triple the amount of penalties and add up to $22,000 per claim to the price tag.

The current regulatory scheme places a very high price tag on being “wrong” about whether a regulatory violation is present.  The potential high damages for an incorrect decision forces a provider to take an overly expansive view of when (or whether) a regulatory infraction has occurred.

Clearly not every situation where there has been a billing error amounts to fraud or wrongdoing requiring use of the self-disclosure protocol.  Many over-payments that are identified through audit can be dealt with at the intermediary level.  Where investigation raises questions about whether incorrect bills are “knowingly” submitted, the self-disclosure process may provide some mitigation of potential loss.  Situations where the provider perhaps “should have known” raise more difficult issues of analysis.

The Office of Inspector General’s self-disclosure process is available when there is a potential violation of Federal law that could result in the imposition of Civil Monetary Penalties. A simple determination that a billing error may have led to an overpayment is generally not covered by the protocol.  It is only when the error presents potential CMPs that the protocol can be used to self-disclose the violation to the Federal government.  For example, self-disclosure might be considered where an overpayment is not repaid within 60 days after discovery by the provider or where there is a violation of the anti-kickback statute discovered.

To complicate matters even further, once a provider obtains actual knowledge that a billing error occurs, it is always possible that the government will take the position that the infraction “should have” been known to the provider at an earlier date.  This impacts when the 60 day clock that triggers the application of the False Claims Act begins to run.  Once you discover an error, you would like to think that you have 60 days to self disclose and avoid the damage inflating False Claims Act.  Whether you should have discovered the infraction earlier through a properly functioning compliance program will always overshadow these cases.  The only thing that a provider can really do to reduce the stress of this type of impossible situation is to have a strong compliance program in place well in advance.

The situation is also complicated because a potential whistle-blower may view a situation much differently than a provider who finds what it believes to be an innocent mistake through the audit process.  A provider may sincerely believe that there was no “wrongdoing” and that a simple mistake has been identified.  Finding such a mistake may actually be evidence that the provider’s compliance efforts are working.  On the other hand, there is a whole legal profession out there now that is advertising for people to come forward as whistleblowers.  With potential recovery under the False Claims Act of 3 times the over-payment plus up to $22,000 per claim, whistleblower lawyers have strong incentive to attempt to turn what the provider believes to be an innocent mistake into a false claim. The damage calculation creates a big payday for whistleblower plaintiffs and their lawyer, who take these cases on a contingency fee basis.

Generally speaking, when errors are discovered, the providers best bet is to be forthright and deal with the matter “head on.”  A complete internal investigation should be conducted to determine the precise nature of the issues and to identify the extent of wrongdoing.  Based on the outcome of the investigation, the provider can determine whether a simple repayment can be used or whether there may be reason to go through the formal self-disclosure process.

Anyone who has worked with reimbursement rules will realize that payment policies, rules and regulations are not always clear.  It is often difficult to determine whether there is even a violation of applicable rules or whether an overpayment actually exists.  Legal ambiguities further complicate the self-disclosure decision.  The precise nature of any legal ambiguities involved in the specific case need to be completely documented.  If a decision is made that there has been no wrongdoing, the legal analysis should be laid out in writing and in detail and a reasonable judgment should be made regarding the interpretation of applicable legal standards.  If self-disclosure is made in situations involving legal ambiguities, those ambiguities should be explained in detail as part of the self-disclosure.

In the end, a provider facing potential self- disclosure must follow a reasonable process to make a reasoned decision in the face of significant risk and uncertainty.  Perhaps most importantly, it is never a good alternative to pretend that the situation will never be discovered or brought to light.  These cases can arise in strange and unexpected ways.  It is best to assume that a discovered compliance violation will eventually be brought to light.  In most cases it is advantageous for the provider to affirmatively bring the matter forward rather than waiting for the government or a whistleblower to bring a claim.  When that happens, it is much more difficult to resolve the issue.

