Health Law Blog - Healthcare Legal Issues

Posts Tagged ‘compliance attorney’

Health Care Compliance Attorney – Certified CHC Lawyer

Tuesday, January 10th, 2017

Health Care Compliance Attorney

Compliance Representation – Certified Health Care Compliance

The Ruder Ware Compliance Team provides a variety of compliance-related services across a number of industry sectors.  Our compliance practice in the health care industry is lead by Attorney John Fisher.  John is a practicing health care attorney who has substantial expertise in the compliance area.  He is certified in both Health Care Compliance and Corporate Compliance and Ethics.

Aggressive Governmental Fraud and Abuse Investigations

Government enforcement practices and ever changing regulatory requirements require health care providers of all types and specialties to function in a highly complex environment.  Government enforcement operates under a “return on investment” mentality which leads to extremely aggressive and sometimes unfairly overbroad enforcement actions.  This leaves even the most well intentioned health care provider feeling targeted and overburdened with regulatory requirements.

Ruder Ware Provides a Full Range of Compliance Services

The Ruder Ware compliance team has provided a broad range of compliance related legal services to a wide range of health care providers such as hospitals, mental health programs, skilled nursing facilities, ambulatory surgery centers, a variety of medical groups, diagnostic facilities, home health care providers, personal care agencies, clinically integrated provider groups, accountable care organizations and other providers.  Each provider that we represent has unique features and characteristics that require creative approaches to mitigate the impact of overzealous governmental enforcement and private whistleblowers.

We Help You Prepare for an Eventual External Examination of Your Compliance Process

Our compliance practice functions under the philosophy that all providers will eventually be called upon to defend their compliance programs.  This may come through a self-disclosure after an infraction that is discovered through self assessment or audit.  Less ideally, it could come from a money hungry whistleblower who will not let go of a case until there is a payday.  It could also come at the hands of a government criminal or civil prosecutor.  Regardless of the source of challenge, at some point in the future, a compliance program will be put to the test.  When this happens, it must be effective to detect and correct potential compliance problems.  This requires both a well designed plan.  It also requires a showing that the plan is actively operating to identify risk areas, audit for anomalies in areas where risk may be present, and comes full circle to take appropriate action to correct potential problems that are identified.  If this is happening when your time comes; when your compliance program is put to the test, you will have gone a long ways toward mitigation of potential negative consequences.

Penalties Are Increasing and the Scope Activity Considered Abusive Continues to Expand

Some may wonder how the government plans to pay for changes in the health care system.  One of the primary sources of payment in the future will be through enforcement of actual or perceived fraud and abuse.  Currently, the Federal government received an 800% return on every dollar that it invests on pursuing health care fraud and abuse.  With increased penalties and more draconian enforcement systems in place, the government is poised to turn the enforcement business into an even more lucrative proposition.  The stage is set with laws that increase penalties to such an astronomical level that even a much less than certain case will be settled rather that risk being dragged through a proceeding that a provider is likely to lose in the end.

The Danger of Whistleblower Claimants

Whistleblowers also are incentivized to file cases as they seek to benefit personally from provider activity that may not fully conform to regulatory expectations. No provider is immune, no matter how effective its corporate responsibility program. For these reasons, all providers need experienced Compliance Counsel to assist them in trying to prevent regulatory violations, to determine the scope of and assist with correcting identified compliance issues and to defend them in the event they do become a target of government investigative activities.

Whistleblowers can come from a number of different places.  Disgruntled employees are a prime candidate to bring a whistleblower complaint.  How these complaints are handled is extremely important to minimizing their potential negative impact on you operations.  Once a Whistleblower attorney becomes financially committed to a case, they tend not to let go easily.  Settlement can be very difficult to attain on reasonable terms.  It is fair to say that in many cases the government gives more latitude to settle cases if the provider cooperates.

There are some reasonable government enforcement individuals who appropriately utilize their discretion when a provider cooperates and has not intentionally bilked the system.  Whistleblowers on the other hand, have their sites set on the full maximum amount of calculated False Claims Act damages.  They are looking for a pay day.  We can help you avoid this type of situation altogether by helping establish an effective compliance program that takes appropriate action to mitigate exposure if infractions are discovered.

General Compliance Counsel Services

We act as general compliance counsel to numerous health care providers and companies as well as business in other industries such as transportation, finance, manufacturing, securities, and other industry areas.  Ruder Ware represents businesses with worldwide operations who we routinely counsel regarding the impact of anti-bribery laws and other laws that impact international operations.  Our multidisciplinary approach enables us to apply our expertise in compliance process and investigations to various industry sectors that are represented by other attorneys in our firm who have extensive knowledge of the regulatory requirements that impact their business or industry sector.  For example, we have applied our compliance knowledge with our significant clientele in the transportation industry, paper manufacturing industry, financial sector, and heavy manufacturing for international distribution.

Roots in the Highly Regulated and Ever Changing Health Care Industry

Our compliance practice got its start primarily in the health care industry and has flourished into other areas building on our experience and success in health care.  The health care industry has historically been out in front of many other industries which enabled our firm to get into the compliance service industry early and gained significant experience that has served our team well. Our compliance team has gained substantial experience handling compliance that impact the Federal False Claims Act, Civil Monetary Penalties Law, Stark Law and Anti-Kickback Statute. We routinely counsel our clients on how to apply systems to proactively comply with a multitude of regulations that apply to their regulations.  We recommend processes that apply to all types of health care providers and across all industry sectors.

Proactive and Aggressive Risk Identification Process

Our recommended process creates a “living and breathing” process that is continually at work within an organization to identify potential risk areas.  Those identified areas where risk is likely to be present can then be further analyzed to ascertain the types of potential risks and a behaviors that create those risks.  A process can then be applied to mitigate risk through establishment of policies and procedures, checklists, and process flow that are intended to reduce risk.  Employees are trained on these processes and monitoring and auditing occurs to assure that processes are being regularly followed.  The entire process must be documented to the detail.  If incidents occur in spite of the risk reduction process, proof of the proactive activities that were taken to prevent these occurrences will be of great assistance in mitigating the negative consequences of the discovered infraction.  Generally, self disclosure, with confidence that you are backed up by a continually operating compliance system are your best defensing most cases to the negative consequences of the discovered non-compliance.

