hcca’s new board members · 2014. 9. 8. · hcca website–. you will receive an email a few days...
TRANSCRIPT
Volume SevenNumber Three
March 2005Published Monthly
INSIDELeadership letterOn the CalendarEffectivenessCompliance on a shoe-stringJoint venturesAuditing & monitoringHCCA’s new boardmembersCEO’s letterCompliance afterBookerHIPAA challenge #3Research billing HCCA/AHIA CFG
2346
81214
1820
232628
INSIDE
HCCA’s New Board Members
2March 2005
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
Dear Colleagues:
A frequent criticism of compliance programs (and not infre-
quently compliance officers) is that such programs are
focused only on complying with the law and do little to
teach people how to behave when the law may not be clear.
Unfortunately, particularly in health care, this criticism is
probably accurate. Some of you would argue that the criti-
cism is unfounded. Many would concede the point but
blame it on the more than 100,000 pages of complex, con-
fusing and counter-intuitive laws, regulations and instructions
that plague those of us who participate in the health care
system. Others have argued that ethics is such a nebulous
topic that it is difficult to teach—particularly in an environ-
ment where you frequently feel compelled to cram large
amounts of information into education sessions that are typi-
cally much shorter than we need. Whatever the reason for
giving ethics short shrift in the past, changes to the Federal
Sentencing Guidelines, Sarbanes-Oxley, audit standards and
community expectations are going to compel each of us to
ask whether our compliance programs include the appropri-
ate ethical component.
While you will need to perform your own evaluation, I
recently was given an article that makes a reasonably com-
pelling case for a strong ethical component in a compliance
program. Interestingly, the argument had little to do with
virtue for virtue's sake and much to do with building the
case that there is a strong tie between an organization's ethi-
cal culture and its perform-
ance in a number of areas
important to the success of
virtually every business.
The article, titled "Measuring
Ethical Climate Risk," appeared in the
December 2004 issue of Internal
Auditor and was written by Colleen G. Waring who is the
Deputy City Auditor for the city of Austin, Texas. In the arti-
cle, Ms. Waring describes how the city of Austin found a
strong correlation between the ethical climate in various city
departments and the number of damage claims against the
city attributable to department personnel, the number of
complaints by the public, the volume of work related
injuries, and the use of sick leave. The study found that
weak ethical indicators were strongly associated with above
average experience in each of the areas noted above.
Equally interesting was the relative simplicity with which the
city measured the ethical climate. The measurement consist-
ed of relatively simple questions asking about an employee's
awareness of illegal acts or ethical violations in a six month
period or the employee's perception of whether her/his
supervisor "set a good example by following the laws and
policies that apply to their jobs."
I found the article both interesting and helpful. It makes a
strong case for an ethics component and at the same time
lays out a relatively simple approach for measuring that cli-
mate. Obviously, the ability to measure the climate then
gives us the ability to test strategies for improving the climate
or to incorporate the measurement into our performance
evaluation process.
Thank you Ms. Waring!
HCCA exists to champion ethicalpractice and compliance standardsand to provide the necessary
resources for ethics and compliance professionals and otherswho share these principles.
HCCA • 5780 LINCOLN DRIVE, SUITE 120 • MINNEAPOLIS, MN 55436
HCCA’SMISSION
DANIEL ROACHHCCA 2nd Vice PresidentEthics vs. Compliance
HCCA election results are inThe ballots have been counted and the election results are in.
Re-elected to the HCCA Board of Directors:
■ Rory Jaffe, MD, MBA, CHC
Chief Compliance Officer
UC Davis Health System
Sacramento, CA
■ Sheryl Vacca, CHC
Director, Health Care Regulatory Practice
Deloitte LLP
Newport Beach, CA
Newly elected to the HCCA Board of Directors:
■ Anne Doyle
Compliance and Privacy Officer
Tufts Health Plan
Waltham, MA
■ Cheryl Wagonhurst
Chief Compliance Officer
Tenet Healthcare Corporation, Headquarters Office
Santa Barbara, CA
Newly Appointed members of the HCCA Board of Directors:
■ Cynthia Boyd, M.D., FACP, MBA,
Chief Compliance Officer
Rush University Medical Center
Chicago, IL
■ Frank Sheeder,
Partner,
Brown McCarroll, LLP,
Dallas, TX
The HCCA 2005 Officers will be elected at the April Board of
Directors meeting and announced at the Membership Luncheon -
during the Compliance Institute on April 18, 2005 in New Orleans.
Thank you all for your participation!
3March 2005
HCCA • 888-580-8373 • www.hcca-info.org
R E S O U R C E S
T H E C A L E N D A RONON
HCCAHCCA
2005 CONFERENCES:(See page 5 for upcoming audioconferences)
ANCHORAGE, AK■ Alaska Area Meeting
July 21-22
SCOTTSDALE, AZ■ Compliance Academy
June13-16
LOS ANGELES, CA■ West Coast Meeting
July 8
SAN FRANCISCO, CA■ Advanced Academy
June 20-23
DENVER, CO■ Mountain Area Meeting
August 26
MIAMI, FL■ South Atlantic Meeting
March 11
CHICAGO, IL■ Corporate Responsibility
SymposiumSeptember 12-14
■ North Central MeetingOctober 7
NEW ORLEANS, LA■ Compliance Institute
April 17-20
BOSTON, MA■ New England Area Meeting
September 9
DETROIT, MI■ Upper North Central Meeting
June 10
MINNEAPOLIS, MN■ Upper Midwest Meeging
September 16
KANSAS CITY, MO■ Midwest Area Meeting
August 5
LAS VEGAS, NV■ Research Conference
June 5-7■ Desert Southwest Meeting
November 4
CHARLOTTE, NC■ Mid-Atlantic Meeting
May 20
PHILADELPHIA, PA■ Mid Atlantic Meeting
September 30
SEATTLE, WA■ Pacific Northwest Meeting
June 3
For more information aboutevents or resources, check out
the HCCA Website,http://www.hcca-info.org or call
888/580-8373.■ The HIPAA Security Rule■ The Health Care Compliance
Professional’s Manual■ Monitoring & Auditing
Practices for EffectiveCompliance
■ Compliance 101■ HCCA’s Guide to Resident
Compliance Training
■ Compliance, Conscience,and Conduct™, a video-basedtraining program
■ Privacy Matters A video-based HIPAATraining Program
■ Corporate Compliance &Ethics: Guidance forEngaging Your BoardVolume 1: The Board’sPerspective ■
NEWSFLASHNEWSFLASH
4March 2005
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
Editor's note: Shawn Y. DeGroot,
CHC, is the Vice President of
Corporate Compliance for Rapid City
Regional Hospital located in Rapid
City, South Dakota. She may be
reached at 605/719-8761.
fter a few years of articles and
programs on effectiveness,
some professionals may tire
of yet another article; however, similar
to the craze of reality shows, effective-
ness continues to be at the compliance
forefront. It doesn't take a rocket scien-
tist to determine effectiveness and I
firmly believe that while State and
Federal regulations, coding rules, and
fiscal intermediary opinions/advice are
confusing and complex, the approach
to attaining an effective compliance pro-
gram does not need to be difficult.
As Forrest Gump would say, "stupid is
as stupid does." A "simple" approach is
often the most understandable and if it
is understandable, there is no reason for
lack of implementation and action.
Understanding, implementation and
action, therein lies a simplistic approach
to effectiveness. The tools to prepare
for an effectiveness review are available
on numerous websites. Specifically, the
OIG [U.S. Department of Health and
Human Services Office of Inspector
General] has really provided excellent
guidance to initiate the process with
documents such as their Work Plan,
which addresses many aspects of health
care, the Compliance Guidance for
Hospitals, Advisory Opinions, the OIG
Orange Book and Red Book. One can
ultimately extract very pertinent infor-
mation based on the Corporate Integrity
Agreements (CIA). The CIA's can be
used as a roadmap or a template for
any organization as to what you should
be doing before they knock at your
door. The recently published Federal
Sentencing Guidelines are yet another
tool to use in the process.
What are the simple steps? First, determine whether your organiza-
tion prefers to perform a self-assessment
or hire a consultant. Regardless, I would
recommend an external review of your
compliance program from an expert
every two to three years.
Second, assign staff to review the perti-
nent documents mentioned above to
develop a work plan.
Third, this work plan is your guide for
development of risk assessments. The
risk assessments should cross reference
the documents utilized to develop the
tools and you will soon see the pattern
of repetition on areas of focus by the
OIG. While the list may be long, the
OIG is not secretive about the focus
areas for compliance in health care.
For instance, Cardiac Rehab is listed in
the 2005 OIG Work Plan. Follow-up
by listing the elements that would
demonstrate appropriate implementa-
tion, (e.g. contracts, policies) for areas
of potential noncompliance.
Completing the risk assessment tool is
the next step in the review process and
is crucial to the success of effectiveness.
Interviews could be conducted, the
assessment form could be distributed,
or anonymous survey tools could be
used. You would need to determine
what is best for your organization based
on culture. For example, if your pro-
gram is seasoned and Cardiac Rehab is
an area you have previously/recently
assessed, you may be able to limit the
depth of the assessment; however if
you have never assessed the program
area, I would recommend interviews
with the senior manager and then an
assessment at the lower level of man-
agement or staff level. Validate the ver-
bal responses with the pertinent docu-
mentation, e.g. contract, policies, etc.
The results or outcome should be paral-
lel; if not, a flaw may exist with the
"effectiveness" of a policy, communica-
tion on a procedure, a systematic infra-
structure issue, or a behavioral issue.
Documented recommendations in a
Corrective Action Plan (CAP), potential
disciplinary action for willful or deliber-
ate ignorance to policy and/or the rec-
ommendations, targeted education
including a specified timeframe for the
completed corrective action, are all com-
ponents that directly relate to an effec-
tive compliance program. Equally impor-
tant, if the results of your assessment are
positive, the Federal Sentencing
Guidelines not only require disciplinary
action but require that the organization
provide incentives for ethical behavior
By Shawn Y. DeGroot, CHC
A
Continued on page 7
SH
AW
N Y
.DE
GR
OO
T
HCCA Audio ConferencesJoin us for the following
HCCA Audio Conferences are a fast and easy way to aquire HCCB CEUs!
Get the latest “how to” information–tools you can implement–without even leaving your office! Register on theHCCA Website–www.hcca-info.org. You will receive an email afew days before the conference with any conference handouts,and dial-in information and instructions.
➤ ➤ Staff Buy In (1.2 HCCB CEUs) Speakers: Julene Brown and Dr. Cynthia BoydMarch 24
➤ ➤ Stark II Phase II (2.4 HCCB CEUs) Speaker: Gadi WeinreichMarch 22 and 23
➤ ➤ Auditing and Monitoring Two Aspects of the OIG Work Plan (1.2 HCCB CEUs) Speakers: Randall Brown and Cedrial ThomasMarch 17
➤ ➤ Sarbanes Oxley (2.4 HCCB CEUs) Speakers: Kelly Saunders, Dion Sheidy and Mark AveryApril 27 and 29
➤ ➤ Auditing and Monitoring Two Aspects of the OIG Work Plan (1.2 HCCB CEUs) Speakers: Hala Helms and Bernard MimsApril 8
*Audio CDs are available for all past audio conferences.
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org 5
Editor's note: Susan Coombes is
Director - Regulatory Compliance
and Joyce L. Lang is Director -
Management Audit Services for
Legacy Health System located in
Portland, Oregon. Susan Coombes
may be reached via email at
[email protected]. Joyce L. Lang may
be reached by phone at
503/415-5026.
et's start with the Federal
Sentencing Guidelines,
Conditions of Participation,
State Administrative Rules and Statutes,
JCAHO standards [Joint Commission on
Accreditation of Healthcare
Organizations], and the rules and regu-
lations of a minimum of 45 additional
regulatory and/or accreditation bodies
that define the complex environment of
health care providers today. And then
we'll stir in the National Patient Safety
movement; with a multitude of private
and governmental institutions continual-
ly mandating a variety of new patient
safety measures, benchmark procedures,
and reporting requirements. Finally we'll
cover the whole thing in several layers
of HIPAA, the ever-growing OIG Work
Plan, the threat of Public Report Cards,
terrorism response plans, Stark Rules,
fraud settlements in the multimillions,
Sarbanes Oxley, and shrinking public
health care funding sources. What we
have described here is the recipe for a
Compliance nightmare.
Legacy Health System is a community-
based health care system located in the
Pacific Northwest. Legacy is comprised
of two urban tertiary care hospitals fea-
turing a Pediatric Program, Level III
NICU, a Burn Center, a Level I Trauma
Center, a Comprehensive Cancer Center,
and a JCAHO Accredited Stroke
Program, as well as two full service sub-
urban community hospitals, a Home
Health Agency, Hospice and Infusion
Programs, an Assisted Living Facility,
and a full array of ambulatory care pri-
mary and specialty care clinics. Like
most health care organizations in the
United States, the challenges put forth
by the OIG in their 1996 recommended
Compliance Guidence, and through the
most recent updates to the Federal
Sentencing Guidance have besieged
those of us tasked with the work of
compliance.