John H. Fisher, CHC, CCEP is a health care attorney at the Ruder Ware law firm.  John is actively involved representing clients on legal and compliance issues.  He has represented clients in creating compliance programs and in a variety of operational issues.  He also assists providers in addressing risk areas and potential compliance issues including preparing self-disclosure and working with the government to resolve disclosed compliance issues and overpayment.  John consults as a subject matter expert and provider legal backup to other attorneys and law firms from around the country on specialized compliance, regulatory and health care issues.  John has followed legal issues impacting health care provider for over 25 years.  As such, he is knowledgeable on the current legal standards as well as the historic perspective that is often relevant to an appropriate analysis.  

Self Disclosure Settlements Help Identify Compliance Risk Areas

Friday, January 27th, 2017

Self Disclosure Settlements Indicate Areas of Compliance Risk

Compliance officers can identify areas of potential compliance risk in a number of ways.  One way is to examine self disclosure settlements under the Stark Law and OIG self disclosure process.  This helps indicate issues that other providers are disclosing to the government and can help identify potential risk areas within your organizations.

Here are a handful of self disclosure settlements that have been published:

A Massachusetts hospital settled several Stark law violations involving failure to satisfy the requirements of the personal services arrangements exception with department chiefs and medical staff for leadership services, and for arrangements with physician groups for on-site overnight coverage for patients at the Hospital. Settlement Amount – $579,000.00

An Ohio physician group practice settled two Stark law violations involving prescribing and supplying a certain type of DME that did not satisfy the requirements of the inoffice ancillary services exception. Settlement Amount – $60.00

A Mississippi critical access hospital settled several violations of the Stark law relating to its failure to satisfy the requirements of the personal services arrangements exception for arrangements with hospital and emergency room physicians. Settlement Amount – $130,000

A California hospital settled two Stark law violations that exceeded the annual nonmonetary compensation limit for physicians. Settlement Amount – $6,700

A hospital in Georgia settled violations involving two physicians and the annual nonmonetary compensation limit. Settlement Amount – $4,500

A physician group practice in Iowa settled Stark law violations after disclosing that its compensation for certain employed physicians failed to satisfy the requirements of the bona fide employment relationship exception. Settlement Amount – $74,000

An Arizona acute care hospital settled a Stark law violation after disclosing a single physician arrangement that did not meet the personal service arrangements exception. Settlement Amount – $22,000

A hospital located in North Carolina settled six Stark law violations for $6,800 after disclosing that it exceeded the calendar year nonmonetary compensation limit for two physicians during three consecutive years. Settlement Amount – $6,800

An Alabama hospital resolved a Stark violation involving a rental charge formula that did not satisfy the requirements of the rental of equipment exception. Settlement Amount – $42,000

A hospital in Maine settled potential Stark law violations relating to arrangements with a physician and physician group practice that failed to satisfy the requirements of the personal services exception. Settlement Amount – $59,000

A Massachusetts hospital settled violations concerning arrangements with two physician practices for call coverage that did not satisfy the personal service arrangements exceptions. Settlement Amount – $208,000

A hospital located in Florida resolved arrangements with three physicians that did not satisfy the personal service arrangements exception. Settlement Amount – $22,000

A Missouri hospital settled Stark law violations involving two physicians for the provision of dental services that did not meet the requirements of the personal service exception. Settlement Amount – $125,000

A North Carolina-based general acute care hospital and its hospice agreed to settle several Stark law violations involving arrangements and payments that failed to meet the physician recruitment, fair market value, and personal services arrangement exceptions. Settlement Amount – $584,700

A hospital in California settled a Stark law violation, which arose from its failure to meet the physician recruitment exception. Settlement Amount – $28,000

An acute care hospital in California settled a violation of the Stark law after disclosing that it failed to meet the personal service arrangements exception for an on-call arrangement with a physician. Settlement Amount – $1,600

A South Carolina general acute care hospital settled several violations of the Stark law involving arrangements with physicians and physician group practices that failed to satisfy the requirements of the FMV compensation exception, the personal services arrangements exception, and the rental office space exception. Settlement Amount – $256,000