Compliance Program Development and Assessment

Our compliance attorneys have experience creating and implementing compliance programs to fit the specific needs of our business and health care clients.  Compliance programs are not “one size fits all.”  A program must be tailored to address the specific risks that are presented by the type and scope of business.   We are adept at creating solutions that leverage compliance resources to achieve the most efficient and effective compliance operation.  We have developed compliance programs for national and multinational business in a variety of industries.  We have also helped small businesses develop compliance programs that are scaled to the size of their businesses and the resources that are necessary to mitigate compliance risk.  Contrary to some professional, legal forms sites, and novice compliance professionals, there is no single set of forms that can be used to craft a proper compliance program.  Some elements are common in most plans, but the failure to customize a compliance program to the specific business is perhaps the most common mistake that can be made and results in a major threat to the effectiveness of the program and the ability to use the program to mitigate potential legal exposure.

In additions to creating compliance program structures, Ruder Ware’s compliance team has developed a series of comprehensive compliance program assessment and effectiveness tools that we use to identify gaps in compliance program operations.  We use a systematic approach to evaluating compliance programs to assure that they are operated effectively to identify and mitigate compliance risk.  A compliance program is of little value if it cannot be demonstrated to be effective.  We can provide an independent, detailed and systematic evaluation of any compliance program.  The results of this assessment can be integrated into the compliance cycle to enhance effectiveness and improve efficiencies.  We also use variations on this process to assist clients in creating compliance work plans that identify and prioritize compliance operations, audit and monitoring areas, and achievement of specific compliance goals.

Our compliance attorneys are active in national compliance organizations.  We are also committed to maintaining active certifications in compliance and ethics as a means to assure that we are up to date on legal and regulatory requirements as well as the standards that must be met to achieve effective compliance operations.

Internal Compliance Audits Under the Attorney-Client Privilege/Work Product Doctrine

We regularly work through the attorney-client privilege and work product doctrine, as necessary, to internally investigate compliance issues with the provider. We are familiar with the intricacies of various state and federal laws that relate to privilege.  We are also attuned to enforcement policies relating to waiver of privilege and the relationship of privilege to the ability to secure cooperation credit from investigative agencies.

Privilege issues are intricately involved with internal investigations and we take great pains to assure that the process that we use to conduct investigation maintain privilege to the greatest extent possible.  In order to maintain privilege, it is generally necessary to retain outside counsel to direct and control the investigation including securing necessary consultants, experts, and support personnel.  We have relationships with external support consultants and experts in several industries and technical areas.

Educating Clients and Their Employees On Compliance Related Issues

Education of staff is a critical element of an effective compliance program.  Without training individuals within the organization, a compliance plan is little more than a set of policies gathering dust on a shelf.

Our compliance team can assist clients in creating training systems, preparing training material, and performing training programs.  Out compliance attorneys will often provide training sessions on compliance oversight responsibilities to the Board of Directors of a company or to key committee members, officers, and upper management staff.  It is critical for the success of a compliance program that there be acceptance from the top of the organization.  This is where the environment of compliance is created.

We have assisted clients conducting in person compliance training and have conducted web based compliance training modules in basic and special compliance subject areas.  We have also been called in to provide training as part of a corrective action program after compliance risks are detected.  We are also involved in specialized training on issues such as Stark Law compliance, physician compensation, and other issues that are unique to the provider but present unusually complex regulatory requirements.

Extension to Provider Certification and Deficient Surveys

In addition to providing proactive compliance advice, our team provides legal representation in connection with deficiency reports and survey findings.  We can assist providers through the informal dispute resolution process in connection with state and federal surveys.  In cases of serious deficiencies we can represent providers in the appeal process and related proceedings.  Where Civil Monetary Penalties are assessed, we can often negotiate as part of the appeal process for a reduction in penalties, severity or scope of findings.   In extreme cases, deficiencies can also involve overpayments and self-disclosure.  We have can assist providers in the assessment of whether a self-disclosure may be necessary and in appropriate cases, we can conduct the necessary investigations and prepare self disclosure submissions.

Other  Areas Handled By Compliance Team

Although our compliance practice grew originally out of our health care practice, it now extends beyond the health care industry into manufacturing, global transportation, relocation services, financial institutions, and other industry segments.  Our systematic approach to compliance can be applied to virtually any industry together with regulatory experts in that area.

Our health care compliance attorney has also received certification in Corporate Compliance and Ethics which includes global compliance issues.  We are routinely called upon to apply our industry and compliance knowledge to develop compliance operations across a variety of industries.

Beyond the false claim and fraud and abuse inquiries, our compliance team also routinely handles a number of other regulatory compliance matters such as provider certification, provider specific requirements, Sarbanes-Oxley and international compliance areas such as the Foreign Corrupt Practices Act, the UK Anti-Bribery Act, and a variety of other laws that require  effective compliance efforts application to identify and systematically address mitigation of risk.

Government Investigations and Defense

Federal and state governmental regulatory agencies have become very aggressive in investigating and prosecuting compliance failures.  Our compliance investigation team can conduct internal investigations and can often work with governmental agencies to coordinate investigative functions.   We can assist providers who are under scrutiny of the governmental in formulating a proper response to governmental audits, formal and informal investigations, subpoenas and other information requests. We can work with provider clients to shape appropriate response depending on the issues involved and the positions and approach being taken by governmental authorities.  We are also able to coordinate internal investigations to assure that privilege is retained where necessary and to preserve the ability to obtain cooperation credit from the government.

Compliance With Voluntary Self Disclosure Protocols and Process

We have experience with the self disclosure protocol and processes established by the Office of Inspector General and Center for Medicare and Medicaid Services.  We have assisted clients in the assessment of potential compliance risks to determine whether self-disclosure is necessary or appropriate.   We have also conducted investigations of various issues to assess the nature and extent of potential risk.  When it is determined that self disclosure is prudent, we assist clients in preparing necessary disclosure documents and support.  We also interact with governmental agencies to resolve issues through self-disclosure.