As we began implementing Legacy's
Compliance Plan in 1997, our CFO,
while nervously reviewing the multi-
page "compliance issues" list we com-
piled to drive the work of our
Compliance Committee, gave us a for-
midable challenge. She stated, "Make
certain that someone with expertise has
reviewed our work processes and audit-
ed our compliance with each and every
one of these issues and every new issue
that arises in the future". This was a tall
order for a Compliance Department of
one. Limited resources forced us to find
a creative, cost-effective solution to this
conundrum.
We immediately identified the high risk
compliance services throughout Legacy,
based on the current focus of the OIG
[HHS Office of Inspector General] and
the Centers for Medicare and Medicaid
Services (i.e. cost reporting, medical
records, billing services, the Emergency
Department, contracted physician serv-
ices, etc.) and shared the following
mandates:
■ The Director of each service was
required to identify a person within
their Program who was most familiar
with their specific rules and regula-
tions and may be involved in process
auditing, regulatory surveys, etc. to
be the 'Compliance Coordinator' for
that department.
■ The Compliance Coordinators would
meet together monthly as the
Compliance Coordinators Committee,
the working group for the
Compliance Committee and a month-
ly Regulatory Mail group to address
billing directives.
■ The Coordinators would be responsi-
ble for the following activities:
• Annual investigation of OIG Work
Plan issues assigned to them, and
mitigation of risks identified
• Monthly review of their specialty
literature with identification of rel-
evant compliance concerns to be
added to the master list
• Ongoing monitoring of all high
risk processes within their special-
ty area
• Investigation and mitigation of all
newly identified concerns
The next step was to develop a Charter
for the committee members that clearly
identified their roles and responsibilities.
Both the coordinator and their Director
signed the Charter to evidence their on-
going commitment to the program.
6March 2005
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
by Susan Coombes and Joyce L. Lang
L
7March 2005
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
Since this initial work was done, the
group has grown exponentially as the
breadth of compliance issues continues
to grow. Now 25-members strong, and
supported by such ancillary departments
as the Legal Department, Management
Audit Services, and the Compliance
Department, this committee has become
the corporate resource that we had
visualized.
"How do you keep the Coordinators
motivated to take more work on to their
already full plates?" is the most common
question we receive. The answer is
easy; we have focused on providing the
Coordinators with the education, tools
and team support that a job like this
demands. From online regulatory
resource tools to monthly education by
experts, from development of invaluable
partnerships among the committee
members, to a demonstration of full
support from Senior Management, the
Coordinators feel valued and respected
for their unique competencies. Ongoing,
succinct and timely education through
respected resources such as HCCA
[Health Care Compliance Association]
provides them with the confidence that
they are focusing on the right issues
and have access to the best solutions.
We have perfected tools over the past
few years and provided opportunities
for the Coordinators to enhance their
skills. The tools that are used to organ-
ize the group and provide the checks
and balances needed to allow our lead-
ership to sleep nights include:
■ A Program Compliance Plan
template—All high-risk areas have
prepared their own compliance plan.
Every Coordinator has had the
opportunity to prepare and deliver a
presentation on their Plan to the
Coordinators and Compliance
Committee.
■ A risk assessment and control docu-
mentation tool that expands the
requirements of Sarbanes Oxley to
compliance. Coordinators are docu-
menting the compliance risks and
controls for there are and will pres-
ent summary information to the
Compliance Committee.
■ OIG and Compliance issues list for-
mats—The template facilitates the
Coordinators' capture of potential
risks from readings and other
sources, and the documentation of
analyses and actions.
■ Scripts for Regulatory Compliance ori-
entation for all new employees, man-
agers and employed physicians—
coordinators deliver the training.
We will continue to raise the bar for
Compliance Coordinators. The next
challenge we are setting before our
committee members is for everyone to
become Compliance certified (Certified
in Healthcare Compliance-CHC) through
HCCA.
In today's environment of growing regu-
latory mandates and shrinking
resources, there is no time to waste in
building your own effective Compliance
Program. Moreover, if you start by find-
ing the “rules-smart” people who
already work within your organization,
you're half way home. ■
and compliance.
The final component to an "effective"
program is to communicate the results to
the Compliance Committee and ELC
(Executive Leadership Council) or Board
of Trustees. An effective report to the
ELC or Board should identify the level of
risk (low, medium, high) risk areas based
on frequency, financial implications,
breach of contract, breach of Corporate
Integrity Agreement, as well as the
impact of negative public scrutiny.
Unfortunately, too often these reports
are purely negative in nature. As you
complete the assessments and reports,
make sure you include the positive out-
comes as well, specifically regarding
quality of care and revenue. The health
care industry is slowly beginning to rec-
ognize the positive impact of compli-
ance programs to the quality of care,
revenue, ethical culture and higher
employee morale, an intangible result
very difficult to measure.
As compliance officers, we must per-
form due diligence in actively seeking
out criminal behavior and intentional or
unintentional wrongdoing to be effec-
tive. However, in the infancy of compli-
ance we only reported risk areas and
problems, fearful of reporting any infor-
mation that enhanced revenue with vir-
tual silence on any other positive out-
come. A paradigm shift occurred a few
years ago and reporting the positive
impact of an effective compliance pro-
gram to the ELC or Board of Trustees is
a responsibility of our role. Simply stat-
ed, "it is what it is" and we have an
inherent duty to report the positive and
negative impact and consequences of an
effective compliance program. ■
Compliance effectiveness
...continued from page 4
8 Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
Editor's note: John P. Krave, Esq. is a
partner at Davis Wright Tremaine
LLP in Los Angeles, California, and
specializes in transactional and reg-
ulatory health care law. He can be
reached by telephone at 213/633-
6873 or by email at
n December, 2004, the HHS
Office of Inspector General (OIG)
issued Advisory Opinion 04-17
(04-17) criticizing certain "contractual
joint ventures" that the government
believes to constitute disguised kick-
back arrangements involving providers
who receive indirect compensation from
lay management companies or suppliers
in exchange for a guaranteed referral
stream. Even if the parties' various con-
tracts that comprise the joint venture
qualify for Safe Harbors from prosecu-
tion under the federal Anti-Kickback
statute, the government believes that
the parties' referral-oriented objectives
for the overall arrangement may render
it illegal. Providers can, however, distill
from 04-17 and earlier guidance some
helpful business considerations and
contract terms that should persuade the
most skeptical investigator of the legali-
ty of the venture.
But as is typical of the government efforts
to discourage a particularly abusive form
of health care transaction, the issuance of
broad regulatory guidance casts suspicion
upon many legal, socially beneficial
arrangements. Joint ventures generally
serve a number of legitimate purposes
and often assist in aligning incentives,
enhancing patient access, and increasing
capacity. While market-place dynamics
are encouraging the development of a
wide array of ventures that benefit the
community, government regulators have
been less supportive of the trend.
Government scrutiny of joint ventures
over the past few years has resulted in
various cautionary messages to industry.
The limited safe harbor protection for
joint ventures under the Anti-kickback
statute, the prohibitions of the Stark Law
on physician ownership of certain types
of providers along with fraud alerts and
Advisory Opinions have established a
series of prohibitions and suggested
numerous risk factors associated with
contract joint ventures. Advisory
Opinion 04-17 continues this cautionary
tack. This guidance from the govern-
ment suggests that it would be prudent
for potential participants to carefully
consider the regulatory issues at the
onset of any joint venture negotiations.
Advisory Opinion 04-17Advisory Opinion 04-17 reiterates the
OIG's previous concerns about so called
"contractual joint ventures." The Opinion
analyzes a laboratory services venture in
which participating physician groups
refer patients while commonly controlled
suppliers provide "turnkey" management
and clinical services. The OIG reacted
negatively to the proposal, concluding
that the arrangement might violate the
Federal Anti-kickback law because it
enabled the physician groups to profit
from referrals to the new labs.
Although the OIG's conclusion is not
entirely surprising, the Opinion suggests
a disturbing limitation on the safe har-
bors under the Anti-kickback statute. The
OIG determined that the arrangement
under review (the Proposed
Arrangement) might be illegal even if its
component contracts reflected fair mar-
ket terms and otherwise satisfy the
requirements of the Anti-kickback regu-
latory safe harbors. Refusing to focus
solely on the terms of each constituent
contract, the government analyzed the
"totality" of the Proposed Arrangement,
and concluded it was "designed to per-
mit the [lay management company] to do
indirectly what it cannot do directly; that
is pay the Physician Groups a share of
profits from their laboratory referrals."
The party that requested the Opinion
(the Manager) was a company that
sought to provide pathology laboratory
services to physician groups specializing
in urology, dermatology, or gastroen-
terology (the "Physician Groups"). The
Manager would provide all services
required for each Physician Group to
operate its own pathology laboratory
(the Lab) at an off-site location. The
Physician Group, or the Manager on
behalf of the Physician Group, would
bill patients and public and private third-
party payors (including Medicare) for
pathology services furnished in the Lab.
The Manager, which was not itself a
Medicare or Medicaid provider, pro-
posed to provide its services through
affiliated entities (the Affiliated Entities),
which included a licensed, Medicare-
certified anatomic pathology laboratory
and a staffing company. A common par-
ent corporation jointly owned the
Manager and the Affiliated Companies.
The Manager and each Physician Group
were to enter into four contracts: (1) a
Management Agreement, which encom-
passed equipment leases and, if
requested, billing services; (2) a Sub-
Lease Agreement for space to be occu-
March 2005
By John P. Krave
I
pied by the Lab at a site removed from
the Physician Group's offices; (3) a
Technical Personnel Agreement; and (4)
a Pathology Services Agreement under
which the Manager would provide a
pathologist to render professional and
supervisory services on a part-time basis
as necessary to operate the Lab.
Notably, the terms of each of these
component contracts would qualify for
protection under established safe har-
bors to the federal anti-kickback law
(Social Security Act §1128B(b).)
Each Physician Group would compen-
sate the Manager in a flat monthly fee
(the Monthly Fee) intended to compen-
sate the Manager for the pathologist's
part-time services. The Physician Group
and Manager would determine the
amount of the Monthly Fee by reference
to historical utilization data. The
Physician Group would also pay a per-
specimen charge and a fee for any
billing and collection services rendered
by the Manager.
The Manager planned to establish up to
five independent Labs in a single build-
ing, with no shared use of space or
equipment. Each Physician Group
would lease its own space on a full-
time basis, and would make exclusive
use of the premises. The pathologists
and technical personnel would rotate
among the Labs, provide only services
on behalf of a single Physician Group at
a time, and use only that Group's space
and equipment for performance of serv-
ices on the Group's behalf.
The OIG analyzed the Proposed
Arrangement under the federal Anti-
kickback law, which prohibits the pay-
ment of remuneration to induce or
reward referrals of items or services
payable by a Federal health care pro-
gram, including Medicare or Medicaid.
The Opinion cites cases interpreting the
federal Anti-kickback law to prohibit
any arrangement where even one pur-
pose is to provide compensation for the
referral of goods or services to be paid
for by a federal program. The OIG also
made reference to its 2003 Special
Advisory Bulletin on contractual Joint
Ventures. The Special Advisory Bulletin
emphasized the risks of an arrangement
in which a health care provider con-
tracts with a manager/supplier (which
might otherwise be a potential competi-
tor) to establish a related line of busi-
ness and receives the profits resulting
from the provider's referral of Medicare
and Medicaid beneficiaries to the new
enterprise.
The Opinion indicates that the
Proposed Arrangement is akin to the
ventures the OIG criticized in the
Special Advisory Bulletin. In refusing to
protect the Proposed Arrangement, the
OIG cited several reasons:
■ The Manager and the Affiliated
Entities provide "turn key" services
under circumstances that suggest to
the OIG that they should be viewed
as a single entity. The entities are
commonly controlled and share a
single corporate purpose. As a result,
the Manager, though its affiliates,
would be in position to provide
pathology services in its own right in
competition with the contracting
Physician Groups, billing insurers
and patients in its own name and
retaining all reimbursement.
According to the OIG, the only credi-
ble business purpose for the involve-
ment of the Physician Groups in the
new lab ventures was the referral of
patients.
■ The Physician Groups would be
expanding into a related line of busi-
ness (i.e., pathology), but would be
contracting out substantially all of
their operations to Manager, a poten-
tial competitor for this business. In
the OIG's view, this meant that the
only significant role for the Physician
Groups would be to provide patient
referrals to the Manager.
■ As characterized by the government,
the Physician Groups were assuming
very little financial risk under the
arrangement. The Groups would
have control over the volume of
business they would send to the Lab.
They could, presumably, ensure that
they generated sufficient Lab busi-
ness to meet or exceed the Monthly
Fee. The "per specimen" and billing
fees also resulted in no financial risk
because they, too, were based on
actual utilization.
■ Each Physician Group would share
the economic benefit of its Lab with
the Manager.
Advisory Opinion 04-17 should provoke
a careful scrutiny of any planned or
ongoing arrangements between a
provider and an organization that facili-
tates the provider's entry into a new
line of business to which the provider
will refer patients. While caution is
advised, it is important to note that no
trial or appellate court has yet consid-
ered whether the OIG is correct in con-
cluding that the Proposed Arrangement
or a similar venture may be illegal
under the Federal Anti-kickback law.
