april 9, 2019 - hcca official site · 2019-03-25 · april 9, 2019 kimyatta e. mcclary ......
TRANSCRIPT
3/14/2019
1
1
Risk Management &
Internal Investigations
April 9, 2019
Kimyatta E. McClary, Esq. CHC
2
Agenda
Know the Risks: Key Healthcare Laws and Enforcement Trends
Know the Guidance: Compliance & Risk Mitigation 101
Key Risk Mitigation Tools & Cultivating a Culture of Compliance
3/14/2019
2
3
Know the Risks: Key Healthcare Laws and
Enforcement Trends
4
Government’s View of Board Room Activities
3/14/2019
3
5
6
Government Enforcement Tools: The False Claims Act (FCA) The FCA is the government's primary enforcement tool for ensuring healthcare providers’ compliance
with the requirements of the federal healthcare programs
The FCA prohibits the submission of false or fraudulent claims, including bills for services that do notcomply with certain statutory or regulatory requirements
Also prohibits the retention of identified overpayments (“reverse false claims”)
The FCA is enforced not only by the government but through whistleblower actions filed by privatecitizens under the FCA’s qui tam provisions
More than 2,000 qui tams filed during last three years
$3.7 billion in settlements and judgments during fiscal year 2017 from civil cases brought underthe FCA
FCA liability can impose not only mandatory treble damages, but also a civil penalty of $5,500 to$11,000 imposed for each claim for payment that is found to be false or fraudulent
3/14/2019
4
7
Additional Tools of Enforcement
Anti‐Kickback Statute (AKS) Broadly prohibits offering or providing anything of value (remuneration) in return for referrals for goods, services, or items paid for
by a federal health care program. Liability for AKS includes fines, civil penalties, and imprisonment
Stark Law Prohibits a physician from making referrals for designated health services to an entity with which he or she (or an immediate
family member) has a financial relationship
Up to $15,000 per claim plus 3 times the claims and/or $100,000 per circumvention scheme
Civil Monetary Penalties
Voluntary Self‐Disclosure Protocol
Other Criminal Provisions Health Care Fraud
Mail and Wire Fraud
Obstruction
False Statements
8
Key Government Enforcers U.S. Department of Justice (DOJ) United States Attorneys’ Offices (USAOs) Federal Bureau of Investigations (FBI)
U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) Centers for Medicare and Medicaid Services (CMS)
State Attorneys’ General Offices Medicaid Fraud Control Units (MFCUs)
Program Integrity Contractors (Auditors) Medicare Administrative Contractors (MACs) Recovery Audit Contractors (RACs) Zone Program Integrity Contractors (ZPICs) Medicaid Integrity Contractors (MICs)
3/14/2019
5
9
Current State: Focus on healthcare fraud remains a top priority Attorney General has communicated this
The ROI is excellent
No politician can afford to be soft on healthcare fraud
Medical Device Companies, DME, Post‐Acute Care, Opioid Epidemic
When reform efforts don’t work, government uses blunt instruments
‐ DOJ recovered $2.4 Billion in 2017, and has recovered over $31 billion since 2009 ‐ Medicaid fraud control units (MFCUs) recovered $1.8 billion in 2017 through effective
collaboration with state governments‐ Healthcare‐related fraud recoveries accounted for 64% of the DOJ’s $3.7 billion total
haul across all industries in 2017 (including housing/mortgage, small contracts, and military contracts)
10
Current State: Healthcare Enforcement
The largest recoveries involving the health care industry this past year – over $900 million – came from the drug and medical device industry. Shire Pharmaceuticals LLC paid $350M
Mylan Inc. paid approximately $465M
The department also reported substantial recoveries from other health care providers. Life Care Centers of America, Inc. and its owner
paid $145M
eClinical Works and some of its employees paid $155M
3/14/2019
6
11
Current State: Enforcement in 2018
HHS‐OIG, along with state and federal law enforcement partners, participated in the largest health care fraud takedown in history in June 2018
More than 600 defendants in 58 federal districts were charged with participating in fraud schemes involving about $2 billion in losses to Medicare and Medicaid.
Since the last takedown, OIG also issued exclusion notices to 587 doctors, nurses, and other providers based on conduct related to opioid diversion and abuse.