Compliance Team Subject Areas

  • Compliance Plan Structure and Operation
  • Compliance Auditing and Monitoring Programs
  • Compliance Work Plan and Task Prioritization
  • Risk Area identification, Scoring and Prioritization
  • Compliance Process Trainings
  • Compliance Risk Area Specific Training
  • Regulatory Interpretation and Guidance
  • Structuring Policies and Procedures
  • Governmental Investigations
  • Internal Investigations
  • Cooperation and Coordination With Governmental Investigators
  • Joint Defense Agreements and Cooperation With Joint Defendants
  • Civil Monetary Defense and Appeal
  • Foreign Corrupt Practices Act
  • International Anti-Bribery Law Compliance
  • Compliance Coordination with Subcontractors and Downstream Entities
  • Health Care Compliance Issues
  • Transportation and Global Relocation Compliance
  • Privacy Act and Health Information Compliance
  • False Claims Act Investigations and Enforcement Actions
  • Survey, Certification and Deficiency Citations
  • Breach Disclosure Assessment and Notification


John H. Fisher, CHC, CCEP is a health care attorney at the Ruder Ware law firm.  John is actively involved representing clients on legal and compliance issues.  He has represented clients in creating compliance programs and in a variety of operational issues.  He also assists providers in addressing risk areas and potential compliance issues including preparing self-disclosure and working with the government to resolve disclosed compliance issues and overpayment.  John consults as a subject matter expert and provider legal backup to other attorneys and law firms from around the country on specialized compliance, regulatory and health care issues.  John has followed legal issues impacting health care provider for over 25 years.  As such, he is knowledgeable on the current legal standards as well as the historic perspective that is often relevant to an appropriate analysis. 

HCCA Compliance Institute Presentation On Compliance Role In Mergers and Acquisitions

Friday, May 3rd, 2013

John Fisher Presents at National Health Care Compliance Institute in Washington, D.C.

John Fisher, JD, CHC

John Fisher, JD, CHC, CCEP

Ruder Ware health care and compliance attorney John Fisher was a featured speaker at the Health Care Compliance Association’s 2013 Compliance Institute.  The Institute was attended by nearly 3,000 compliance officers, attorneys, and vendors from across the country.  Mr. Fisher spoke on the topic “Compliance Issues in Mergers and Acquisitions.”

Mr. Fisher is certified in Health Care Compliance by the Health Care Compliance Association and in Corporate Compliance and Ethics by the Society for Corporate Compliance and Ethics.

Mr. Fisher’s presentation covered some of the following issues:

  • The role of the compliance officer in mergers and acquisitions.
  • Compliance related due diligence requests.
  • The scope of compliance due diligence.
  • Successor liability and assumption of liabilities by purchasers.
  • Compliance impact of deal structure and agreement terms.
  • Compliance effectiveness reviews in mergers and acquisitions.
  • Common due diligence compliance risk areas.


For more information on compliance and health law issues, visit our health care law blog at

OIG Issues 2013 Annual Work Plan, Outlines Areas of Focus for Fiscal Year Ahead

Wednesday, October 10th, 2012

OIG 2013 Annual Work Plan Summary 

            Medical Practice Compliance Programs  The Office of Inspector General of the Department of Health of Health and Human Services (“OIG”) has published their annual work plan for the 2013 fiscal year (“2013 Work Plan”).  The Work Plan focuses on areas where OIG plans to focus significant resources during the 2013 fiscal year.  The 2013 Work Plan creates opportunities for providers to get a glimpse of what the OIG feels is important and to integrate these areas into their ongoing compliance activities.

              This update will briefly summarize some of the new issues that were added this year.  It is not a comprehensive description of all items that are on the OIG’s radar.  Providers are advised to review the entire 2013 Work Plan plus the work plans from the past several years to get a more complete picture of issues that the OIG feels are important.

Hospital-Related Issues

1.           Expansion of DRG Payment Window.  OIG states its intent is to analyze claims data to determine whether any savings could be achieved by bundling outpatient services that are delivered up to 14 days before a hospital inpatient admission.  Current Medicare policy bundles outpatient services that are delivered three days prior to inpatient admission into the “DRG window.”

2.           Provider-Based Status of Hospital on Physician Practices.  There is currently an incentive for a physician group to bill as a provider-based physician practice where there are ties to a hospital.  The OIG will be reviewing the appropriateness of physician practices who are billing as “provider-based” groups without meeting all of the necessary criteria.

3.           Medicare Transfer Policy.  The OIG will review Medicare payments made to hospitals for beneficiary discharges that should more appropriately have been coded as transfers.  Hospitals that transfer beneficiaries to another facility are not entitled to the full DRG payment that is due when a patient is properly discharged.  This creates an incentive for hospitals to code for a discharge when the patient is actually being transferred to another facility.  The OIG will be reviewing hospital billings to look for inappropriate “discharge” classifications.  Hospitals should audit their discharge and transfer practices to be certain that they are properly coding transfers where applicable.

4.           Payment for Discharges to Swing Beds and Other Hospitals.  Currently, Medicare does not reduce the DRG amount that is paid when a patient transfer is made into a “swing bed,” even when the “swing bed” is located in a separate facility.  The OIG will be reviewing this practice to determine whether any savings can come from reducing DRG payments when the swing bed transfer is made to another facility.

5.           Hospital Payments for Canceled Surgical Procedures.  The OIG will be reviewing payments that are made for canceled surgical procedures which are then followed by a second payment for a rescheduled procedure.  Current Medicare policy does not preclude payments for claims when there is an inpatient stay followed by canceled surgical procedure.  CMS will be reviewing this policy to determine whether savings can be made in this area.

6.           Payments from the Mechanical Ventilation.  CMS will be reviewing Medicare payments for mechanical ventilation.  Patients are required to receive 96 hours of mechanical ventilation in order to be eligible for payments under the DRG system.

7.           Improve An Organization Work With Hospital.  OIG will be reviewing the extent that Quality Improvement Organizations have worked with hospitals to conduct quality improvement projects and to provide technical assistance.