Indeed, the Opinion has been criticized
as a clear circumvention of the protec-
9March 2005
Continued on page 9
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
10March 2005
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
tions afforded by the regulatory safe
harbors to the anti-kickback statute. If
each component of the Proposed
Arrangement fits within a safe harbor,
the mere presence of an underlying
profit motive should not nullify the pro-
tection afforded to those who have
structured their arrangements to meet
the safe harbor criteria. Should an
arrangement such t as that described in
the Opinion be challenged by the gov-
ernment, a defendant may be able to
successfully argue that because the
component contracts fall within estab-
lished safe harbors, the venture cannot
be deemed to violate the anti-kickback
statute. In addition, compliance with the
safe harbors demonstrates that the par-
ties did not "knowingly" violate the
Anti-kickback law as required by the
Court of Appeals decision in Hanlester
Networks v. Shalala.
Although there are strong legal argu-
ments to be made, challenging the
OIG's position is risky and the govern-
ment's leverage in any prosecution is
always enormous. For the time being,
parties should be aware that in the gov-
ernment's view a turn key management
agreement that provides for fair market
value payments for the services and
meets the other safe harbor criteria is
not necessarily legal, particularly if the
physicians have no significant opera-
tional role and their profits from the
venture are traceable to their referral of
federal patients.
Providers other than physiciansAlthough Advisory Opinion 04-17 inter-
prets a physician-oriented scenario, the
government's concerns regarding con-
tractual joint ventures apply with equal
force to other types of providers. The
OIG's special advisory bulletin issued in
April, 2003 discussed the regulatory
risks of these ventures in generic terms,
and applied identical legal principles to
"turnkey" management arrangements
regardless of whether the owner was a
physician, hospital or other healthcare-
related business. The bulletin analyzes
scenarios involving (i) a hospital that
expands into a durable medical equip-
ment business, (ii) a durable medical
equipment supplier that expands into
the nebulizer pharmacy business, and
(iii) a nephrologist who expands into a
home dialysis business. In each of these
cases, the provider is capable of refer-
ring, or at least indirectly steering
patients to, the provider's newly-
expanded business under terms that
raise the same regulatory risks that the
government addresses in Advisory
Opinion 04-17.
Responding to government concernsTo address the OIG's concerns, parties
contemplating ventures akin to that
described in the Advisory Opinion 04-17
should consider incorporating elements
of provider financial risk and multiple
referral sources into the arrangement.
More specifically, recommended compli-
ance measures include the following:
■ Establish Fixed Periodic Fee
Compensation for Manager. The
owner may wish to compensate the
manager according to a periodic
fixed fee (e.g., a monthly payment)
or other mechanism that cannot vary
according to referral volume. The
parties should set the fee after arm's
length negotiations, and the rate
should not vary during the term to
reflect referral volume or value. The
term of the arrangement should be
for a period of at least one year, dur-
ing which the fee should be fixed.
Later adjustments to the fee should
reflect increases in the consumer
price index or other objective factors
unrelated to the volume or value of
referrals. The parties should also con-
sider retention of an independent
appraiser to validate their judgment
that the manager's fee reflected fair
market value.
■ Increase Provider Financial Exposure.
The government often targets
arrangements in which it is difficult
or impossible for referring physicians
or providers to suffer financial losses.
Venture participants can strip away
this insulation by ensuring that the
provider, rather than the manager,
has financial responsibility for such
items as inventory, supplies, and
leased equipment. Parties can
reduce the fixed management fee
described above to reflect that the
provider now bears financial risk for
these items. The resulting arrange-
ment might make the manager
responsible only for the provision of
technical and professional personnel.
■ Expand Provider Decision-making.
The government disfavors arrange-
ments in which the physician or
other provider has limited control
over critical operational decisions,
such as the level of staffing and the
establishment of charges. The struc-
ture of these hollow arrangements
suggests that the lay manager is the
true "owner" of the business and that
the provider's primary role is to
ensure a stream of referrals. To over-
come this concern, the physician or
other provider should control deci-
sions that impact the quality of care
within the new business. Staffing lev-
els, the selection of clinical equip-
Contractual joint ventures ...continued from page 9
11March 2005
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
ment and supplies, and the introduc-
tion of new service lines are deci-
sions properly within the peculiar
expertise of a physician provider. As
an added benefit, restructuring
arrangements that involve a physician
participant may also avoid violations
of state laws that prohibit the corpo-
rate practice of medicine. The
involvement of multiple independent
managers for different aspects of the
enterprise may also be helpful, pro-
vided the resulting venture amounts
to something beyond a more cir-
cuitous version of arrangements criti-
cized by the government in 04-17
and other guidance.
■ Avoid Exclusivity Provisions. Contract
ventures should include express
terms which promote open access for
patients. Conversely, the government
is likely to express particular concern
about arrangements which prohibit
the manager from providing services
in its own right to a provider's
patients in a setting outside the ven-
ture.
■ Expand Marketing Efforts. The gov-
ernment may doubt the legality of
any arrangement in which either or
both participants engage in market-
ing efforts typical of health care busi-
nesses which face bona fide competi-
tion. The parties should engage in a
bona fide marketing campaign
designed to expand the venture's
patient base beyond the confines of
the provider's practice or business as
it existed as of commencement of the
venture. The provider should be
responsible the cost of the campaign,
and should not compensate the man-
ager on an incentive basis for the
success of its marketing efforts.
■ Ensure that the Venture Has a
Legitimate Business Purpose Other
than the Generation of Captive
Referrals. A well-defined and docu-
mented bona fide business purpose
independent of the generation of
referrals offers a valuable defense
against government scrutiny in all
contractual joint ventures, but espe-
cially where the arrangement appears
to generate guaranteed revenues by
"locking up" a captive referral stream
for the participating manager/suppli-
er. For example, a contractual joint
venture to provide outpatient dialysis
would more likely withstand govern-
ment scrutiny if the community
lacked alternative providers of such
services, and patient need would oth-
erwise remain unmet. It is critical,
however, to document these ratio-
nales while forming the venture
rather than as a less credible after-
thought.
■ Implement a Compliance Plan for the
Venture. It is axiomatic that all mod-
ern health care providers should inte-
grate corporate compliance policies
and protocols into their practices or
operations, and contractual joint ven-
tures are no exception. Unless other
considerations apply, the venture's
compliance structure should integrate
with that of the participating
provider.
Don't try this at homeWe note in closing that contractual joint
ventures tend to be complex in struc-
ture, and that the parties' true motiva-
tions for their involvement are often
divergent and even hidden from each
other. Parties also are notorious in their
lack objectivity in assessing their own
motivations for involvement and have a
flawed, self-serving perception of likely
government response to arrangements
that appear favorable for business rea-
sons. As a result, parties should exercise
extreme caution in all stages of plan-
ning and negotiating contractual joint
ventures, as well as in the documenta-
tion of these endeavors. Such prudence
is essential for fundamental business
reasons as well as for compliance con-
cerns. For these reasons, the use of
experienced, independent legal counsel
and consultants is often critical to a suc-
cessful outcome. ■
Two ComplianceAcademies
comming thisSpring!
Advanced AcademyJune 20-23, 2005
Hyatt at Fisherman’s Wharf
San Francisco, CA
Compliance AcademyJune 13-16, 2005
Hilton Scottsdale Resort & Villas
Scottsdale, AZ
Academy registration and the
Compliance Certification (CHC)
exam form can be found at
www.hcca-info.org
12March 2005
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
Editor's note: John A. Beattie is a
Principal with Parente Randolph.
He is also a Certified Public
Accountant (CPA) in Pennsylvania
and a Certified Fraud Examiner
(CFE). Jeffrey Miller is Associate
Corporate Counsel with Mercy
Health Systems. Mr. Beattie may be
reached at 717/540-4709. Mr. Miller
may be reached at 610/567-6812.
he United States Department
of Health and Human
Services, Office of Inspector
General (OIG) has reported over $762.5
million dollars in audit related savings
for fiscal year 2004, and $1.9 billion dol-
lars receivables due from investigations.
The False Claims statute remains the
OIG's tool of choice, however, an arse-
nal of equally potent tools are available.
They include laws relating to: conspira-
cy to defraud, false statements, mail
fraud, wire fraud, RICO and money
laundering. Key elements of the Civil
False Claims Act include knowingly pre-
sented or causing to present a false or
fraudulent claim for payment to Federal
programs.
"Knowingly" includes with a willful
blindness or a reckless disregard for the
truth or falsity of claims. If a provider
submits claims where it has an aware-
ness of the high probability of a materi-
al inaccuracy of the claims, it may have
violated the Civil False Claims Act. And
the level of proof is lower in civil ver-
sus criminal. In the former it is prepon-
derance of the evidence, on the latter
beyond a reasonable doubt. Liability for
Civil False Claims Act violations can be
treble damages, plus $5,500-11,000 per
false claim submitted. As a result, a
provider that submits as little as 100
false claims with a value of $5,000
could find its potential liability reaching
into the millions.
The OIG published its 2005 Work Plan
in the last quarter of 2004. This docu-
ment serves as a primary source for out-
lining areas the OIG believes warrant
closer scrutiny. The document continues
to demonstrate that the submission of
accurate claims to be the single biggest
risk area. Effective compliance programs
have in place a work plan development
process related to risk areas applicable
to their specific entity's needs. But,
being mindful of the OIG's Work Plan
within this context it prudent. Three
areas included in the 2005 Work Plan
are:
1. Aberrant DRG coding,
2. Incorrect use of the -25 modifier and
3. Rebates paid to hospitals.
The OIG's focus on aberrant DRG cod-
ing is, indeed, not new. The OIG antici-
pates it will determine whether some
acute care hospitals exhibit aberrant
coding patterns. Traditionally, the OIG
focuses on the examination of DRGs
that have a history of aberrant coding.
And, history being a dynamic process
means aberrant DRG codes change.
Current DRG codes that are or continue
to come under the microscope are
DRGs 014, 079, 296, 416 and 475.
Under the prospective payment system,
the DRGs for inpatient acute care
depend on accurate coding of diag-
noses and procedures. Inaccurate cod-
ing by hospitals can lead to Medicare
overpayments.
The incorrect use of the 25 modifier is
another area included on the current
OIG work plan. OIG anticipates it will
determine whether providers appropri-
ately used this modifier. In general, a
provider should not bill Evaluation and
Management (E & M) codes on the
same day as a procedure or other serv-
ice unless the E & M service is a signifi-
cant, separately identifiable service from
such procedure or service. A provider
reports such a circumstance by using
modifier -25.
The following is an example of the
proper use of the 25 modifier. A patient
returns for a follow up visit for his/her
sciatic pain. During the course of the
visit, the patient mentions to their physi-
cian that he/she is experiencing pain in
their left shoulder. The physician deter-
mines that an injection is needed. In
order for the physician to be reim-
bursed for both the E & M and shoulder
injection services, a 25 modifier must be
appended to the E&M service. Failure to
do so would result in most Medicare
carriers only paying for the drug inject-
ed and one service/procedure. Either
the injection or the E&M service would
be reimbursed, whichever is paid at the
lower rate. (Many commercial payers
will not separately pay for the injected
medication.) The OIG will determine
whether claims with a 25 modifier were
appropriately billed and reimbursed.
Determination of whether hospitals are
By John A. Beattie and Jeffrey Miller
T
Health Care Compliance Association • www.hcca-info.orgMarch 2005
13
properly identifying purchase credits as a
separate line item in their Medicare cost
report is another anticipated area of the
OIG's attention. Hospitals are required to
report rebates paid by vendors on their cost
reports. In the case of drugs, some of the rebates
can be substantial. Because critical access hospitals
are cost based reimbursed, there could be a reim-
bursement implications for these hospitals. Even
though the cost report is largely an informational
submission for most providers, it still must sub-
scribe to Medicare regulations regarding reporting
costs. Overstatement of costs on cost reports by
not offsetting rebates against applicable expenses
distorts the cost to reimbursement comparison and
Medicare rate setting computations.
These are just a few of the risk areas identified in
the OIG's 2005 Work Plan. The OIG's "follow the
money" philosophy has consistently proven an
effective audit and monitoring strategy.
Development of analytical and inspection process-
es and procedures to assess and monitor risk areas
is essential. Focusing your efforts on these three
areas is a prudent course of action. ■
CERTIF IED INHEALTHCARECOMPLIANCECHCCHC
The Healthcare Compliance Certification
Board (HCCB) compliance certification
examination is available in all 50 States.
Join your peers and become Certified in
Healthcare Compliance (CHC).