12
Current State: Combatting the Opioid Epidemic Addressing the Opioid Epidemic is a top priority for OIG
OIG's efforts fall in three areas:
(1) identifying opportunities to improve the efficiency and effectiveness of HHS programs;
(2) identifying and holding accountable those engaged in fraud; and
(3) empowering and collaborating with partners through data sharing and education.
OIG's actions in these areas advance prevention, detection,and enforcement of fraud, waste, and abuse in HHSprograms that intersect with the opioid epidemic and helpensure quality care and treatment for those in need of
services.
3/14/2019
7
13
Continued Rise in Corporate Exposure: Organizational Compliance
Government continues to scrutinize the effectiveness of compliance programs and holding more organizations directly accountable for the effectiveness of those programs
DOJ Compliance Counsel focused on 4 key questions:
1. Thoughtful design of the compliance program
2. How operational is the program?
3. How well do stakeholders communicate?
4. Is the Compliance Program well resourced?
14
Know the Guidance:
Compliance & Risk Mitigation 101
3/14/2019
8
15
Compliance & Risk Mitigation Stereotypes
16
What is a Compliance Program?
A compliance program is a comprehensive strategy for an organization to consistently comply with the laws and regulations governing its business activities.
In football, it would be the Play Book
3/14/2019
9
17
Why Have a Compliance Program that incorporates Risk Mitigation?
To reduce the likelihood of wrongdoing
To reduce penalties if wrongdoing occurs
To disseminate information on new rules in an orderly and systematic way
To lower the possibility of whistleblower actions by providing a structure for employees to report concerns internally
To protect management by showing its good faith in achieving compliance if the entity is the victim of unscrupulous employees or agents
17
18
The Regulatory Environment
Health care is one of the most regulated industries in the US
Compliance programs were a byproduct of the federal sentencing guidelines, which deal with criminal liability attaching to a corporate entity (thus the common phrase “Corporate Compliance Program”)
Qui Tam (whistle blower) actions are profitable to disgruntled employees ‐ ‐ and to the government
3/14/2019
10
19
DOJ Criminal Division Compliance & Risk Mitigation Guidance Guidance released February 2017
The categories addressed in the guidance include:
1. Analysis and Remediation of Underlying Misconduct
2. Senior and Middle Management3. Autonomy and Resources4. Policies and Procedures
a) Design & Accessibilityb) Operational Integration
5. Risk Assessment
6. Training and Communications7. Confidential Reporting and Investigation8. Incentives and Disciplinary Measures9. Continuous Improvement, Periodic
Testing and Review10. Third Party Management11. Mergers and Acquisitions
20
DOJ Guidance Flexibility
“Because a corporate compliance program must be evaluated in the specific context of a criminal investigation that triggers the application of the Filip Factors, the Fraud Section does not use any rigid formula to assess the effectiveness of corporate compliance programs.
We recognize that each company's risk profile and solutions to reduce its risks warrant particularized evaluation. Accordingly, we make an individualized determination in each case.”
3/14/2019
11
21
HHS OIG Publishes Resource on Compliance Guide Effectiveness
HHS‐OIG announced a 52‐page resource guide on March 27, 2017—Measuring Compliance Program Effectiveness: A Resource Guide
List more than 400 metrics that organizations can use to evaluate their compliance programs
“One size truly does not fit all.”
Organized by the well‐established 7 elements of an effective compliance program. Those categories are further subdivided into more than 70 subcategories
22
HHS‐OIG Guidance Flexibility
“This is not a ‘checklist’ to be applied wholesale to assess a compliance program. An organization may choose to use only a small number of these in any given year. Using them all or even a large number of these is impractical and not recommended.
The utility of any suggested measure listed in this report will be dependent on the organization’s individual needs. Some of the suggestions might be used frequently and others only occasionally. The frequency of use of any measurement should be based on the organization’s risk areas, size, resources, industry segment, etc.
Each organization’s compliance program and effectiveness measurement process will be different. Some may not apply to the organization’s environment at all and may not be used. Any attempt to use this as a standard or a certification is discouraged by those who worked on this project; one size truly does not fit all.”