A Massachusetts acute care hospital settled several Stark law violations involving arrangements with physicians that failed to satisfy the definition of “entity”, the rental office space exception, and the personal services arrangement exception. Settlement Amount – $199,400

A Louisiana acute care hospital used the SRDP to resolve violations related to professional service arrangements with physicians, a professional staffing organization, and a physician group practice. Settlement Amount – $317,620

A Minnesota hospital agreed to settle a Stark violation that stemmed from a recruitment arrangement that failed to satisfy the requirements of the physician recruitment exception. Settlement Amount – $760.00

A Texas rehabilitation hospital resolved several Stark violations through the SRDP involving arrangements for ownership interests held by certain physicians that failed to satisfy the whole hospital exception. Settlement Amount – $23,730

A general acute care hospital in New York agreed to settle a violation of the Stark law that involved an arrangement that failed to satisfy the requirements of the rental office space exception. Settlement Amount – $78,500

A Florida acute care hospital settled several Stark violations relating to arrangements with multiple physicians for emergency cardiology call-coverage that did not satisfy the requirements of any applicable exception. Settlement Amount – $109,000

A general acute care hospital in Florida settled several Stark violations involving arrangement with a group practice to provide residency program services, a physician to provide electronic health records subject matter expert services, a physician to provide Medical Director services, and a physician to provide leadership services for a hospital committee, none of which satisfied applicable exceptions. Settlement Amount – $76,000

An Alabama acute care hospital resolved a violation of the Stark law involving an arrangement with a physician group practice for the rental of office space that did not satisfy the exception. Settlement Amount – $187,340

A Wisconsin critical access hospital used the SRDP to resolve a violation of the Stark law relating to an arrangement with one physician for the provision of emergency room call coverage services at adjacent walk-in clinics that failed to satisfy any applicable exception. Settlement Amount – $12,724

A Tennessee acute care hospital settled a Stark violation involving an arrangement with one physician for the supervision of cardiac stress tests that failed to satisfy the requirements of any applicable exception. Settlement Amount – $72,270

An acute care hospital in Pennsylvania resolved several Stark violations related to arrangements for Medical Director services with certain physicians and a physician practice that did not satisfy the personal services exception. Settlement Amount $24,740

A general acute care hospital in Ohio used the SRDP to settle violations of the Stark law that involved arrangements with certain physicians for EKG interpretation, medical director services, Vice-Chief of Staff services, and hospital services that did not satisfy the requirements of any applicable exception. Additional violations stemmed from arrangements with certain physicians and a physician group practice for the donation of EHR items and services that failed to satisfy the applicable exception. Settlement Amount $235,565

A Texas acute care hospital settled a Stark violation involving an arrangement for case management physician advisor services with a physician that did not satisfy the requirements of any applicable exception. Settlement Amount – $54,108

A physician group practice in Louisiana resolved a Stark violation relating to arrangements with two physicians that failed to satisfy the requirements of the in-office ancillary services exception. Settlement Amount – $13,572

A non-profit community hospital in Minnesota settled a violation of the Stark law that involved an arrangement with a physician group practice for the rental of office space and provision of support services that failed to satisfy the requirements of any applicable exception. Settlement Amount – $9,570

A California acute-psychiatric hospital resolved two Stark violations relating to arrangements with two physicians for the provision of psychiatric services that did not satisfy the requirements of any applicable exception. Settlement Amount – $67,750

A North Carolina acute care hospital used the SRDP to settle several violations of the Stark law relating to arrangements with a physician to provide Medical Director Services, a physician group practice to provide medical coding and consulting services, and a physician and a physician group practice for the lease of office space, that failed to satisfy the requirements of any applicable exception. Settlement Amount – $87,110.00 19.

A general acute care hospital in Texas resolved a Stark violation involving an arrangement with a physician to provide utilization review services that did not satisfy any applicable exception. Settlement Amount – $82,055 20.

A California acute care hospital resolved several violations of the Stark law involving arrangements with three physicians for the provision of on-call services to the Hospital’s emergency department that did not satisfy the requirements of any applicable exception. Settlement Amount – $42,630 21.