CHC certification benefits:
■ Enhances the credibility of the compli-
ance practitioner
■ Enhances the credibility of the compli-
ance programs staffed by these certi-
fied professionals
■ Assures that each certified compliance
practitioner has the broad knowledge
base necessary to perform the compli-
ance function
■ Establishes professional standards and
status for compliance professionals
■ Facilitates compliance work for com-
pliance practitioners in dealing with
other professionals in the industry,
such as physicians and attorneys
■ Demonstrates the hard work and dedi-
cation necessary to perform the compliance task
CHC Certification, developed and managed by HCCB, became available
June 26, 2000, since that time hundreds of your colleagues have become
Certified in Healthcare Compliance. Linda Wolverton, CHC, Director,
Compliance, Triad Hospitals, Inc. says that she sought CHC Certification
because “...many knowledgeable people work in compliance, and I wanted
my peers to recognize me as ‘one of their own’.” With certification she is
“recognized as having taken the profession seriously, having met the nation-
al professional standard.”
For more information on how you can become CHC Certified,
please call 888/580-8373,
email [email protected], or visit the HCCA Website:
http://www.hcca-info.org/Template.cfm?section=HCCB_Certification
The Compliance Professional’s Certification
Congratulations on achieving CHC status! The Health care
Compliance Certification Boardannounces that the following
individuals have recently successfully completed the
Certified in HealthcareCompliance (CHC)
examination, earning CHC designation:
William G. Clark
Mary Mccann
Jan Lee Usset
Lori Lemasters
Maria N. Burke
Rory Scott Jaffe
Gloria Maria McNeill
Lori Olds
Wendy Sue Portier
Mary Snyder
Survey Results
On February 8, HCCA asked its members:
Does your ComplianceDepartment Report tothe Audit Department?
We received 447 responses over two days.
Here’s the results:
91% (409): Does not Report to the Audit
Department
6% (26): Jointly Reports to Audit and Another
Department or Individual
3% (12): Reports to the Audit Department
14March 2005
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
Editor's note: Roy Snell conducted
this interview with the newest mem-
bers of HCCA's Board of Directors -
Cynthia E. Boyd, M.D., FACP, MBA,
Rush University Medical Center;
Anne Doyle, Tufts Health Plan;
Frank Sheeder, …; Cheryl
Wagonhurst, Tenet Healthcare - at
the end of January 2005.
Cynthia E. BoydM.D., FACP, MBA
Assistant Professor, Department of
Internal Medicine
Associate Vice President, Chief
Compliance Officer
Director, Medical Staff Operations
Rush Medical College
Rush University Medical Center Facility
Chicago, IL
RS: What unique perspective do you
think you can bring to the
association?
CB: First, as a general internist with
clinical practice and teaching
experience, I have a keen sense of the
challenges and the perspective that
clinicians have and the views they share
with respect to health care
compliance. My practice experience has
included working in a staff model
HMO, a university faculty plan, and as a
solo private practitioner on the
faculty of academic medical centers. In
addition, I have been closely
involved in medical education as a for-
mer assistant dean, and much of
compliance involves education and
addressing the specific learning
styles/preferences of our varied audi-
ences.
My current role as Director of
staff operations, which includes working
on issues related to patient care,
quality improvement, and the creden-
tialing/privileging process, all lend a
unique perspective in addressing some
of the principles and challenges
associated with compliance.
It is the nexus of these experiences
that has given me a sound foundation
on which to build my current role of
Compliance Officer. I hope to bring this
perspective and experience to the table
with HCCA.
RS: How has HCCA helped you?
CB: HCCA has provided me with the
opportunity to meet, network, and tap
into an incredible resource of knowl-
edgeable and energetic professionals
featurearticle
Meet HCCA’s Newest Directors
15March 2005
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
who have made my job a lot more fun
and a bit easier to perform.
HCCA is also well respected in the
industry as a resource and as an organi-
zation.
RS: What do you think HCCA does
well?
CB: HCCA does a good job of pro-
viding information and remaining
current with the ever changing compli-
ance profession.
HCCA understands and supports
compliance professionals by providing
meaningful and useful workshops, sem-
inars, conferences, and publications that
are readily available, accessible and
easy to use.
RS: How is the compliance profes-
sion changing?
CB: The compliance profession is
being driven mainly by outside forces,
i.e. the government. These outside
forces will define the extent and scope
to which this profession will continue
to evolve.
With that said, I believe the health
care industry is a very large and com-
plex one that will also continue to
evolve and change. There are political,
professional, ethical, moral, social, eco-
nomic, and policy forces that all inter-
play into making the health care indus-
try one of the most dynamic and impor-
tant industries that has an effect on
every American.
No other industry has such a
unique place in our lives and the lives
of our loved ones, and it is for this rea-
son that I think health care compliance
will always be at the forefront of this
profession.
Anne Doyle
Compliance and Privacy Officer
Tufts Health Plan
Waltham, MA
RS: How long have you been
involved in HCCA?
AD: I have been a member since
1998, the early days of HCCA. This was
back when people still looked puzzled
when you told them that you worked
in "Compliance!"
RS: What is the most important pur-
pose or service HCCA provides?
AD: I firmly believe that HCCA's pri-
mary purpose is to serve its members.
To me, "serving members" means meet-
ing each member's needs, whether they
are a new compliance officer imple-
menting a new compliance program, or
a seasoned compliance professional
measuring the effectiveness of a mature
compliance program.
HCCA's national and local area
conferences—as well as its publications
—offer tremendous information and
learning opportunities across a range of
industry topics and levels.
I hope to see HCCA continue to
strengthen its website and use technolo-
gy in a way to help members connect.
If a compliance officer at a multi-site
physician's office is struggling to imple-
ment a records management program,
and I'm in a health plan in
Massachusetts having just implemented
such a program, I want it to be easier
for my colleague to post a question and
get a quick response from me and oth-
ers around the country. Compliance
professionals have a tremendous
knowledge base and I'm excited by
ways that HCCA can help us share and
leverage that knowledge.
RS: What leadership experience
have you had that will help you in your
new role?
AD: I have to laugh at this question,
because what comes to mind first are
some extracurricular leadership activi-
ties that have prepared me well for the
HCCA Board. These include leadership
of my local school board and coaching
kids in sports. In both cases, listening
and responding to the needs of differ-
ent constituents were critical to my suc-
cess.
I'm looking forward to helping to
improve HCCA by listening and learn-
ing from members.
RS: What unique perspective or
industry experience do you think you
will bring to the board?
AD: I bring several perspectives to
the Board.
As Compliance and Privacy Officer
at Tufts Health Plan, a managed care
plan representing approximately
700,000 members, I bring the perspec-
tive of a payer. I also bring the view-
point of someone who has developed a
compliance program from the ground
up and has experienced the challenge
Continued on page 16
16March 2005
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
of bringing fresh approaches to a
mature program. I also represent the
northeast area, a first for the HCCA
board.
Frank SheederPartner
Brown McCarroll, LLP
Dallas, TX
RS: Have you worked with any
other associations?
FS: I am a member of the American
Bar Association, the American Health
Lawyers Association, and the Dallas Bar
Association.
RS: You recently attended your first
HCCA strategic planning meeting, what
are your observations about the meet-
ing?
FS: The HCCA Board of Directors is
an energetic, enthusiastic, cohesive, and
thoughtful group that strives to put the
interests of HCCA members first.
RS: What unique perspective do you
think you can bring to the association?
FS: My experience in representing
providers as outside counsel, and in
dealing with regulators and prosecutors
to help solve instances of non-compli-
ance.
RS: What professions other than
compliance officer do you think HCCA
can serve?
FS: I believe HCCA can serve senior
leaders and board members to help
educate them about compliance and to
work toward obtaining their buy-in on
this crucial aspect of operating in
today's business environment.
RS: What impact does the recent
Supreme Court ruling have on the com-
pliance profession?
FS: I don't think it changes anything.
The foundational principles of the com-
pliance profession, which are embodied
in the United States Sentencing
Guidelines and elsewhere, are
unchanged by the Booker decision.
Cheryl Wagonhurst
Chief Compliance Officer
Tenet Healthcare Corporation
Santa Barbara, CA
RS: What unique perspective do you
think you can bring to the association?
CW: I believe that the perspective
that I can bring is that of having
worked both as a health care lawyer
and now as a compliance officer in the
good times and the bad.
RS: How is the compliance profes-
sion changing?
CW: I believe that the compliance
profession is becoming more of an
establish profession. I think that the role
of the compliance officer is becoming
much more accepted and defined by all
industries.
RS: What impact does the recent
Supreme Court ruling have on the com-
pliance profession?
CW: Very little in my opinion.
Compliance is so deeply imbedded
especially in the health care field. Many
providers have mandatory CIAs with the
government and those that don't have
some sort of program based on the
OIG's Guidance. If they don't, then they
are not very attuned to what's happen-
ing in the area of health care enforce-
ment today. That being said, I think that
many providers are also realizing that
compliance is actually "good" for busi-
ness and that's an added incentive for
doing the right thing—every time.
RS: What professions other than
compliance officer do you think HCCA
can serve?
CW: I think that HCCA can and
should involve all professions that touch
on health care compliance. So much of
what HCCA does can help physicians,
coders, HIM professionals and others in
the health care profession better under-
stand the complex area of health care
compliance. ■
HCCA's Newest Directors
17Health Care Compliance Association • 888-580-8373 • www.hcca-info.orgMarch 2005
Health CarHealth Care Compliance e Compliance AssociationAssociation
YOUR HCCA STAFFThe The Association forAssociation for Health CarHealth Care Compliance Pre Compliance Professionals.ofessionals.(888) 580-8373 | (952) 988-0141 | fax (952) 988-0146(888) 580-8373 | (952) 988-0141 | fax (952) 988-0146
Claudia HoffackerDeputy [email protected]
Margaret DragonDirector of [email protected]
Darin DvorakConference [email protected]
Caroline Lee BivonaConference [email protected]
Tracy HlavacekConference [email protected]
April KielDatabase AdministratorMember [email protected]
Patti EideAdministrative [email protected]
Gary DeVaanGraphic Services [email protected]
Wilma EisenmanMember [email protected]
Beckie SmithConference [email protected]
Karrie HakensonProject [email protected]
Kaeren AndersonGraphic [email protected]
18March 2005
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
This is a very important moment
in the history of the compliance
profession.
Compliance may be expanding in scope and responsibility.
Like billing and legal, accounting has had some difficulty
policing itself. Like the others, accounting may not welcome
oversight by compliance. We will hear once again comments
such as, "I got it" and "Compliance does not have the expert-
ise, etc." The ques-
tion is "Will anyone
listen?"
Once again the
leadership will
have to assess
what is missing
from the equation
and whether com-
pliance can bring
"it" to the table.
Some will say the
problem is related
to conflicts of inter-
est rather than a lack of oversight and understanding of the
accounting rules.
Does any department have more oversight and standards of
behavior than accounting? Who else has annual audits and
"Generally Accepted Principles." I personally believe that
other than its conflict of interest problem, the accounting pro-
fession is a model for the rest of us to follow. Their only
problem is that personal gain, power, and pressure can foul
up any system.
At this point, I have to believe that some health care boards
are wondering "Is any department capable of following the
regulations?" "First the legal and billing departments took
their eye off the ball and now accounting is having trouble?"
You have to believe that this is frustrating for boards. You
can't pick up a paper without seeing an accounting scandal.
Now HealthSouth is demonstrating that health care is not
immune to
accounting scan-
dals. Oh…. the
humanity!
No department
has more systems,
procedures and
controls than
accounting.
Boards have to be
incredulous. We
have annual
audits, controls,
generally accepted
accounting procedures, and we are still having problems.
Many of the accounting problems come to light as a result of
a whistleblower who tried to get someone's attention. Fifteen
people have pleaded guilty in the HealthSouth case. Many
must have known that something was wrong, but could not
or would not stop it. Boards have to believe that there is a
problem with independence. Someone wants the numbers to
look good as opposed to being accurate. ■
Roy Snell
The HealthSouth trial has begun
"This is a very important moment in thehistory of the compliance profession.
Compliance may be expanding in scopeand responsibility. Like billing and
legal, accounting has had some difficul-ty policing itself. Like the others,
accounting may not welcome oversightby compliance."
19March 2005
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
Share Compliance Documents With Other HCCA Members...
And win one of 12 Portable DVD PlayerCourtesy of:
Each time you add a compliance doc-ument to the HCCA Website you willhave an additional chance to win aPolaroid Portable DVD Player * **,courtesy of Brown
McCarroll L.L.P. Add 30documents and you will
have 30 chances to wineach month for a period of
12 months– November 2003 to October 2004. OnePortable DVD Player willbe given away eachmonth for 12 months.Any non-copyrightedcompliance document willcount, such as policies, proce-dures, forms, memos, presentations,educational tools, government documents,articles, white papers, or miscellaneousdocuments. Just visit eCommunities onthe HCCA Website:
www.hcca-info.org*No repeat winners.**HCCA staff members are not eligible.
Announcing
February’s winner:
LANCE LORIA
20March 2005
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
Editor's note: William D. Darling,
JD, is a partner with Brown
McCarroll, LLP, located in Austin,
Texas. His practice focuses on fraud
and abuse and corporate compli-
ance matters. Kevin M. Wood, JD,
an associate with Brown McCarroll,
LLP, in Austin, Texas, represents
physicians and other health care
providers on such matters as fraud
and abuse, and corporate compli-
ance, and HIPAA. William Darling
may be reached via email at bdar-
[email protected] and Kevin Wood
may be reached via email at
primary motivation for the
widespread development of
corporate compliance pro-
grams by health care providers is the
incentive to do so contained in the
United States Sentencing Guidelines.