8.           Hospital Acquisition of Ambulatory Surgery Centers.  OIG will be reviewing hospital acquisitions of ambulatory surgery centers to determine whether these centers are being acquired as a method to increase reimbursement.  ASC services that are provided as in an outpatient department of the hospital are reimbursed at higher rates than independently owned an ambulatory surgery centers.

9.           Critical Access Hospital Payments for Swing Bed Services.  Critical access hospitals are able to designate a portion of the 25 bed allotment for use as acute care or swing bed services with CMS’s approval.  There is no limitation on the length of stay that is permitted for swing bed utilization.  The OIG will be reviewing this policy to determine whether reimbursement changes are required in this area.

Long Term Care Issues

1.           Long-Term Care Hospital Interrupted State Payments.  The OIG will be reviewing Medicare payments for interrupted stays in long-term care hospitals for the year 2011.  They will be identifying readmission patterns to determine whether the long-term care hospital’s re-admittance policies are in compliance with rules.

2.           Nursing Home Verification of State Agency Deficiency Corrections.  The OIG will be determining whether state survey agencies properly followed up and verified fulfillment of corrective action plans for deficiencies and identified during nursing home recertification surveys.  The OIG is concerned that state survey agencies may not always be verifying that identified deficiencies were properly corrected.

3.           Nursing Home Use of Atypical Antipsychotic Drugs.  The OIG will be reviewing administration of atypical antipsychotic drugs to nursing home residents.  The OIG will describe characteristics associated with nursing homes that frequently administer atypical antipsychotic drugs.

4.           Nursing Home Minimum Data Set Submissions.  OIG will determine whether CMS and state agencies oversee the accuracy and completion of minimum data sets that are submitted for nursing facilities.

Home Health Care

1.           Home Health Agency Face-To-Face Requirements.  OIG will be reviewing Medicare eligible home health services to be certain that face-to-face encounters are taking place as required under the Patient Protection and Affordable Care Act.  Previous studies indicated that only 30% of beneficiaries had at least one face-to-face visit with the physician who ordered the home health.

2.           Criminal Background Checks By Home Health Agencies.  The OIG will be reviewing home health agencies to determine whether they are complying with state requirements that require criminal background checks to be conducted on home health applicants and employees.  Federal law requires compliance with state and local laws regarding criminal background checks.  In previous OIG reviews, 92% of nursing homes employed at least one individual with criminal convictions.

Medical Equipment Suppliers

1.           Accreditation of Medical Equipment Suppliers.  OIG will be reviewing CMS procedures for conducting validation surveys of medical equipment suppliers.  CMS is required to conduct validation surveys regarding beneficiary safety and quality of care that may place Medicare beneficiaries at risk.

2.           Payments for Power Mobility Devices.  A series of reviews will be conducted relative to power mobility devices.  Reviews will focus on whether Medicare payments made to suppliers were made in accordance with federal regulations and were “reasonable and necessary.”  OIG will also be reviewing payment methods to determine whether savings can be achieved by eliminating the option of a lump sum purchase and requiring leasing of some power mobility devices.

3.           Continuous Positive Airway Pressure Supplies.  CMS will be reviewing whether scheduling of replacement supplies is appropriate and whether changing the scheduling could avoid possible wasteful spending.  There is currently no national requirement for CPAP replacement schedules.

4.           Diabetes Testing Supplies.  There are a number of new areas identified for examination relating to diabetes testing supplies.  Providers involved in these areas should carefully review the new items that relate to diabetes management and testing.

Program Integrity

1.           Onsite Visits for Medical Providers in Supplier Enrollment and Reenrollment.  CMS has the right as it deems necessary to perform onsite inspections of providers who are enrolling in the Medicare program.  CMS is authorized to expand the role of unannounced pre-enrollment visits.  Reviews found that some 33% of medical equipment suppliers in South Florida do not maintain physical facilities.  OIG will be examining these requirements to determine whether additional site visits are appropriate.

2.           Improper Use of Commercial Mailboxes.  Medicare providers are required to establish a physical business location with a permanent visible sign and a specific street addresses.  Mailboxes alone or not permitted.  Recent evidence suggests that individuals attempting to defraud Medicare may be using commercial mailbox addresses for this purpose.  OIG will be reviewing providers and suppliers to determine whether their listed addresses match commercial mailbox addresses.

3.           Provider Subject To Debt Collection.  CMS will be determining whether payment should be rechanneled relative to providers who have been reported to the Department of Treasury for collection of overpayment refunds.

Physician Billing

1.           Payment for Personally Performed Anesthesia Services.  OIG will be reviewing anesthesia claims to determine whether they are supported in accordance with Medicare requirements.  In order for a provider to be reimbursed as a personally performed anesthesia service, proper information must be included on the claim and in the medical chart to verify the claim.  Service modifier “AA” is used in connection with anesthesia services that are personally perform.  QK modifiers are used for medical direction of two, three, four concurrent anesthesia services.  Providers using “AA” modifiers must be able to support the requirement for receiving 100% of the personally performed services.

2.           Questionable Ophthalmological Service Billings for 2011.  OIG will be reviewing claims data to identify questionable billings for ophthalmologic services during 2011.  They will review geographic locations and provider patterns where questionable billings are located.  The types of billing that will be examined were not identified.

3.           Electrodiagnostic Testing.  OIG will be reviewing questionable billing for electrodiagnostic testing and will be attempting to identify Medicare utilization rates and get different rates by provider specialty, diagnosis, and geographic areas.  OIG identifies electrodiagnostic testing as an area of potential inappropriate financial gain posing significant vulnerabilities to the Medicare program.


1.           Location Requirements for Rural Health Clinics.  Rural health clinics are required to meet basic location requirements.  CMS has not promulgated final regulations allowing removal of rural health clinics that did not meet location requirements.  OIG will be reviewing this procedure.

2.           Claims Processing Areas “G” Modifiers.  The OIG will determine the extent to which Medicare improperly paid claims from 2002 to 2011 where certain “G” modifiers were used.  “G” modifiers are used to indicate that Medicare denial is expected by the provider.  It has been identified that some payments were made to providers in spite of the use of these modifier codes.