An acute care hospital in Oklahoma used the SRDP to settle several Stark violations relating to arrangements with four physicians for the provision of electrocardiogram interpretation services that failed to satisfy the requirements of the personal services exception. Settlement Amount – $124,008

Health Care Compliance Attorney – Certified CHC Lawyer

Tuesday, January 10th, 2017

Health Care Compliance Attorney

Compliance Representation – Certified Health Care Compliance

The Ruder Ware Compliance Team provides a variety of compliance-related services across a number of industry sectors.  Our compliance practice in the health care industry is lead by Attorney John Fisher.  John is a practicing health care attorney who has substantial expertise in the compliance area.  He is certified in both Health Care Compliance and Corporate Compliance and Ethics.

Aggressive Governmental Fraud and Abuse Investigations

Government enforcement practices and ever changing regulatory requirements require health care providers of all types and specialties to function in a highly complex environment.  Government enforcement operates under a “return on investment” mentality which leads to extremely aggressive and sometimes unfairly overbroad enforcement actions.  This leaves even the most well intentioned health care provider feeling targeted and overburdened with regulatory requirements.

Ruder Ware Provides a Full Range of Compliance Services

The Ruder Ware compliance team has provided a broad range of compliance related legal services to a wide range of health care providers such as hospitals, mental health programs, skilled nursing facilities, ambulatory surgery centers, a variety of medical groups, diagnostic facilities, home health care providers, personal care agencies, clinically integrated provider groups, accountable care organizations and other providers.  Each provider that we represent has unique features and characteristics that require creative approaches to mitigate the impact of overzealous governmental enforcement and private whistleblowers.

We Help You Prepare for an Eventual External Examination of Your Compliance Process

Our compliance practice functions under the philosophy that all providers will eventually be called upon to defend their compliance programs.  This may come through a self-disclosure after an infraction that is discovered through self assessment or audit.  Less ideally, it could come from a money hungry whistleblower who will not let go of a case until there is a payday.  It could also come at the hands of a government criminal or civil prosecutor.  Regardless of the source of challenge, at some point in the future, a compliance program will be put to the test.  When this happens, it must be effective to detect and correct potential compliance problems.  This requires both a well designed plan.  It also requires a showing that the plan is actively operating to identify risk areas, audit for anomalies in areas where risk may be present, and comes full circle to take appropriate action to correct potential problems that are identified.  If this is happening when your time comes; when your compliance program is put to the test, you will have gone a long ways toward mitigation of potential negative consequences.

Penalties Are Increasing and the Scope Activity Considered Abusive Continues to Expand

Some may wonder how the government plans to pay for changes in the health care system.  One of the primary sources of payment in the future will be through enforcement of actual or perceived fraud and abuse.  Currently, the Federal government received an 800% return on every dollar that it invests on pursuing health care fraud and abuse.  With increased penalties and more draconian enforcement systems in place, the government is poised to turn the enforcement business into an even more lucrative proposition.  The stage is set with laws that increase penalties to such an astronomical level that even a much less than certain case will be settled rather that risk being dragged through a proceeding that a provider is likely to lose in the end.

The Danger of Whistleblower Claimants

Whistleblowers also are incentivized to file cases as they seek to benefit personally from provider activity that may not fully conform to regulatory expectations. No provider is immune, no matter how effective its corporate responsibility program. For these reasons, all providers need experienced Compliance Counsel to assist them in trying to prevent regulatory violations, to determine the scope of and assist with correcting identified compliance issues and to defend them in the event they do become a target of government investigative activities.

Whistleblowers can come from a number of different places.  Disgruntled employees are a prime candidate to bring a whistleblower complaint.  How these complaints are handled is extremely important to minimizing their potential negative impact on you operations.  Once a Whistleblower attorney becomes financially committed to a case, they tend not to let go easily.  Settlement can be very difficult to attain on reasonable terms.  It is fair to say that in many cases the government gives more latitude to settle cases if the provider cooperates.