The United States Sentencing
Commission issued organizational
guidelines in 1991 that apply to entities
that are sentenced for federal crimes.
The organizational guidelines provide
entities with the ability to seek a down-
ward departure from the federal sen-
tence that would otherwise be dictated
by the United States Sentencing
Guidelines, upon a showing that the
entity has an effective corporate compli-
ance program. The organizational
guidelines establish seven elements that
are minimum standards for an effective
compliance program. The seven stan-
dards essentially direct that an effective
corporate compliance program will
include:
1. Adopting compliance standards and
procedures reasonably capable of
preventing and detecting wrongdo-
ing;
2. Knowledge of the compliance pro-
gram by the organization's governing
authority and reasonable oversight by
the governing authority with respect
to the implementation and effective-
ness of the compliance program,
including the appointment of specific
high-level individuals to administer
program. To the extent specific indi-
viduals are delegated day-to-day
operational responsibility for the
compliance program, such individu-
als must periodically report to the
high-level individuals and, as appro-
priate, the governing authority, on
the program's effectiveness.
3. Reasonable efforts not to delegate
authority inappropriately to persons
whom the organization knows, or
should know through the exercise of
due diligence, have engaged in ille-
gal activities or other conduct incon-
sistent with the organization's tenets.
4. Reasonable steps to communicate
the standards and procedures (and
other aspects) of the compliance pro-
gram throughout the organization by
conducting effective training sessions
for all personnel, including distribut-
ing appropriate information with
respect to the responsibilities given
to those individuals charged with the
program's administration and
enforcement.
5. Reasonable steps to ensure that the
compliance program is followed,
including monitoring and auditing to
detect misconduct; periodically evalu-
ating the effectiveness of the compli-
ance program; and having and publi-
cizing a system (including mecha-
nisms to allow for anonymity or con-
fidentiality) whereby the organiza-
tion's employees and agents may
report or seek guidance regarding
potential or actual misconduct with-
out fear of retaliation.
6. Consistent promotion and enforce-
ment of the compliance program
throughout the organization through
the use of appropriate incentives to
comply with the program and disci-
plinary measures for those engaging
in misconduct and for failing to take
reasonable steps to prevent or detect
inappropriate conduct.
7. Taking reasonable steps when
wrongdoing has been detected to
respond appropriately to the wrong-
doing and to prevent further similar
conduct, including making any nec-
essary modifications to the organiza-
tion's compliance program.1
The Office of the Inspector General of
the United States Department of Health
and Human Services (OIG) has issued
A
By William D. Darling, J.D. & Kevin M. Wood, J.D.
WIL
LIA
M D
.DA
RLI
NG
21March 2005
Compliance Guidance to various types
of providers and entities in the health
care industry. This Guidance embraces
the foregoing seven elements as found
in the United States Sentencing
Guidelines.
In 2004, the United States Supreme
Court declared the sentencing guide-
lines for the State of Washington to be
unconstitutional in Blakely v.
Washington.2 Washington's sentencing
guidelines (which were similar to the
United States Sentencing Guidelines)
allowed a judge to consider facts not
found by a jury as he or she deter-
mined a defendant's sentence.
After the Blakely decision, a number of
federal defendants who were sentenced
under the United States Sentencing
Guidelines appealed their sentences.
One of the appellants included Mr.
Booker, who received an upward depar-
ture from the sentence he generally
would have received under the
Guidelines. Under the United States
Sentencing Guidelines, Mr. Booker
would have received a prison sentence
of 210-262 months for the drug offense
for which he was convicted. Instead, the
judge assessed a thirty-year sentence
based on facts he himself determined.
The judge conducted a sentencing hear-
ing and found that certain facts existed
by a preponderance of the evidence.
None of these facts were presented to a
jury. Mr. Booker appealed the enhanced
sentence, and two questions were pre-
sented to the U.S. Supreme Court.
The Booker decisionThe questions presented in Mr. Booker's
appeal to the Supreme Court were:
1. Whether the court violated Mr.
Booker's Sixth Amendment right
under the United States Constitution
by imposing an enhanced sentence
under the United States Sentencing
Guidelines based on the sentencing
judge's determination of a fact (other
than a prior conviction) that was not
found by the jury or admitted by the
defendant.
2. If the answer to the first question
was "yes," the following question was
presented: whether, in a case in
which the Guidelines would require
the court to find a sentence-enhanc-
ing fact, the Guidelines as a whole
would be inapplicable such that the
sentencing court must exercise its
discretion to sentence the defendant
within the maximum and minimum
set by statute for the offense of con-
viction.
It is important to note that these ques-
tions had nothing to do with the appli-
cability of the seven elements of an
effective compliance program found in
the United States Sentencing Guidelines
for Organizations (and incorporated by
the OIG into its Compliance Guidance).
Indeed, the questions presented by the
Booker case involved the United States
Sentencing Guidelines for Individuals.
On January 12, 2005, the U.S. Supreme
Court delivered an opinion in United
States v. Booker.3 In the Booker deci-
sion, the Court held that Section
3553(b)(1) of Title 18, United States
Code, the law which makes the use of
the United States Sentencing Guidelines
by federal judges mandatory, was
inconsistent with the right to a jury trial
afforded by the Sixth Amendment to the
United States Constitution. Federal
judges are now able to sentence defen-
dants without a mandatory requirement
that they follow the United States
Sentencing Guidelines.
There is speculation that a significant
battle will arise between the U.S.
Congress and the federal judiciary on
this issue. On one hand, some senators
and congressmen want to maintain uni-
formity and the taking of a hard line
toward the sentencing of federal defen-
dants. On the other hand, the federal
judiciary wants to maintain more discre-
tion in the sentencing of federal defen-
dants. The bottom line is that the
Booker case may spawn Federal legisla-
tion to add a jury component into the
federal sentencing system that would
once again make use of the United
States Sentencing Guidelines as manda-
tory in connection with the sentencing
decisions made by federal judges.
Application of the Booker case to com-pliance programsThe Booker case has caused some in
the health care industry to question the
continued necessity of maintaining their
compliance programs. Abandonment or
reduction of the importance of an orga-
nization's compliance program would
generally be ill-advised, especially if
such a decision were predicated on the
Booker decision. The basic holding in
Continued on page 22
KE
VIN
M.W
OO
D
22March 2005
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
the Booker case is that the United States
Sentencing Guidelines continue to be
available to federal judges to consider in
sentencing on a non-mandatory basis.
The real value of an effective compli-
ance program may not be in the poten-
tial reduction in a federal sentence
assessed against an organization. One
school of thought holds that those
organizations that are actually sentenced
in a federal criminal proceeding gain lit-
tle value from the presence of a compli-
ance program. If an organization is
being sentenced in a federal criminal
proceeding, it is likely that neither the
OIG, the United States Department of
Justice (DOJ), nor the federal judge pre-
siding in the case will believe that the
organization's compliance program was
truly effective. Also with the threat of
mandatory exclusion from participation
in federally funded health care pro-
grams that accompanies a federal con-
viction, contending that the organization
has an effective compliance program
may be "too little, too late."
The real value, instead, may lie in con-
vincing the DOJ, the OIG, or the federal
judge presiding in the case that the
organization has undertaken a compli-
ance program in good faith and that the
crime that may have occurred was
indeed an anomaly. The benefit of
establishing the bona fides of the orga-
nization's compliance program may be
that the organization is not charged
criminally in the first place, or that civil
penalties are mitigated.
Furthermore, it is difficult to see how
the Booker decision could nullify all of
the good compliance work that has
been done so far since the seven ele-
ments of an effective compliance pro-
gram are so embedded in the OIG's
Compliance Guidance and in the
approaches adopted by organizations in
and outside the healthcare industry. It
is unlikely that the OIG will retreat from
its positions on the seven elements
because of this decision.
Practical advice Overall, the compliance universe has
not been greatly altered by the Booker
case. The perception created by the
popular press may be that management
may safely eliminate or significantly
reduce the costs associated with an
organization's compliance program. In
fact, the press coverage of the Booker
case has possibly been sufficient
enough that this misperception may be
deeply embedded in the minds of some
compliance professionals. This public
perception cannot be maintained when
one looks at the value of a compliance
program in practice.
The compliance officer in an organiza-
tion should take steps to ensure the
governing body and management that a
compliance program remains just as
necessary and important today as it was
before the decision in the Booker case
was published. It may even present an
opportunity to further educate the orga-
nization's management and employees
about the importance of maintaining an
effective compliance program. The deci-
sion in the Booker case has in no way
diminished the importance of having an
effective compliance program. An
organization that does not take its obli-
gation to maintain an effective compli-
ance program incurs the potential for
serious risks to the organization that are
difficult to justify. Compliance profes-
sionals should work actively within their
organizations to reaffirm the importance
of the compliance program to the pro-
tection of the organization as a whole.
■1 United States Sentencing Commission, Guidelines
Manual, § 8B2.1 (Nov. 2004).
2 See Blakely v. Washington, 125 S. Ct. 2531, 159 L. Ed.
2d 403, 75 U.S.L.W. 4546 (U.S. June 24, 2004).
3 See United States v. Booker, No. 04-104, 2005 U.S.
LEXIS 628 (U.S. Jan. 12, 2005).
still necessary after Booker? ...continued from page 21
Full Name:
Title:
Organization:
Address:
City/State/Zip:
Telephone:
Fax:
E-mail:
HCCA individual membership costs $295.00; corporate member-ship (includes 4 indiv. memberships, and more) costs $2,500.00. CT subscription is complimentary with membership. HCCA non-member subscription rate is $357.00/year.❑ Payment enclosed❑ Pay by charge: ❑ AmEx ❑ MasterCard ❑ Visa
Card #: Exp. Date:Signature:
❑ Please bill my organization: PO#Please make checks payable to HCCA. Please return subscription coupon to
5780 Lincoln Drive, Suite 120, Minneapilis, MN 55436.
To order Compliance Today (CT) complete this coupon
23March 2005
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
Editor's note: Connie Emery, CPA,
CIA, CISA, CISSP, CIPP, is
Information Privacy/Security
Officer, VP, Compliance Department
with Tenet HealthSystem. She may
be reached in Dallas, Texas at
469/893-6709.
t Tenet, we have been work-
ing diligently since January
2001 to ensure our covered
entities are compliant with the HIPAA
regulations. Throughout the process, we
have encountered many significant chal-
lenges:
■ Challenge #1 - Privacy compliance
due April 2003.
■ Challenge #2 - Transaction and Code
Set (T&C) compliance (or request for
an extension) due October 2003.
■ Challenge #3 - Security compliance
due April 2005.
Challenge #3Our information security compliance
efforts began early in 2001. It became
apparent during the initial planning
phase that the health care industry was
not a "leader" in regard to information
security practices. In fact, when it came
to security over information and infor-
mation assets, there was significant
room for improvement. Since informa-
tion is required to ensure that patients
receive quality care and providers
receive timely payment, health care has
historically been an industry based on
information sharing between its many
participants (hospitals, physicians,
health plans, employers, family mem-
bers, health care agencies, etc.).
Much of 2001 was spent reading the pro-
posed HIPAA security rule, developing
charts to identify the required policies,
matching identified policies to industry
standards, and writing and re-writing
those policies. Once the policies were
written, they were reviewed and re-
reviewed and "blessed" by outside coun-
sel. The final documents were released
to all covered entities and posted on our
internal website in December 2001.
This year, we once again began a
review of the policies to confirm that
they adequately addressed revisions
made in the final security rule, and to
address changes in technology, industry
standards, and the operations of our
covered entities. The same process was
followed; writing, re-writing, reviewing,
and re-reviewing. The revised policies
were posted in December 2004.
Training for our workforce has been
developed and all employees are required
to participate in that training by April 1,
2005. The training will take place on-line
with supplemental PowerPoint™ presenta-
tions (in English and Spanish) for individ-
uals who may not have access to a com-
puter. Supplemental privacy and/or securi-
ty training is also offered to an employee
or a group of employees on a discre-
tionary basis when those individuals have
been involved in a privacy/security inci-
dent. The privacy and security incident
response process requires collaboration
between the Compliance Department,
Hospital Compliance Officers, Information
Systems Departments, and numerous
other groups.
What an achievement-the policies are
finished and all employees will be
trained by April 1! What more could we
have to do? The answer-A LOT! As we
work to meet the April 2005 security
compliance deadline, we have identified
a few areas that may impact any covered
entity's ability to achieve compliance.