3.           Analysis of Drug Shortage in Patient Safety Concerns.  The OIG will be examining the recent trend of drug shortages to determine whether there has been an effect on pricing of pharmaceuticals.  Suspicion of industry price manipulation appears to be the motivation behind this system.


              This is a brief summary of some of the areas that were described in the recent 2013 Work Plan.  For a more comprehensive discussion of these items, visit the website for the Office of Inspector General and download the complete fiscal year 2013 annual work plan.  It is highly advisable for compliance officers to examine the document in its entirety to determine what impact, if any, it will have on their compliance efforts for fiscal year 2013.  It is also good practice to review annual work plans for several previous years as part of the risk identification process.

              If there are any questions regarding these requirements or how they impact compliance programs and detailed requirements that are generally described in this document, please do not hesitate to contact John H. Fisher, II, Esq., CCEP, CHC.

Compliance Program Scale and Scope – Customizing Compliance to Your Organization

Friday, July 13th, 2012

Customization and Scalability of Compliance Programs

Creating a Compliance Program That is Right for Your Organization

An important part of developing an effective compliance program is to make the program scalable and effective for the operations of the specific provider.  In some ways, creating compliance program for a large health system is the easiest because you have the resources and breadth of operations to recommend everything; also known as the “kitchen sink” model.  The real art in my opinion comes when developing programs for smaller hospitals, physician groups and other organizations that do not have the resources to “do it all.”  Taking an overbroad approach to compliance with smaller organizations can actually create additional risk because you are creating a “roadmap” of items that are not being done and which you will never have the resources to complete.

Our job as compliance attorneys is to recommend systems that are workable within the resources and specific risk areas that are relevant to the provider.  This takes a level of judgment that is not necessary where the size and resources of the organization permit the “kitchen sink” approach to be taken.

The development of compliance programs for smaller organizations take a surgical approach.  Care must be taken to develop systems for identifying the risk areas that are specific to the organization.  Risks should be scored and prioritized and the results of this process should be included into a plan to accomplish audits, reviews or monitoring of the various identified risk areas.  Small organizations cannot hit every risk area during every budgeting cycle.  A longer term approach is called for with the most urgent risks requiring closer and faster review.  This all ties into the budgeting process.  The work plan needs to be adequately budgeted.  The size of the organization will have an effect on the amount that is budgeted for compliance.

The point of a compliance program is not that every problem area will be found.  It is most important that a logical system be developed that prioritizes risk and addresses risk areas in a logical fashion.  The other side of the coin is that a substantial organization should not hide behind lack of resources for not addressing significant risk areas.  A small physician practice is at one end of the spectrum.  A hospital system with several facilities, attached physician network, and an array of ancillary services would have little excuse for not allocating sufficient budget amounts to compliance to enable the organization to meet its compliance needs.

Issues of scalability also come into the general structure of the compliance program.  A small physician practice will not have the resources to hire a chief compliance officer.  Rather, a small practice might designate a partner or administrator as a “compliance responsible individual.”  On the other hand, a substantial hospital system should implement a robust structure including a full-time chief compliance officer, a compliance committee and compliance staff.  The compliance officer should not serve a dual role in positions that create an inherent conflict of interest such as general counsel, chief financial officer or chief operating officer.

Issues of scope and scalability are at the center of most compliance efforts.  These issues require careful and judiciously made decisions.  These decisions are important and must be faced by providers of all size, from the smallest medical practice through the largest health system as mandatory affective compliance programs become a requirement.

Effective Compliance Programs Are Important Says DOJ to HCCA

Monday, July 9th, 2012

compliance programs now mandatory

Assistant Attorney General, DOJ, Speaks Out On Compliance Programs

In the May issue of Compliance Today, the magazine of the Healthcare Compliance Association, there was an article containing an interview with Assistant Attorney General, Criminal Division, US Department of Justice, Lanny A. Breuer.  In response to questioning concerning what value there is to an organization’s compliance program, Mr. Breuer stated as follows:

Strong compliance programs help prevent illegal activity from occurring within the organization, and they ensure that any misconduct that does occur is uncovered quickly and handled responsibly. In recent years, the Justice Department has increased enforcement in several areas of white collar crime, so having an effective compliance program has never been more important than it is today.

This is yet another expression by the individuals who are charged with enforcing health care fraud laws that effective compliance programs are crucial.  Now that the Supreme Court has upheld that Affordable Care Act, mandatory compliance programs have a clear path to move forward.  I believe we wil start seeing regulations released implementing mandatory compliance program requirements over upcoming months.


Corporate Compliance and Ethics Week 2012

Monday, May 7th, 2012

Corporate Compliance and Ethics Week 2012

Use Corporate Compliance Week To Increase Aweness of Your Compliance Program

This week (May 6-12, 2012) has been designated as Corporate Compliance and Ethics Week by the Society of Corporate Compliance and Ethics and the Health Care Compliance Association.  Corporate Compliance Week is a great time for you to reinforce the message of compliance throughout your organization.  At a minimum you should use this opportunity to publicize your program, hot-line and reporting system and anti-retaliation policy. 

Some ideas to help you leverage Corporate Compliance Week to increase the visibility if your compliance program include:

– Send E-mail to all employees announcing that it is Corporate Compliance week.

– Release a special compliance week newsletter or alert.

– Publish a quiz about information that all employees should know about the compliance program.

– Release a message on compliance from the CEO and/or Compliance Officer.

– Have a breakfast, lunch or “meet and great” with a brief message about the compliance program.

– Post signs in break and other visible areas announcing Corporate Compliance Week and your compliance program.

– Hold a raffle and have employees complete a brief questionnaire on the basics of the compliance program in order to enter.

With a little creativity, you can make the most of Corporate Compliance and Ethics Week.  Your focus should be to enforce compliance as a positive element of your corporate culture.  Reinforce the message that the organization encourages reporting of compliance concerns through its reporting system and takes information that it receives seriously.  You should also reinforce the organizations intolerance for retaliation or retribution against parties that provide compliance information.