3/14/2019
12
23
DOJ and OIG guidance
OIG Topics DOJ Topics
1 Standards, policies, and procedures Policies and procedures
2 Compliance program administration Senior & middle managementAutonomy & resourcesMergers & acquisitions
3 Screening and evaluation of personnel Third party management
4 Communication, education, and training Training and communications
5 Monitoring, auditing, and internal reporting Risk AssessmentConfidential reporting & investigation
6 Discipline Incentives and disciplinary measures
7 Investigations and remedial measures Analysis and remediation of underlying conduct Continuous improvement, testing, and review
24
Key Risk Mitigation Tools &
Cultivating a Culture of Compliance
3/14/2019
13
25
Creating a Culture of Compliance
Goal is to create an environment or culture which:
Encourages open discussion of errors and concerns raised by employees
Allows for prompt reporting of compliance concerns or potential misconduct for prompt investigation
Cultivates a culture of organizational justice
Designs systems and processes that:
Ensure compliance
Contain adequate controls (compliance, quality, and safety)
Are supported by detailed policies and procedures
26
Culture of Compliance
“Culture drives value and leadership drives culture.”
Culture matters, not just paper
“Tone at the Top” is trite but true; mood in the middle matters
Provide a forum for open dialogue and questions
Show the programs value to Board
Measurable
3/14/2019
14
27
Culture: Gaining Compliance Commitment
• Walk the walk
• Don’t play favorites
• Use the front page of the newspaper
test
• Avoid being known as Dr. No
• Use the nobody’s looking test
28
Developing a Compliance Audit Plan for Risk Mitigation
• Annual process to identify, assess and address risk•What to Measure/How to Measure• Stay current on external developments and risks• Combine data and anecdotes• Don’t “shoot from the hip”• Use privilege and work product protection• Leverage Technology• Internal and external reviews
3/14/2019
15
29
Audit Emphasis: Specific Risk Areas
OIG Workplan OIG Semi‐Annual Report CMS Comprehensive Error Rate Testing (CERT) report CMS findings from Recovery Audit Contractors (RACs) OIG Compliance Program Guidance OIG Corporate Integrity Agreements for similar entities CMS or OIG fraud alerts CMS local medical review policies or national coverage
decisions Program requirements Specific risk areas identified for provider’s industry segment
30
Internal Investigations: How to Respond to Potential Non‐Compliance
Document responses to issues
Investigate as appropriate
Internal and external resources may be appropriatedepending on situation
Develop corrective actions plans and ensure they areimplemented and tracked as appropriate
3/14/2019
16
31
Conducting Internal Investigations
Foster a “speak up culture”
Buy in from the business
Get stakeholders out of the middle
Investigations and review processes must move with deliberate speed
Root cause analysis
Use privilege and work product protection
Don’t let amateurs conduct investigations
Follow up on findings
32
Corrective Actions: Enforcement of Disciplinary Standards
Standards well‐publicized
Consistently enforced
Exclusion lists checked
Emphasis on non‐retaliation
3/14/2019
17
33
Outcomes: Achieving Results
Employee awareness and understanding of compliance program, risk mitigation, and the internal investigations process
Employee awareness and understanding of laws, regulations and policy requirements
Improving culture and better cohesiveness in oversight activities
Decrease in incidents of non‐compliance
Reduction of fines and penalties
34
The “Five” Questions all Employees Should be Able to Answer
1) Does your organization have a compliance officer and/or compliance committee?
2) Do you know who the compliance officer is and the members of the compliance committee?
3) Do you know how to contact the compliance officer and the members of the committee to report a concern?
4) Are you obligated by your organization to report improper or unethical conduct?
5) Can you provide an example of improper conduct that you would be required to report and the company should investigate?
3/14/2019
18
35
Key Takeaways
OIG Resource Guide and DOJ’s Evaluation emphasize the government’s expectation that healthcare organizations have effective compliance programs to mitigate risks
Compliance is more than just window dressing
“Tone at the Top” and “Mood in the Middle”
Compliance is an Enterprise‐Wide Responsibility
Open communication and transparency among key stakeholders
Investigations and risk assessments are key components to an effective program
36
Questions?