A complete and accurate inventoryOur very first challenge to achieving
compliance with the security rule was
ensuring we had a complete and accu-
rate inventory of all applications and
systems that would be impacted by the
rule. We started this process from
scratch because a few years had passed
since the inventory from our Y2K efforts
was last updated. At last count, Tenet
had over 900 applications and 19 oper-
ating systems that were impacted by the
HIPAA security regulations (not account-
ing for the different versions and instal-
lation configurations that exist for
A
By Connie Emery
Team members are: Back (from left): Connie Emery, Info. Privacy/Security Officer; Donna Masters, Administrative Assistant
Front (from left): Andrew Vezina, Mgr. Privacy/Security; Kevin McCaslin, Specialist IS Security Sr.; Rick Frie, Mgr. Privacy/Security
Continued on page 24
24March 2005
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
dozens of applications).
As Tenet acquires and/or develops new
applications, the inventory is continu-
ously updated. Each system and its
operating environment have been
assessed for compliance and remedia-
tion plans are being developed.
In addition to our systems and applica-
tions, we were tasked with identifying
all of the biomedical devices that may
be impacted by the security regulations.
Issues that covered entities may
encounter related to bio-medical
devices include:
■ Verifying the inventory is complete
and accurate, including the most cur-
rent information.
■ Verifying the equipment listed in the
inventory creates, receives, maintains
or transmits electronic protected
health information (ePHI), including
all assets that handle ePHI, and
excluding assets that handle health
information without any patient iden-
tifiable data.
■ Obtaining assurance from biomedical
equipment vendors that their equip-
ment is HIPAA compliant.
■ Identifying compensating controls for
equipment that cannot be made com-
pliant.
■ Justifying the expense of implement-
ing controls to ensure information is
kept confidential.
So, how do you add security controls to a
piece of equipment or an application that
has no controls? What do you do if the
cost of remediation is too high? Keep it
behind lock and key-simple, right?
Covered entity evaluationThe security rule requires an evaluation
of the covered entity's compliance with
both the technical and non-technical
components of the regulation [§
164.308(a)(8)]. Tenet has over 400 phys-
ical locations (hospitals, clinics, business
offices, and corporate offices) where
activities occur that include the creation,
maintenance and transmission of ePHI.
Our compliance program includes an
initial on-site "evaluation" of these loca-
tions to ensure controls are in place to
address both information privacy and
security. We started the evaluation
process in January 2002 and, with a
staff of five very dedicated individuals,
completed the initial evaluations of all
400 locations in December 2004.
The next step is to perform an annual
risk assessment and identify entities with
a relatively high risk of non-compliance.
A ranking system was used to compare
risk between facilities, with ranking met-
rics including key risk indicators such as
management turnover, management
input, reported privacy/security inci-
dents, changes to information systems,
bed size, affiliated non-hospital entities,
etc. Based on the results of this risk
ranking, on-site visits will be conducted
at approximately 36 hospital locations
(and the associated non-hospital entities)
each year, which should allow us to visit
all physical locations every 1-3 years,
depending on risk ranking.
We perform remote network vulnerabili-
ty scans of the other locations and pro-
vide facility management with self-
assessment tools to ensure on-going
compliance. Covered entities should
also implement procedures for monitor-
ing incident reporting and assisting, as
needed, in incident remediation.
Business associate agreements (BAAs)
As noted in the recent GAO report
"Health Information—First-Year
Experiences under the Federal Privacy
Rule"; the requirement to develop
agreements with business associates that
extend privacy protections "down-
stream" is overly burdensome. We
couldn't agree more! With over
1,200,000 vendors who provide supplies
and services to Tenet affiliated covered
entities; just identifying the list of busi-
ness associates was a HUGE task for us.
The list provided to our covered entities
for verification included 31,000 vendors
who MAY have required a BAA. Total
confirmed BAs for Tenet during the pri-
vacy roll-out was approximately 14,000.
We anticipate the final number of true
BAs to be approximately 10,000.
The security rule [§ 164.314(a)(2)(i)]
adds language that covered entities may
not have incorporated into their initial
business associate agreements. Revisions
to the contracts may be needed to
strengthen the security language and
revised agreements may need to be
executed with the vendors.
Another hurdle in regard to BAAs—how
do covered entities keep up with new
vendors? To address this issue we:
■ Implemented a process that requires
all new vendors to be reviewed to
determine if they are a business asso-
ciate. Our accounts payable system
was updated to flag vendors who are
business associates, and to provide
reports including that information.
■ Will continue providing periodic
training to the hospital compliance
officers regarding business associate
requirements.
■ Plan to perform a "global" review of
business associate agreements in
HIPAA challenge #3 ..continued from page 23
25March 2005
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
2005 to ensure ongoing compliance
with the BAA process.
Finally, as required by the security rule
[§ 164.308(8)(b)(1)], the contract
between a covered entity and a busi-
ness associate must provide that the
business associate implement adminis-
trative, physical, and technical safe-
guards that reasonably and appropriate-
ly protect the confidentiality, integrity,
and availability of the ePHI that it cre-
ates, receives, maintains, or transmits on
behalf of the covered entity. How does
a covered entity ensure that vendors are
living up to these requirements? It's not
possible to audit every business associ-
ate. To address this issue:
■ We will perform a risk assessment of
our business associate relationships
and identify those of relatively high
concern. Potential high risk vendors
include third party copy vendors and
transcription vendors, since they have
access to a great deal of ePHI and
they use processes that could poten-
tially cause inappropriate disclosures.
■ Our compliance plan for 2005 will
include audits of selected business
associates.
■ When an incident is reported that
involves a business associate, remedia-
tion will include a review of the busi-
ness associates corrective action plan.
Management supportAfter Y2K (the event that was a non-
event), compliance teams may have had a
difficult time convincing management that
HIPAA is here to stay and will require sig-
nificant resources to ensure compliance.
Tenet's management has provided
resources (funding and personnel) to sup-
port Tenet's HIPAA compliance initiatives.
Many covered entities may, however,
struggle to maintain an adequate level of
management support. Reasons for this
struggle may include the fact that Health
and Human Services' enforcement rule
promotes voluntary compliance and the
rule is seen as having no "teeth". In
addition, the Office of Inspector General
(OIG) 2004 Work Plan had no HIPAA
(privacy or security) projects identified
for completion in 2004.
Now, however, the 2005 Work Plan
identifies three projects that address pri-
vacy/HIPAA. Those three projects are:
■ Managed Care Organization's
Compliance With HIPAA: (OAS; W-
00-05-41007; A-04-00-00000; expected
issue date: FY 2005; new start)
■ Privacy of Medical Records: (OAS; W-
00-05-58007; A-01-00-00000; expected
issue date: FY 2005; new start)
■ Compliance With the Health
Insurance Portability and
Accountability Act Privacy Final Rule-
University Hospital: (OAS; W-00-04-
41006; A-05-04-00000; expected issue
date: FY 2005; work in progress)
While these are all privacy review proj-
ects, this new interest by the OIG and
stronger enforcement by HHS may assist
covered entities in continuing to gain
management support of their HIPAA
compliance efforts.
All that paperThe HIPAA security regulations are
addressing a critical industry issue related
to the protection of an individual's ePHI.
Ensuring the confidentiality, availability
and integrity of ePHI is a necessary com-
ponent of providing quality patient care.
What about all that paper? Paper is creat-
ed during the registration process, passed
to the nurses on the floor, processed and
sent to the Health Information
Management department, and used in
countless other processes around the hos-
pital. Copies of medical records are pro-
duced and provided to physician offices,
payors, corporate departments, third party
vendors, local health agencies, etc. What
information is contained in these paper
documents? Anything that could identify a
patient including their social security
number (SSN), date of birth (DOB),
address, phone number…
As the health care industry moves
toward implementation of electronic
health records (EHRs), perhaps some of
the paper documentation maintained by
covered entities will be eliminated. This
initiative is in its infancy and causes
additional, yet different, concerns about
the confidentiality, availability and
integrity of ePHI. By the way, what ever
happened to the Unique Patient
Identifier (UPID) initiative?
Challenge #4HIPAA compliance implementation con-
tinues to be a challenge. As we work to
achieve and maintain compliance with
the HIPAA regulations, we will continue
to have many challenges and record
many successes. We are confident that
our efforts to make sure Tenet-affiliated
covered entities are compliant with the
security rules will be successful.
So, what's on the list for Challenge #4 -
the National Provider Identifier (NPI)?
With a due date of May 2007, it seems
there is plenty of time to prepare. Our
goal is to start working toward NPI com-
pliance immediately after the April 2005
security deadline. The projected outcome
of Challenge #4 - SUCCESS, of course! ■
26March 2005
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
Editor's note: John E. Steiner Jr., Esq.
is the Chief Compliance Officer and
Privacy Official for the Cleveland
Clinic Health System. Heidi R.
Carroll, Esq. Corporate Compliance
Specialist, for the Cleveland Clinic
Health System. They may be reached
at 216/444-1708.
his article is the second of
two articles on clinical
research compliance issues.
The first article, published January 2005
in Compliance Today, focused on the
monitoring of clinical research study
budgets and clinical research participant
billing at the trial level. This article
focuses on monitoring and auditing of
clinical research participant billing at
both the departmental and institutional
level.
Both articles illustrate specific methods
and techniques for designing, imple-
menting, and maintaining key compo-
nents of a clinical research compliance
program. As a general matter, clinical
research sites should continue to
demonstrate good faith efforts to com-
ply, despite the daunting scope of the
task. There is no question that the field
needs additional 'tools,' (e.g. software,
information technology support, inter-
faces, and the like) to improve overall
compliance levels.
It is apparent that 'help is on the way'
from the private sector, given the critical
importance of clinical research to
advance medical knowledge and patient
care. Increasingly, at HCCA conferences
and in other venues, vendors are dis-
playing products and services that are
responding to this segment of the com-
pliance field. Moreover, there are
increasingly frequent and focused train-
ing and education programs available
for clinical research personnel to stay
current with compliance requirements.
Several of those requirements are dis-
cussed below in the context of 'moni-
toring and auditing' recommendations
for clinical trials.
Self-auditsAs part of the overall compliance pro-
gram, a method should be established
to conduct self audits. "Self-audits may
be used to determine whether (1) bills
are accurately coded and accurately
reflect the services or items furnished as
documented in the medical records, (2)
documentation is complete, (3) services
or items provided are reasonable and
necessary…"1 Therefore, a technique
must be developed to audit and moni-
tor clinical research participant billing
procedures and evaluate those accounts.
Depending on the size and structure of
the organization, monitoring may be
conducted either centrally through inter-
nal audit or at the departmental level.
Individuals appointed to conduct the
auditing and monitoring (referred to as
a 'monitor' in this article) should… "ide-
ally include those people in charge of
billing and medically trained profession-
als." 2
Monitors' checklist
First, the monitors should document
that each clinical research trial has a
binder or folder that includes the fol-
lowing information (as outlined in the
first of these two articles):
1. Clinical Research Billing Checklist
2. Clinical Research Study Budget/
Amendments
3. Clinical Research Participant Billing
Procedure
4. Research Participant Monitoring Plan
5. Informed Consent Document
Monitors should construct a checklist to
review the following documents for
completeness:
1. Clinical Research Billing Compliance
Checklist
■ Is it complete?
■ Was it submitted to the proper
institutional office or committee?
■ Does it contain an analysis of the
research participant charges stan-
dard of care charges vs. research
charges?
2. Clinical Research Study Budget/
Amendments
■ Was a detailed budget prepared?
■ Was the budget properly amend-
ed, if necessary, in the event of a
protocol change?
3. Clinical Research Participant Billing
Procedure
■ Are special billing procedures
noted if research costs occur while
a research participant is: 1) an
inpatient or outpatient (special
charge tickets) or 2) receiving an
ancillary service?
■ Coverage requirements:
• Items or services were either
designated as research costs or
standard of care
• Pre-certification requirements of
third party payors
T
By John E. Steiner Jr., Esq. and Heidi R. Carroll, Esq.
27March 2005
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
• Advance Beneficiary Notices
• Coding requirements(e.g. spe-
cial Charge Description Masters
(CDM), such as an
Investigational Device CDM)
■ For Investigational Device Trials,
if applicable:
• A copy of the FDA approval
letter
• Copies of all the approval letters
received from the Medicare
Fiscal Intermediary (FI). The FI
will only approve coverage for
a specific number of investiga-
tional devices. If the number of
enrolled Medicare patients
increases or is expected to
increase beyond the approved
number, another letter must be
submitted to the FI.
• A copy of all the materials
required to be submitted to or
maintained by the Medicare
Fiscal Intermediary.
4. The Clinical Research Participant
Billing Procedure should contain a
research participant monitoring plan.
■ Are the research personnel adher-
ing to the monitoring plan?
■ Are identified billing mistakes
being properly corrected?
If the monitors notice a deficiency in
any of the above documentation, the
monitors should instruct the clinical
research support personnel to either
correct the deficiency within 30 days,
or if an item is not applicable, provide
a written explanation as to why it is
not applicable.
In addition to establishing that each trial
has a documented clinical research par-
ticipant billing procedure/monitoring
plan, the monitors might to be directed
to review two research participant
accounts from each active clinical trial
during the time in which: only research
charges; or research and standard of
care charges were generated.
The monitors should review the partici-
pants' accounts and bills to ensure that:
■ "Standard of care" charges and
research charges were appropriately
posted Research charges were not
billed to the patient's insurance and
appropriately applied to the research
account/activity number.