Take this opportunity to have fun with your compliance program and put a positive face on your efforts.  Take the information that you learn through the interactions that you have with employees to make improvements to your compliance program.

 Ruder Ware has an active Corporate Compliance and Ethics practice.  We counsel clients in a variety of industries, including healthcare, transportation, banking and manufacturing on various aspects of their compliance and ethics programs.  We assist clients in assessing the effectiveness of programs and suggesting steps to take in order to increase program effectiveness.  Ruder Ware is actively involved in the Society of Corporate Compliance and Ethics and the Health Care Compliance Association.  Two of our attorneys recently attended the Midwest meeting of the SCCE.  One of our attorneys is Certified in Healthcare Compliance through the Health Care Compliance Association.

Compliance Programs Come Center Stage As Government Tools Expand

Friday, April 20th, 2012

Health Care Compliance and Our Compliance Practice

John Fisher, CHC

Health care attorneys health lawThe current health care regulatory environment presents a high degree of risk to even the most well-intentioned provider.  Recent legal changes have made it even easier for the government to pursue what they believe to be improper activities.  The government is taking a “return on investment” approach to pursuing health care fraud and is coming out on the winning end of this game.  Reports state that the government collects approximately $15 for every $1 that they invest policing health care fraud.  In addition, Whistleblowers continue to bring a steady flow of cases against health care providers.  Even though there is a dispute over certain aspects of health care reform, the area where all ranges of the political spectrum appear to agree is on pursuing health care fraud.  Therefore, we cannot expect this climate of enforcement against health care providers to go away anytime soon.

 While the government continues with its “pay and chase” approach to health care fraud and overpayments, it is also integrating even more drastic measures into its bag of tools.  The government is now authorized to discontinue making payments to a provider altogether upon receiving any “credible allegation” of misconduct.  The allegation does not need to be proven to be true and there is not even a formal procedure to permit the provider to make its case.  Yet, the financial consequences of suspending payment can be devastating.

 Chances are very good that an individual provider will eventually have dealings with the government over some overpayment or fraud and abuse issue.  If you have not had to deal with an investigation, you are very fortunate.  Even the best intentioned providers will more likely than not need to deal with government scrutiny.  When that occurs, it serves the provider well to have an appropriately scaled compliance program that is being actively worked to identify risk areas, billing mistakes, and other possible difficulties.  Having an effective compliance program in place is the best way to turn the problem into something that is manageable, and turn it away from an enforcement action that can have grave consequences on operations and financial viability.

 At Ruder Ware, we have assembled a multidisciplinary team of attorneys to assist providers in compliance matters.  Our compliance team is lead by John H. Fisher, III, who is a seasoned health care attorney and is certified in health care compliance.  Our compliance team can assist providers through the process of structuring an appropriately scaled compliance program, reviewing existing compliance program for effectiveness, and assisting with ongoing operational issues related to compliance programs.

 Our compliance team brings a depth of experience in the wide range of compliance issues that affect various types of providers, such as the Federal False Claims Act, the Stark Law, Anti-Kickback Statute, Civil Monetary Penalties laws, and various legal and billing issues that pertain to the specific practice or provider.  We can suggest practical approaches for identifying specific risk areas and crafting plans to minimize risks in those areas.

 We are able to work with compliance departments to fashion methods for handling issues that arise through their compliance reporting systems, including the creation of corrective action plans.  We advise providers regarding identification, repayment of overpayments, and where necessary, self-disclosure of legal violations to the appropriate governmental agencies using self-disclosure protocols.

When compliance problems are identified, it is critical that providers take appropriate actions to make repayment, appropriately investigate, and craft a proper resolution that avoids reoccurring or deeper difficulties.  We are able to assist with these matters under the attorney-client privilege to determine the nature and scope of any discovered compliance concern.  We can direct investigations and take necessary steps to remedy the problem, all while maintaining client confidentiality.

As with any other legal issue, prevention is the best medicine.  Although we are equipped to assist providers as difficulties arise, we prefer to assist providers to ensure that their compliance programs are effective and appropriately tailored to the size and nature of their particular business.  Ruder Ware’s compliance team has experience conducting compliance effectiveness review and “gap analysis.”  This process involves in-depth due diligence review of matters relative to your compliance program, an assessment of the program, and specific recommendations aimed at making the compliance program more effective.

60 Repayment Rules, False Claims Act and Compliance Programs

Tuesday, March 13th, 2012

Proposed 60 Day Repayment Rules Push Providers Toward More Robust Compliance Programs

Health care attorneys health lawCMS has released a long awaited proposed rule defining provider obligations to report Medicare and Medicaid over-payments within 60 days of identification.  Section 6402 of the Patient and Program Protection Act created possible False Claims Act liability and possible program exclusion for the knowing concealment or avoidance of a repayment obligation.  The new proposed rule is intended to add definition to the general obligation that was included in the initial statutory provisions.  Section 6402 of PPACA requires providers to report and return over-payments within 60 days of identification.  The original statute broadly defined the provider obligations but did not provide specifics on several topics such as when an overpayment is deemed to be “identified” or how long providers were obligated to look back when identifying potential over-payments.

The Proposed Rule created an extremely onerous look-back period of ten years.  This means that providers will be obligated to report overpayment obligations that they discover which date back as far as ten years from the date of discovery.  The actual disclosure rules are somewhat less oppressive than the self disclosure rules that were already in place with regard to the Anti-kickback Statute and the Stark Law.  Nevertheless, many aspects of the proposed regulations, and in particular the ten year look-back rule, are likely to generate comments from affected parties. The specific requirements of the self disclosure rule leave much room for debate over several issues such as the level of detail that is required to be included in the disclosure.  There will certainly be a lot of debate at upcoming conferences that begin to dissect the specifics of the proposed regulations. 