There are some reasonable government enforcement individuals who appropriately utilize their discretion when a provider cooperates and has not intentionally bilked the system.  Whistleblowers on the other hand, have their sites set on the full maximum amount of calculated False Claims Act damages.  They are looking for a pay day.  We can help you avoid this type of situation altogether by helping establish an effective compliance program that takes appropriate action to mitigate exposure if infractions are discovered.

General Compliance Counsel Services

We act as general compliance counsel to numerous health care providers and companies as well as business in other industries such as transportation, finance, manufacturing, securities, and other industry areas.  Ruder Ware represents businesses with worldwide operations who we routinely counsel regarding the impact of anti-bribery laws and other laws that impact international operations.  Our multidisciplinary approach enables us to apply our expertise in compliance process and investigations to various industry sectors that are represented by other attorneys in our firm who have extensive knowledge of the regulatory requirements that impact their business or industry sector.  For example, we have applied our compliance knowledge with our significant clientele in the transportation industry, paper manufacturing industry, financial sector, and heavy manufacturing for international distribution.

Roots in the Highly Regulated and Ever Changing Health Care Industry

Our compliance practice got its start primarily in the health care industry and has flourished into other areas building on our experience and success in health care.  The health care industry has historically been out in front of many other industries which enabled our firm to get into the compliance service industry early and gained significant experience that has served our team well. Our compliance team has gained substantial experience handling compliance that impact the Federal False Claims Act, Civil Monetary Penalties Law, Stark Law and Anti-Kickback Statute. We routinely counsel our clients on how to apply systems to proactively comply with a multitude of regulations that apply to their regulations.  We recommend processes that apply to all types of health care providers and across all industry sectors.

Proactive and Aggressive Risk Identification Process

Our recommended process creates a “living and breathing” process that is continually at work within an organization to identify potential risk areas.  Those identified areas where risk is likely to be present can then be further analyzed to ascertain the types of potential risks and a behaviors that create those risks.  A process can then be applied to mitigate risk through establishment of policies and procedures, checklists, and process flow that are intended to reduce risk.  Employees are trained on these processes and monitoring and auditing occurs to assure that processes are being regularly followed.  The entire process must be documented to the detail.  If incidents occur in spite of the risk reduction process, proof of the proactive activities that were taken to prevent these occurrences will be of great assistance in mitigating the negative consequences of the discovered infraction.  Generally, self disclosure, with confidence that you are backed up by a continually operating compliance system are your best defensing most cases to the negative consequences of the discovered non-compliance.

Compliance Program Development and Assessment

Our compliance attorneys have experience creating and implementing compliance programs to fit the specific needs of our business and health care clients.  Compliance programs are not “one size fits all.”  A program must be tailored to address the specific risks that are presented by the type and scope of business.   We are adept at creating solutions that leverage compliance resources to achieve the most efficient and effective compliance operation.  We have developed compliance programs for national and multinational business in a variety of industries.  We have also helped small businesses develop compliance programs that are scaled to the size of their businesses and the resources that are necessary to mitigate compliance risk.  Contrary to some professional, legal forms sites, and novice compliance professionals, there is no single set of forms that can be used to craft a proper compliance program.  Some elements are common in most plans, but the failure to customize a compliance program to the specific business is perhaps the most common mistake that can be made and results in a major threat to the effectiveness of the program and the ability to use the program to mitigate potential legal exposure.

In additions to creating compliance program structures, Ruder Ware’s compliance team has developed a series of comprehensive compliance program assessment and effectiveness tools that we use to identify gaps in compliance program operations.  We use a systematic approach to evaluating compliance programs to assure that they are operated effectively to identify and mitigate compliance risk.  A compliance program is of little value if it cannot be demonstrated to be effective.  We can provide an independent, detailed and systematic evaluation of any compliance program.  The results of this assessment can be integrated into the compliance cycle to enhance effectiveness and improve efficiencies.  We also use variations on this process to assist clients in creating compliance work plans that identify and prioritize compliance operations, audit and monitoring areas, and achievement of specific compliance goals.