■ For Medicare patients, determine
whether or not proper coding was
applied:
• For trials identified as "qualifying"
under the Medicare September
2000 National Coverage Decision
(NCD) the ICD-9-CM code, V70.7
and the "QV" procedure code
modifier, should be used accord-
ing to the NCD.
• For Investigational Devices catego-
rized by the FDA as a Category B
Devices, the revenue code 624
should be used.
Monitors should require the clinical
research support personnel to correct
any billing errors and determine
whether or not the error(s) have
occurred on any other research
participants' accounts.
Annual or semi-annual reports should
be submitted to the Corporate
Compliance Committee. The report
should include the percentage of clini-
cal research trials that passed the initial
monitoring review and those that were
re-reviewed because the clinical
research trial did not have a complete
research participant billing procedure.
Based on the results of the audit report,
the Corporate Compliance Committee
may make policy recommendations,
provide additional education, or recom-
mend improved billing processes.
1Monitoring & Auditing Practices for Effective
Compliance Programs. Ed. John E. Steiner, Jr. Esq.
Philadelphia: Health Care Compliance Association:
2002.
2 Id.
WEBLINKSWEBLINKSCompliance Profession■ Christian & Timbers Hot Jobs 2004
listed
7. Chief ethics officer
8. Chief compliance officer
http://www.ctnet.com/pr/release
Details.asp?prid=256
■ Christian & Timbers Hot Jobs 2005
lists Chief compliance officer as #3
http://www.ctnet.com/pr/studies/
hotjobs2005/default.html
CMS■ COPs for Transplant Centers and
Organ Procurement Organizations
http://www.cms.hhs.gov/media/
press/release.asp?Counter=1335
■ Proposed Rule would Modernize
ESRD Conditions for Coverage
http://www.cms.hhs.gov/media/
press/release.asp?Counter=1333
■ Resources To Educate Health Care
Professionals About Medicare's
Preventive Services
http://www.cms.hhs.gov/medlearn/
preventiveservices.asp
■ CMS Proposed New Coverage Criteria
for Wheelchairs, Scooters
http://www.cms.hhs.gov/media/
press/release.asp?Counter=1345
Emphasizinga documented
comprehensiveapproach to compliance auditingby Debi Weatherford
Editor's note: This is the fifth article
in a series offered by The
HCCA/AHIA Auditing & Monitoring
Focus Group regarding seven com-
ponents to expand on the roles of
compliance and internal audit
functions, provide detailed "how to
steps", and discuss the essential coor-
dination links between compliance,
internal audit, legal, and manage-
ment that are necessary for each
component.
The next priority for the focus group
will be to publish articles and guid-
ance materials on (1) compliance
related policies that should be in
place and (2) compliance educa-
tion/awareness tools and techniques.
The author's contact information may
be found at the end of this article.
A focus group of Health Care
Compliance Association (HCCA) and
Association of Healthcare Internal
Auditors (AHIA) members has been
meeting the past nine months to
explore opportunities to better define
and explain auditing and monitoring,
clarify the roles of compliance and
internal audit functions as they address
issues within their healthcare organiza-
tions, and develop guidance and refer-
ence materials on key aspects of health
care auditing and monitoring processes.
The Seven Component Framework
developed by the HCCA/AHIA focus
group for compliance auditing and
monitoring is comprised of the follow-
ing activities:
■ Perform a risk assessment and deter-
mine the level of risk
■ Understand laws and regulations
■ Obtain and/or establish policies for
specific issues and areas
■ Educate on the policies and proce-
dures and communicate awareness
■ Monitor compliance with laws, regu-
lations, and policies
■ Audit the highest risk areas
■ Re-educate staff on regulations and
issues identified in the audit
This article focuses on emphasizing a
documented comprehensive approach
to compliance auditing. This is the fifth
in a series of articles prepared by the
HCCA/AHIA auditing and monitoring
focus group.
Documented comprehensive approachto compliance auditingThe compliance and internal audit func-
tions serve as an integral check and bal-
ance system to help the Board of
Directors ensure integrity, accuracy,
accountability and consistency within
the hospital system that it oversees. A
documented comprehensive approach
to compliance auditing is an essential
component of the compliance function.
The following sections will address:
■ Planning the focus of the compliance
audit
■ Conducting an opening conference
■ Selecting the sample
■ Writing the report
■ Documenting the audit and follow-up
activities
Planning the focus of the compliance audit
Compliance audits focus on areas
deemed to involve the greatest compli-
ance risks. As you plan the focus of
the compliance audit for a particular
issue, the following areas of the Seven
Component Framework should have
already been addressed:
■ Perform a risk assessment and deter-
mine the level of risk
■ Understand the laws and regulations
■ Obtain and/or establish policies for
specific issues and areas
In addition, a review of compliance
planning resources should have been
completed, as discussed in the third
article published by the HCCA/AHIA
focus group titled "Developing a
Compliance Work Plan for Compliance
Auditing and Monitoring in Health Care
Organizations".
In your audit planning and research,
identifying settled cases by the Office of
Inspector General (OIG) related to the
specific audit issue assists you in deter-
mining how the laws and regulations
were applied. These cases are refer-
enced by the OIG's Common
Identification Number. The value of
case review can be demonstrated by
summarizing an example of an OIG
report: "Audit of Observation Service
Billing by Presbyterian Hospital of
Dallas," Common Identification Number
A-06-01-00087.
The issues identified by the OIG as
illustrated in this report included:
28March 2005
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
FOCUSGROUP
HCCA/AHIACOMPLIANCECOMPLIANCE
29March 2005
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
■ Medical records contained standing
orders for observation following out-
patient surgery.
■ Physicians' orders for observation
level of care were not documented in
the medical record.
■ Services were ordered as inpatient
services by the admitting physician,
but billed as outpatient observation
services.
■ Medical records did not document
complications following an outpatient
procedure to warrant observation
services.
■ Specific language in the medical
record, such as "no complications" or
"patient tolerated the procedure
well", was used to identify an
uncomplicated treatment or proce-
dure before determining that the
observation services were
unallowable.
■ Time was charged to observation
prior to a scheduled procedure,
which is not allowable for reimburse-
ment as observation service. Note
also that time spent in surgery and
recovery cannot be simultaneously
billed as observation.
A detailed focus for your audit is recom-
mended over a broad focus. By narrow-
ing your focus, you can isolate issues,
determine your exposure, develop action
plans that are better tailored to address
the issue and thereby facilitate change.
In addition, you can more quickly edu-
cate the appropriate personnel in the
area regarding the issue, your audit
approach and what was discovered.
Using the above example of observa-
tion, consideration should be given to
separating the focus on the compliance
audit of observation services into the
following audits:
(1) Audit observation cases that came in
through the Emergency Department.
(2) Audit post-surgical observation cases.
(3) Audit pre-surgical observation cases.
(4) Audit observation cases that convert-
ed to inpatient during a portion of
the stay.
(5) Audit a statistical valid sample of
observation cases to determine if
other issues exist.
In defining scope, consideration should
also be given to the nature of audit
steps performed, including but not limit-
ed to analytical reviews, interviews,
shadowing, process verification and
internal controls evaluation.
Conducting an opening conferenceAn opening conference serves as the
foundation for orienting and involving a
core cross-functional team that is
knowledgeable and concerned with the
compliance issue at hand. It is very
important to choose your team mem-
bers carefully. In addition to the appro-
priate compliance audit team members,
you should include key people involved
in the process and individuals who
have accountability for the function and
the ability to facilitate change.
In your opening conference, it is recom-
mended that the following topics be
addressed:
■ Specify the compliance issue to be
audited.
■ Clarify why it is a compliance issue.
■ Review relevant information such as
laws, regulations, settled cases, etc.
■ Discuss your planned audit approach.
■ Define what will constitute a testing
error or exception.
■ Designate a contact person for infor-
mation validation and discussion.
■ Determine a routine face-to-face
schedule with the contact person to
discuss concerns, questions and vali-
date findings.
■ Define the communication channel
for escalation of any major issues.
■ Discuss the timeframe for conducting
the audit.
■ Determine constraints such as
planned time-off, busy times, sched-
ule conflicts.
■ Validate that you have current policies,
procedures, flow charts, guidelines,
protocols, etc. related to the issue.
■ Emphasize that a detailed corrective
action plan will be required to
address any problems identified.
■ Determine if an exit conference will
be held at conclusion of the audit.
■ Communicate who will be receiving
copies of the final report.
The goal of this important communica-
tion process is to not only conduct a
compliance audit but also improve the
knowledge of the process owner(s) and
responsible management regarding the
issue, its risks and mitigating strategies.
The opening conference should be doc-
umented and a meeting summary dis-
tributed to all attendees highlighting
important information learned, pending
information to be received, and agreed
upon communication channels.
Selecting the sample Sampling for compliance audits will vary
depending upon the intent of the audit.
If the primary objective of the audit is to
determine, in a non-statistical manner,
whether a possible compliance concern
exists, a sample of 20 to 30 claims may
be appropriate for a preliminary assess-Continued on page 30
30March 2005
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
ment. If the intent of the audit is to
determine the error rate and define
overall exposure, a statically valid sam-
ple methodology should be employed.
The types of data/records and time peri-
od to be tested are determined based
on the purpose of the audit projects
and other key factors determined by the
Chief Compliance Officer (CCO) and
the Chief Audit Executive (CAE).
Data/records may be concurrent (before
a claim is submitted for payment) or
retrospective (after a claim has been
submitted for payment), and may be
selected randomly, judgmentally, or sta-
tistically. The significance of a valid sta-
tistical sample is that the results may be
extrapolated over the entire population
of transactions. Because of this, it is
important that the CCO, CAE, legal
counsel, process owner, and auditor
agree on the process upfront. When sta-
tistical samples are required, sampling
software such as the OIG's "RAT-STATS"
statistical software should be utilized.
Legal counsel is important in decisions
resulting in statistically valid results
since such results may impact govern-
ment reporting requirements and related
disclosure issues.
Writing the reportThe report should provide a high-level
picture of your compliance audit. The
sections of your report can be customized
for your organization or for the type of
issue. Consideration should be given to
including the following report categories:
■ Introduction—What precipitated the
audit
■ Objective
■ Approach
■ Findings and Key Observations
■ Recommendations
■ Management Response (Detailed
action plan may be attached)
■ Internal Controls and Ongoing
Monitoring Techniques
■ Follow-up Measures
Each compliance audit should contain
written documentation to support the
audit.
Documenting the audit and follow-upactivitiesIn compliance auditing, it is important
that detailed documentation exist to
support the audit process, report and
follow-up activities. The comprehensive-
ness of this documentation is critical to
protect the organization and provide
evidence of the audit. The documenta-
tion should be organized in a manner
and contain sufficient information to
allow a third-party reviewer to reach the
same conclusions.
Examples of documentation to support
the audit and follow-up activities are:
■ Planning documents and audit pro-
grams
■ Research material related to the issue
■ Questionnaires, flowcharts, checklists,
narratives and meeting summaries
■ Notes and memoranda from inter-
views
■ Organizational data, such as organiza-
tional charts and job descriptions
■ Information about operating and
financial policies
■ Analysis and tests of transactions,
processes and account balances
■ Sampling methodology
■ Audit results communication
■ Management response and action
plan
■ Results of post-engagement reviews
■ Active monitoring of conditions
until corrected
In conclusion, following the above steps
will enable a compliance audit with an
appropriate level of planning, documen-
tation, and communication, to achieve
desired objectives as well as facilitate a
constructive review process in partner-
ship with the process owner(s) and
responsible management.
Members of the HCCA/AHIA focus
group are:
■ Randall K. Brown
Baylor Health Care System
■ Britt H. Crewse
Duke University Health System
■ Al W. Josephs
Hillcrest Health System
■ Glen C. Mueller
Scripps Health
■ Debi J. Weatherford Revenue
Cycle Solutions
comprehensive approach to compliance auditing ...continued from page 29
Call for authors!Please email your article or topicideas to Compliance Today editor,Margaret Dragon, at [email protected]. Be sure toinclude your telephone number. Oryou may call Margaret at 781/593-4924 to discuss your article ideas.
● March 21 (May Compliance Today)
● April11 (June Compliance Today)
● May 14, 2005 (July Compliance Today)
OIG FinalSupplemental
Compliance Program Guidance forHospitals Released On January 27, the U.S. Department of
Health and Human Service Office of
Inspector General (OIG) released its
Supplemental Compliance Program
Guidance for Hospitals which is expect-
ed to be published in the January 31
Federal Register.
This guidance updates the previously
issued OIG Guidance for Hospitals and
takes into account recent changes to
hospital payment systems and evolving
industry practices. The supplemental
guidance focuses on measuring and
improving the effectiveness of existing
compliance efforts and identifies addi-
tional fraud and abuse risk areas for
hospitals.
Risk areas outlined in the Supplemental
Compliance Program Guidance for
Hospitals include:
■ Billing under the outpatient prospec-
tive payment system,
■ Physician self-referral law,
■ Federal anti-kickback statute,
■ Relationships between hospitals and
physicians,
■ Relationships between hospitals and
other providers,
■ Joint ventures,
■ Practitioner recruitment
■ The furnishing of substandard care.