The 60 day clock once an overpayment has been identified.  The proposed rule considers an overpayment to be “identified” when (i) there is actual knowledge that an overpayment exists, (ii) there is a reckless disregard or deliberate ignorance that an overpayment exists.  There will be a lot of debate over when someone obtains “actual knowledge.”  There will likely be even more debate over when someone begins acting in “reckless disregard” that an overpayment exists.  The “reckless disregard” standard involves an imputation of knowledge to an individual and will revolve over the facts that were present or should have been observed.  This requires a objective imputation of a subject standard of “identification.”  These areas of the law always involve much debate.  The definition that CMS chose for “identification” forces providers to be overly diligent in their proactive efforts to uncover billing inaccuracies.  Virtually any error that goes uncovered and could lead to a repayment could be imputed to the provider under the “reckless disregard” standard.  The entire standard contemplates the use of a diligent system of audits being put in place in order for a provider to demonstrate that they have not acted in deliberate ignorance or reckless disregard of the existence of an overpayment.  The standard that CMS set is just a further indication that the Federal government is attempting to push past the “pay and chase” approach of the past toward a system that requires providers to actively police themselves for errors.

To put this in perspective, failure to report an “identified” overpayment within 60 days opens the provider to liability under the False Claims Act.  The False Claims Act providers for penalties of three times the actual amount of the overpayment, plus between $5,000 and $11,000 per claim.  If a provider discovered a systematic error that may have led to a significant number of claims being overpaid, the amount of financial exposure under the False Claims Act can be very substantial; substantial to the point of presenting a grave threat to financial viability in some cases.  Under the Proposed Rule, reporting and repayment would be required for all  identified within ten years of receipt.  In the case of the discovery of a systematic billing problem, this could require repayment for the past ten years of claims.  If the False Claims Act obligation is applied to the entire look back period, the amount due grows exponentially.

If the proposed rule is finalized in its current form, it should have a very significant affect on compliance activities.  In order to meet the “reckless disregard” standard, providers will need to engage in very robust auditing and monitoring programs; in most cases much more extensive than are currently being utilized.  Some compliance officers tend to rank risk by the degree of potential consequences to the organization.  Risk identification is a function of two factors; the likelihood of a matter occurring and the degree of consequences.  What the CMS overpayment disclosure rules do, in conjunction with the False Claims Act damage computation, is to greatly increase the consequences of systematic billing errors.  The only way for a provider to prevent these errors, or at least create a plausible argument that it was taking appropriate steps to flush out errors, is to implement a robust auditing program.

Keep in mind that these rules do not only apply to large health care providers.  They also apply to individual and small physician practices and other small health care companies.  The potential impact on smaller organizations can be even more severe.  The recent health care reform law made compliance programs mandatory for most providers starting with nursing homes in 2013.  Mandatory compliance programs will extend to other types of providers as regulations are put in place.  In view of the proposed repayment regulations, providers of all size should seriously look at the areas of risk that apply to their operations and implement compliance programs that include an audit plan that is tailored to the provider’s specific risk areas.

Compliance Program Effectiveness – About Our Compliance Practice

Friday, March 9th, 2012

Compliance Program Development and Effectiveness Review

John Fisher, JD, CHC

A significant part of our health law practice involves the creation, implementation, and review of compliance programs for health care providers.  Some of our compliance practice is devoted to institutional provides such as hospitals, health systems and nursing homes.  We are increasingly advising our smaller health care clients, such as physician groups, home health agencies and other providers on establishing appropriate compliance programs.  The entire health care industry is trending toward the adoption of compliance programs spurred on by a true desire to reduce risk as well as recent legal changes that mandate the adoption of compliance programs for most health care providers.

We have made a major firm committment to our compliance practice.  Health care attorney John Fisher recently obtained national certification in health care compliance through the Health Care Compliance Association.  We have assembled a team attorneys with various legal backgrounds, including health law, employment law, non-profit tax law and other areas to complement Mr. Fisher’s focus on compliance issues faced by health care providers.

We provide compliance program development and review services to hospitals, individual physicians and group practices, dental groups, chiropractic groups, home health agencies, skilled nursing facilities, durable medical equipment suppliers, ambulance providers, therapy clinics, ambulatory surgery centers, and behavioral health care providers.  We assist providers in conducting internal audits, internal investigations, compliance program gap analysis and effectiveness reviews. We have also assisted providers who are the subject of reviews by institutions where they may be employed or have staff privileges.

Examples of some of our compliance program related involvement in the health care area include:

  • Conducting effectiveness reviews and making suggestions for enhancements to existing compliance programs.
  • Working with governing bodies to develop initial compliance programs.
  • Advising compliance officers and governance with respect to ongoing monitoring and auditing.
  • Assisting providers to conduct internal audits and assessments.
  • Assisting providers to focus on specific risk areas that may affect their practices.
  • Assisting providers in the reacting to compliance reports including investigations and corrective action plan development.
  • Conducting detailed compliance related research in the course of acquisitions of other providers.
  • Creating programs that leverage existing resources and expertise into an enterprise management system addressed at compliance issues.
  • Compliance Programs Are An Essential Element of Health Care Operations

Effective compliance programs have become an essential element of an effective regulatory risk reduction program.  The importance of compliance programs have been repeatedly emphasised by government officials over the past decade.  Recently, Marilyn Tavenner, Acting Administrator of the Centers for Medicare & Medicaid Services (CMS) released a brief article on the CMS Blog emphasizing the use of “predictive modeling” technologies to identify specific providers that warrant further investigation.  The Acting Administrator touts that predictive modeling has already identified 2,500 leads for further investigation, 600 preliminary law enforcement cases, and 400 direct interviews with providers that have taken place due to the use of predictive modeling.

The 2012 Office of Inspector General Annual Work Plan also referred to new methods and programs to detect potential billing anomolies.  The OIG states that it will be using data matching programs to identify not only providers who are at a high risk of having incorrect billings, but also providers who have low risk.  The OIG claims that it will be examining both types of providers to determine the impact that compliance program operations have on the accuracy of billings.  This is alarming because it means that the OIG will be eamining the operations of compliance programs who show low risk of billing anomolies.