Our compliance attorneys are active in national compliance organizations.  We are also committed to maintaining active certifications in compliance and ethics as a means to assure that we are up to date on legal and regulatory requirements as well as the standards that must be met to achieve effective compliance operations.

Internal Compliance Audits Under the Attorney-Client Privilege/Work Product Doctrine

We regularly work through the attorney-client privilege and work product doctrine, as necessary, to internally investigate compliance issues with the provider. We are familiar with the intricacies of various state and federal laws that relate to privilege.  We are also attuned to enforcement policies relating to waiver of privilege and the relationship of privilege to the ability to secure cooperation credit from investigative agencies.

Privilege issues are intricately involved with internal investigations and we take great pains to assure that the process that we use to conduct investigation maintain privilege to the greatest extent possible.  In order to maintain privilege, it is generally necessary to retain outside counsel to direct and control the investigation including securing necessary consultants, experts, and support personnel.  We have relationships with external support consultants and experts in several industries and technical areas.

Educating Clients and Their Employees On Compliance Related Issues

Education of staff is a critical element of an effective compliance program.  Without training individuals within the organization, a compliance plan is little more than a set of policies gathering dust on a shelf.

Our compliance team can assist clients in creating training systems, preparing training material, and performing training programs.  Out compliance attorneys will often provide training sessions on compliance oversight responsibilities to the Board of Directors of a company or to key committee members, officers, and upper management staff.  It is critical for the success of a compliance program that there be acceptance from the top of the organization.  This is where the environment of compliance is created.

We have assisted clients conducting in person compliance training and have conducted web based compliance training modules in basic and special compliance subject areas.  We have also been called in to provide training as part of a corrective action program after compliance risks are detected.  We are also involved in specialized training on issues such as Stark Law compliance, physician compensation, and other issues that are unique to the provider but present unusually complex regulatory requirements.

Extension to Provider Certification and Deficient Surveys

In addition to providing proactive compliance advice, our team provides legal representation in connection with deficiency reports and survey findings.  We can assist providers through the informal dispute resolution process in connection with state and federal surveys.  In cases of serious deficiencies we can represent providers in the appeal process and related proceedings.  Where Civil Monetary Penalties are assessed, we can often negotiate as part of the appeal process for a reduction in penalties, severity or scope of findings.   In extreme cases, deficiencies can also involve overpayments and self-disclosure.  We have can assist providers in the assessment of whether a self-disclosure may be necessary and in appropriate cases, we can conduct the necessary investigations and prepare self disclosure submissions.

Other  Areas Handled By Compliance Team

Although our compliance practice grew originally out of our health care practice, it now extends beyond the health care industry into manufacturing, global transportation, relocation services, financial institutions, and other industry segments.  Our systematic approach to compliance can be applied to virtually any industry together with regulatory experts in that area.

Our health care compliance attorney has also received certification in Corporate Compliance and Ethics which includes global compliance issues.  We are routinely called upon to apply our industry and compliance knowledge to develop compliance operations across a variety of industries.

Beyond the false claim and fraud and abuse inquiries, our compliance team also routinely handles a number of other regulatory compliance matters such as provider certification, provider specific requirements, Sarbanes-Oxley and international compliance areas such as the Foreign Corrupt Practices Act, the UK Anti-Bribery Act, and a variety of other laws that require  effective compliance efforts application to identify and systematically address mitigation of risk.

Government Investigations and Defense

Federal and state governmental regulatory agencies have become very aggressive in investigating and prosecuting compliance failures.  Our compliance investigation team can conduct internal investigations and can often work with governmental agencies to coordinate investigative functions.   We can assist providers who are under scrutiny of the governmental in formulating a proper response to governmental audits, formal and informal investigations, subpoenas and other information requests. We can work with provider clients to shape appropriate response depending on the issues involved and the positions and approach being taken by governmental authorities.  We are also able to coordinate internal investigations to assure that privilege is retained where necessary and to preserve the ability to obtain cooperation credit from the government.

Compliance With Voluntary Self Disclosure Protocols and Process

We have experience with the self disclosure protocol and processes established by the Office of Inspector General and Center for Medicare and Medicaid Services.  We have assisted clients in the assessment of potential compliance risks to determine whether self-disclosure is necessary or appropriate.   We have also conducted investigations of various issues to assess the nature and extent of potential risk.  When it is determined that self disclosure is prudent, we assist clients in preparing necessary disclosure documents and support.  We also interact with governmental agencies to resolve issues through self-disclosure.

Compliance Team Subject Areas

  • Compliance Plan Structure and Operation
  • Compliance Auditing and Monitoring Programs
  • Compliance Work Plan and Task Prioritization
  • Risk Area identification, Scoring and Prioritization
  • Compliance Process Trainings
  • Compliance Risk Area Specific Training
  • Regulatory Interpretation and Guidance
  • Structuring Policies and Procedures
  • Governmental Investigations
  • Internal Investigations
  • Cooperation and Coordination With Governmental Investigators
  • Joint Defense Agreements and Cooperation With Joint Defendants
  • Civil Monetary Defense and Appeal
  • Foreign Corrupt Practices Act
  • International Anti-Bribery Law Compliance
  • Compliance Coordination with Subcontractors and Downstream Entities
  • Health Care Compliance Issues
  • Transportation and Global Relocation Compliance
  • Privacy Act and Health Information Compliance
  • False Claims Act Investigations and Enforcement Actions
  • Survey, Certification and Deficiency Citations
  • Breach Disclosure Assessment and Notification

 

John H. Fisher, CHC, CCEP is a health care attorney at the Ruder Ware law firm.  John is actively involved representing clients on legal and compliance issues.  He has represented clients in creating compliance programs and in a variety of operational issues.  He also assists providers in addressing risk areas and potential compliance issues including preparing self-disclosure and working with the government to resolve disclosed compliance issues and overpayment.  John consults as a subject matter expert and provider legal backup to other attorneys and law firms from around the country on specialized compliance, regulatory and health care issues.  John has followed legal issues impacting health care provider for over 25 years.  As such, he is knowledgeable on the current legal standards as well as the historic perspective that is often relevant to an appropriate analysis. 

US Attorney Manual Updated to Incorporate Yates Memorandum

Tuesday, November 1st, 2016

DOJ Directives Incorporating the Yates Principles

This is the third installment on our blog series covering the Yates memorandum and changes in Federal policy regarding prosecution of individuals for corporate wrongdoing.

In September of 2016, the DOJ issued revisions to its Manual used to provide guidance to U.S. Attorneys.  The revisions include the directives set forth in the Yates Memorandum together with subsequent clarification that was provided by the DOJ.  The revision to the Manual added a new section entitled “Focus on Individual Wrongdoers.”   The individual wrongdoer sections of the Manual cover the general principles that were set forth in the Yates Memorandum as well as revisions reflecting the new concepts regarding corporate cooperation credit, privilege assertion, and cooperation between criminal and civil enforcement authorities.

The Manual revisions should indicate the seriousness of this issue.  The Manuals are used as a primary reference by prosecutors across the country who are responsible for prosecuting corporate wrongdoing.  The revisions indicate that the DOJ is making the concepts included in the Yates memorandum into operational policy.  Agents will be judged and reviewed on their effectiveness complying with this policy.  This action is a clear indication that the Yates concepts are real.  We can expect a much higher degree of scrutiny on individual corporate wrongdoing.

As stressed in previous blog articles, companies must review their policies and procedures for investigating potential wrongdoing and implement changes that mitigate their risk in view of the new Federal policy.

How Should Compliance Process Integrate the Yates Memorandum?

Thursday, September 29th, 2016

Compliance Process and the Yates Memorandum?

Yates Memorandum Compliance Investigation ProcessThe controversial Yates memorandum is one of the most significant policy changes to ever come out of the Department of Justice.  Companies in virtually every industry should be examining their practices in view of the significant shift in emphasis of Federal prosecutors.

Here are a few points that suggest actions that should be taken by compliance officers and other corporate officers in reaction with the new Federal policy.