The Coming of Mandatory Compliance Programs

The PPACA created the concept of mandatory compliance programs for most providers.  Nursing homes are first on the list and must certify that they have an effective compliance program by 2013.  We are expecting additional regulations on what constitutes and effecive compliance progam as well as specific timelines defining when other provider types will be required to adopt compliance programs as a condition of participation in the Medicare and Medicaid programs.

Compliance Programs – One Size Does Not Fit All

The OIG Guidance on Compliance Programs as well as the Federal Sentencing Guidelines make it clear that one size does not fit all when it comes to compliance program development.  An effective compliance program needs to be strategically developed based on identification of the risk factors that are specific to the size and nature of the organization.  It is not prudent to simply copy the policies of another organization and adopt them as your own.  You should create a structure as well as topical policies that reflect the nature of your particular organization; sometimes right down to the personalities that are involved in the various aspects of your operations.

There are certain core principals that will be common to all compliance programs.  However, your program should be appropriately scaled to the size and resources of your organization.  I am not suggesting that you fail to allocate sufficient resources to compliance.  Decisions regarding allocation of resources are difficult but must be addressed.  At the same time, you do not want to develop policies that you will never have the resources to appropriately follow.  This carries the risk of creating a “Roadmap” that demonstrators to investigators the things that you are NOT doing.  Policies that you do not follows are argueably worse than having no policies at all; at least in some areas.

Mandatory Compliance Plan Requirements – Operationalizing Compliance

Thursday, February 9th, 2012

Mandatory Compliance Programs – Is Your Practice Ready?

The Office of Inspector General has encouraged health care providers to adopt compliance programs since the late 1990s.  Most larger organizations have implemented compliance programs as a way to detect and mitigate risk of non-compliance and to reduce penalties if a problem is detected.  However, many smaller providers, such as physician practices, have not adopted any type of formal compliance program.  The Patient Protection and Affordable Care Act (the “PPACA”) makes compliance programs mandatory for the first time  for all suppliers and healthcare providers enrolled in federal healthcare programs. Providers of all sizes will be required to certify that they have an effective compliance program in place as a condition of participation of federal healthcare programs.

The Office of Inspector General is charged with issuing regulations that define the core elements that providers must implement in order to certify compliance with the mandatory compliance program requirement.  The first set of regulations have been issued relative to nursing home who must certify their compliance programs as of 2013.  Regulations addressed at other provider types have not yet been issues but are expected soon. We can expect that the regulations will be similar to the guidance that has been provide by the OIG covering various industry sectors over the years.

Requirements for nursing home compliance plans have been released.  The nursing home regulations require the following:

  • The adoptions of formal written compliance policies, standards and procedures that are effective at reducing the risk of compliance violations.
  • The assignment of compliance responsibility to a Specific individual within the organization.  The individual should be a high ranking member of the management team and should report directly to the governing body.
  • The compliance program must be adequately funded to assure its proper operations.
  • Systems must be put in place to assure that authority is not delegated to individuals who may show a propensity to commit compliance violations.  For example, a program should be put in place to screen employees, staff members, vendors and others against OIG and GSA exclusions lists.
  • The program elements and the ability to report compliance violations must be stressed and an atmosphere of compliance should be created.
  • A strong system of anti-retaliation for individuals reporting compliance concerns must be maintained and communicated throughout the organization.
  • Effective communication of the standards and procedures to all employees and required participation in training programs.
  • Systems of monitoring and auditing should be put in place to help detect potential practices that could lead to compliance violations.
  • Disciplinary processes must be maintained in order to enforce the compliance program.  Discipline should be coordinated with existing policies and procedures regarding employee discipline.
  • The compliance program should “learn from itself.”  In other words, systems of corrective actions should be put in place that includes revisions of policies and procedures based on compliance concerns that are detected or reported.
  • Continued review of the effectiveness of the compliance program should be undertaken.  Simply having a compliance program in place is not sufficient.  The organization must assure that the program is effective by continually reassessing and testing the program.

The exact date that compliance programs will become mandatory is not yet certain.  Nevertheless, enforcement activity is on a rise.  Prudent providers will take proactive efforts to reduce their compliance risks.  This includes that creation of an effective compliance program that is specifically tailored to the compliance risks associated with the specific provider.  Many smaller providers have never contemplated creating such a program in the past.  Mandatory requirements, increased enforcement activities and penalties, are all factors forcing providers to take proactive steps to reduce their exposure.  This creates a disproportionate burden on smaller providers such as small group practices.  At the same time, the OIG has in the past recognized that smaller organizations do not need to go to the same extremes as larger systems to meet their compliance obligations.  In other words, compliance programs are permitted to have a degree of scalability and allow for the size and resources of the organization.  It is critical for small providers to know where to place their compliance resources.  A “shotgun” approach will provide very little benefit.  Creating an overbroad plan that can never be operationalized does nothing more than create a roadmap leading authorities to the actions that your organization is not taking.

It is most prudent for providers of all sizes to have some level of compliance plan in place sooner rather than later.  A well focused plan scaled to your biggest risk areas is much better than a robust plan that you can never operationalize.  The point is to start with your compliance efforts and build upon them as time passes and new risk areas are identified.  Your plan should be structured to operationalize the identification of risk areas and address them as they arise in your practice.

John H. Fisher

Health Care Counsel
Ruder Ware, L.L.S.C.
500 First Street, Suite 8000
P.O. Box 8050
Wausau, WI 54402-8050

Tel 715.845.4336
Fax 715.845.2718

Ruder Ware is a member of Meritas Law Firms Worldwide

The Health Care Law Blog is made available by Ruder Ware for educational purposes and to provide a general understanding of some of the legal issues relating to the health care industry. This site does not provide specific legal advice and you should not use the information contained on this site to address your specific situation without consulting with legal counsel that is well versed in health care law and regulation. By using the Health Care Law Blog site you understand that there is no attorney client relationship between you and Ruder Ware or any individual attorney. Postings on this site do not represent the views of our clients. This site links to other information resources on the Internet; these sites are not endorsed or supported by Ruder Ware, and Ruder Ware does not vouch for the accuracy or reliability of any information provided therein. For further information regarding the articles on this blog, contact Ruder Ware through our primary website.