1.     The Yates memorandum is a “board-worthy” issue.  Board members and upper management must all be advised of the new DOJ position and the impact on their responsibilities and the compliance process.  The stakes involved in corporate wrongdoing have clearly been raised by Federal prosecutors.  This is serious business.

2.     Significant committees should be advised and integrate these principles into their activities.

3.     Internal investigation process must be amended in a number of ways, some specific to new steps that are required to be taken and to stress the importance of investigating individual wrongdoing.

4.     The process and flow of addressing internal investigations must be reviewed and in many cases revised to meet the new requirements.  A new triage step must be added to the analysis of the investigation process to determine whether there is any potential individual wrongdoing that should be investigated and disclosed.

5.     The dynamics between lower level wrongdoers and the company may be changed because of the increased probability of individual prosecution and the need for the company to disclose all information relating to individual liability.   This will require companies to investigate employees much more frequently.

6.     The need to assure that UpJohn warnings are provided to employees who may have individual liability is increased.  This should be reflected with specific provisions in the investigation process.   It is critical that evidence obtained through internal investigation not be “contaminated” by not giving proper notifications to subjects.  Contamination of evidence could have a negative impact on eligibility for cooperation credit from Federal prosecutors.

7.     Investigation process and procedures need to be reviewed and made air tight.  Detailed investigation steps should be laid out in the investigation policy and supporting documents.  The UpJohn process should be memorialized in investigation policies and procedures to reflect the need for companies to take more intense actions to investigate employees.  No specific changes are required in the UpJohn process, but the process must be well defined and systematized.  Many companies do not specifically address the need to give UpJohn warnings in their investigation policies.

8.     Investigation reports must cover each and every potential subject of the investigation and all relevant information should be disclosed in the report.   The investigation of each potential subject must be taken to a conclusion regarding potential individual wrongdoing.

9.    Yates requires a complicated privilege analysis which should also be considered for inclusion in policies and procedures.  Clarification provided by Federal prosecutors following issuance of the initial Yates Memorandum provides a degree of guidance about what information can be privileged and what cannot.

10.     Broad knowledge of the new Federal focus on individual accountability should be provided within the organization.  Employees and contractors should be advised of the new investigation policies and processes that will apply if an investigation is necessary.  All should understand what will occur if they become the subject of a Federal or internal investigation.

11.    Corporate liability will be influenced by the compliance process, tone from the top, effectiveness of the compliance process and other indications of an effective compliance program.  Individual liability will be largely based on the elements of the potential infraction.  Investigation process must include an analysis of the elements of the potential infraction with respect to each potential subject of an investigation.  Investigation reports and forms should be adjusted to assure that these standards are consistently maintained.  Evidence should be organized and attributed to each applicable subject in support of investigative conclusions.

12.    Compliance officers must educate individuals within the organization regarding the seriousness of these developments.  The best outcome is that individuals will take their role in preventing wrongdoing more seriously and will proactively operate in a manner that makes it unlikely that wrongdoing will ever occur.

For more information regarding the Yates Memorandum and other compliance and health law issues, stay tuned to our blog.

John H. Fisher

Health Care Counsel
Ruder Ware, L.L.S.C.
500 First Street, Suite 8000
P.O. Box 8050
Wausau, WI 54402-8050

Tel 715.845.4336
Fax 715.845.2718

Ruder Ware is a member of Meritas Law Firms Worldwide

Search
Disclaimer
The Health Care Law Blog is made available by Ruder Ware for educational purposes and to provide a general understanding of some of the legal issues relating to the health care industry. This site does not provide specific legal advice and you should not use the information contained on this site to address your specific situation without consulting with legal counsel that is well versed in health care law and regulation. By using the Health Care Law Blog site you understand that there is no attorney client relationship between you and Ruder Ware or any individual attorney. Postings on this site do not represent the views of our clients. This site links to other information resources on the Internet; these sites are not endorsed or supported by Ruder Ware, and Ruder Ware does not vouch for the accuracy or reliability of any information provided therein. For further information regarding the articles on this blog, contact Ruder Ware through our primary website.