The guidance also identifies practical
measures hospitals can use to gauge the
effectiveness of their compliance pro-
grams. For more:
http://oig.hhs.gov/publications/
docs/press/2005/012705release.pdf
Illinois Attorney General SuesDrugmakersOn February 8, the Chicago Tribune
reported that "Illinois Atty. Gen. Lisa
Madigan's office on Monday sued
dozens of major drugmakers, accusing
them of defrauding the state by over-
charging government programs and
Illinois Medicare customers out of hun-
dreds of millions of dollars.
"Madigan's suit, which targets 48 big
drugmakers including Illinois-based
Abbott Laboratories and Baxter
International Inc., is the latest assault in
a wave of attacks on the pharmaceutical
industry. Prosecutors in at least 19 other
states over the last two years have
brought a series of similar complaints as
part of an ongoing effort to rein in the
soaring costs of prescription drugs.
"Filed late Monday in Cook County
Circuit Court, Madigan's suit accuses the
firms of engaging in a "scheme" for
more than a decade by bilking the
Medicaid program and Medicare partici-
pants out of hundreds of millions of
dollars. The companies are accused of
intentionally misreporting and inflating
the figures that are used to calculate
Medicaid reimbursement rates," reported
the Chicago Tribune." For more:
http://www.ag.state.il.us/press-
room/2005_02/20050208.html
Norton Healthcare to Publish
Report CardsThe Courier-Journal reported on
February 5, that "Norton Healthcare
soon will start publishing what may be
one of the most extensive "report cards"
on how its hospitals measure up to
national standards for good care." For
more:
http://www.nortonhealthcare.com/ab
out/media/quality_indicators.aspx
Scrushy On TrialAccording to a report from Reuters on
January 25 "The trial of former
HealthSouth Corp. CEO Richard Scrushy
began on Tuesday, with prosecutors
accusing the flamboyant mogul of
directing a $2.7 billion accounting fraud
at the health care company he founded.
“Defense lawyers said Scrushy had been
deceived by lower-level executives.
Lead prosecutor Alice Martin described
Scrushy as a "very demanding, very
cunning" executive who told subordi-
nates to inflate HealthSouth's profits but
warned they would be on their own if
they were caught.”
For more: http://www.reuters.com/
newsArticle.jhtml?type=reutersEdge&
storyID=7427206
Patient Helps Uncover FraudAccording to the January 27 Pittsburgh
Tribune Review "James DeVage want-
ed relief from back pain when he went
to a HealthSouth Corp. physical therapy
center in San Antonio in 1996. He came
out convinced that HealthSouth over-
charged the U.S. government. Now, at
83, he stands to collect $8.1 million for
helping uncover a much larger fraud. ■
31March 2005
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
FORFOR Y O U R I N F O
32March 2005
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
The Health Care Compliance
Association welcomes the following
new members and organizations (States
Kentucky - New Jersey). Member con-
tact information is available on the
HCCA website in the Members Only
section - http://www.hcca-info.org.
Please update any contact information
using the HCCA Website or email April
Kiel ([email protected]) with
changes or correction to your member-
ship information.
Kentucky■ Jeremy E. Clark, Appalachian
Regional Healthcare
■ Andrew G. Conkovich, BS, RT, Univ
of Louisville Hosp
■ Dawn Diehl, Univ of Louisville
■ David Lee, SHPS, Inc.
■ Brett Short, Univ of KY
■ Ellen M. Wells, Univ OB/GYN
Associates
Louisana■ Violet M. Anderson, BA, JD, ACS, Inc
■ Susan Franklin, Memorial Medical Ctr
■ James M. Frantz, Health Plus of LA, Inc
■ David D. Hall, Meadowcrest Hosp
■ Jamie Hohlt, RHIA, Lincoln Hlth
System, Inc
■ Patty Mason, Tenet, Santa Barbara
Office
■ Roslyn Pruitt, Lindy Boggs Medical Ctr
■ Melanie Roberts, Kenner Regional
Med Cntr
■ Connie Sweeney, Northshore
Regional Med Cntr
■ Henry Yennie, Capital Area Human
Svcs District
Massachusettes■ Beth Belt, Danu Farber Cancer
Insititute
■ Lee Chamberlain, MA Society for
Prevent of Cruelty
■ Mary Copithorne, Johnson &
Johnson
■ Sarah Curi, Winchester Hospital
■ Karen DelRosso, Fresenius Med Care
■ Ruth Dolby, Dolby Healthcare
Consultants
■ Kia Earp, CCS, CCS-P, Tufts-New
England Medical Ctr
■ Sandy Friedman, MediRegs
■ Ernie Fusaro, Caritas St Elizabeth's
Medical Ctr
■ Stephen J. Gillis,
PricewaterhouseCoopers, LLP
■ Michael Kendall, JD, McDermott,
Will & Emory
■ David Lakness, BS, Aegis Metrics, Inc
■ Paul Levenson, JD, LLD
■ Karen Lopes, Fresenius Med Care
North America
■ William Marshall, MedAptus
■ Stephen A. Morreale, HHS/OIG-
Investigations
■ Mark E. Schreiber, JD, Palmer &
Dodge, LLP
■ William Wyman, IV, Lowell General
Hospital
Maryland■ Alisa Chestler, JD, APS Healthcare
■ Joyce Edmondson, RN, JD, VA
Maryland Health Care System
■ Christopher Eisenberg, CMS/Cntr for
Beneficiary Choices
■ Sharon Garner, Kaiser Permanente
■ Michelle Giovanni, CMS
■ Kathy Heinz, Capital Women's Care
■ Darlene Helmer, Physicians
Anesthesia Associates
■ Judith Humphries, Department of
Veterans Affairs
■ Maggie D. Lovelace, Kaiser
Permanente
■ Herbert F. Spencer, MA, Dept of
Health & Mental Hygiene
■ Barry Steeley, Cntrs for Medicare &
Medicaid Svcs
■ Donald Tannenbaum, Fidelity
Insurance Company
■ Darin Wipperman, CMS
Maine■ India Broyles, University of New
England
■ Mary T. Drake, RN, Franklin
Memorial Hosp
■ Marc M. Fournier, Southern Maine
Medical Ctr
■ Susanne Heeschen, Sandy River Hlth
System
■ Jennifer McAleer, Martin's Point
■ Susan Mellady, University of New
England
■ H Rebecca Ness, Mercy Health
System of Maine
■ Heidi Russell, RHIT, CPC, Univ of
New England
■ Karen Theriault, Down East
Community Hospital
■ John Tumiel, Univ of New England
Michigan■ Karen D. Bolton, BA, JD, LLM,
Garden City Hospital
■ Beth Casady, MPA, Upper Peninsula
Health Plan
■ Jim Divine, Marquette Gen Hlth Sys
■ Linda Drobish, Spectrum Health
United Memorial
■ Michele Ekblad, Battle Creek Health
System
■ Mike Gusho, Saint Mary Livonia
■ Janet Hall, Univ of Michigan Health
System
■ Robert Hopper, Blue Care Network
of Michigan
■ William P. Howe, Ingham Regional
Med Ctr
■ Dan Keeling, MBA, CPA, Priority
Health
■ Reina Navarra, Blue Cross Blue
Shield of Michigan
■ Ms. Terri J. Perkins, BA, MHA,
Chelsea Community Hosp
■ Betty R. Shelton, The Wellness Plan
■ Barbara Stamm, CPA, Sparrow
Health System
■ Bethany Stanisiewski, Spectrum
Health
33March 2005
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
■ Jeanne Strickland, University of
Michigan Health System
■ Laurie Westfall, Trinity Health Plans
■ Matthew Wolocko, Henry Ford
Wyandotte Hosp
■ Heather Wurster, MPH, Univ of MI
Health System
Minneasota■ Imad Ahmed, Specialized Care Svcs
■ Hilary Alvino, RN,
Ingeni/UnitedHealth Group
■ Mary Cade, Medtronic, Inc
■ Cathleen Cather, Chronimed Inc
■ Mary Jo Flynn, Allina Hosps &
Clinics
■ Anna Herrmann, Queen of Peace
Hosp
■ Ross Janssen, Univ of Minnesota
■ Randolph Just, Allina Hosp & Clinics
■ Allison Miller, UnitedHealth Group
■ Paula Nelson, MBA, Queen of Peace
Hospital
■ Doris Parenteau, RHIA, Virginia
Regional Med Ctr
■ Patricia Rosvold, BS of Nursing/JD,
Medtronic, Inc
■ Mary Schrupp, UnitedHealth Group
■ Thomas Schumacher, JD, Univ of MN
■ Nancy Stanczak-Sheehan,
UnitedHealthcare
■ Linda L. Stratton, UnitedHealth Group
Missouri■ Sharon E. Bertalott, St John's Reg
Hlth Ctr
■ Kimberly Brown, CPA, BS, MBA,
The Children's Mercy Hosp
■ Kate Dunn, St Louis University
Hospital
■ C.B. Eastman, St. John's Regional
Medical Center
■ Brian Elsbernd, JD, Mallinckrodt
Group
■ Kay Fitzgerald, State of Missouri
Attorney General's Office
■ Chris Flanagan
■ Dana Elizabeth Gaines, Saint Lukes
Health System
■ Diana Gier, Tenet Central Northeast
■ Elena Givens, RHIA, St Louis
Connect Care
■ Sondra Hornsey, Washington
University School of Medicine
■ Monica Lubeck, Univ of Kansas
Hospital
■ Thomas O'Donnell, Polsinelli
Shalton Welte Suelthaus PC
■ Joan Podleski, Washington University
in St. Louis
■ Ellen Samuels, St John's Mercy
Health Care
■ Rosemary Thomas, Des Peres Hosp
Mississippi■ Tommy G. Thornton, MBA,
Hattiesburg Clinic
Montana■ Sherrie Sorenson, CRT, Praxair
Hlthcare Services
North Carolina■ Tiana G. Ayotte, JD, LabCorp
■ Jody Carmichael, Mediregs, Inc
■ Gregory Gertz, UnitedHealthcare
■ Carolyn F. Hill, Granville Medical Ctr
■ Emily H. Hill, Hill & Associates
■ Laurie Howard, Laboratory
Corporation of America
■ Rhett Johnson, Wake Forest Univ
■ Larry Keeley, OptiCare
■ G Raymond Leggett, III, Craven
Regional Medical Ctr
■ Alice E. Mazarick, NC State Hlth
Plan
■ Natividad Murphy, Onslow
Memorial Hospital
■ Mary Phelps, BS, RHIT, Dixon
Hughes, PLLC
■ Sandra Smith, Frye Regional Med Cntr
■ David G. Webb, CPA, Southern
Regional AHEC
North Dakota■ Gerald Finken, BS, MS/RPh, CMS Inc
■ Leigh Bertholf, Good Samaritan
Hosp NE
■ Sarah Campbell, Tenet Healthcare
■ Patrick H. Connell, Boys Town
National Research Hosp
■ August Neuhaus, ALN Medical
Management
New Hampshire■ Ginger Emerson, Concord Hospital
■ Suzanne Foster, Elliot Hospital
■ Kevin J. O'Leary, Exeter Health
Resources, Inc
New Jersey■ Karen Arnott, Chartwell Diversified
Svcs, Inc
■ Andy Bender, MBA, MSC, Polaris
Management Partners
■ Joanne Cheung, UMDNJ-Univ
Hospital
■ Michael R. Clarke, JD, Medco
Health Solutions, Inc
■ Peter P. Connelly, BS, Spectra
Laboratories
■ Marsha Faden, Warren Hosp
■ Elise Fellner, JD,
PricewaterhouseCoopers
■ Darcy Gilson, J & J - Ortho Biotech
■ Susan Hatch, CPA, Virtua Health
■ Joseph Henahan, MBA, Warren Hosp
■ Michael Johns, BBA, Electric
Mobility Corporation
■ Brigitte D. Johnson, Esq, Care Plus
NJ, Inc
■ Thomas Leonard, Standard & Poor's
■ Angela Melillo, MBA, CHCO, Saint
Peters Univ Hosp
■ William Segal, MBA, CFE, CIA,
CFSA, St Joseph's Med Ctr
■ Lorne B. Sheren, MD, JD, UMDNJ
New Jersey Med School
■ Daniel C. Walden, JD, Medco Health
Solutions, Inc
■ Robert Zierold, Christian Health
Care Center
34 Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
Publisher:Health Care Compliance Association, 888/580-8373
Executive Editor: Roy Snell, CEO, HCCA, [email protected]
Contributing Editor: Al Josephs, President, HCCA, 254/202-8620
Layout:Gary DeVaan, HCCA, 888/580-8373, [email protected]
Story Editor:Margaret R. Dragon, HCCA, 781/593-4924, [email protected]
Advertising:Margaret R. Dragon, HCCA, 888/580-8373, [email protected]
HCCA Officers and Board of Directors:
Compliance Today (CT) (ISSN 1523-8466) is published by the Health Care ComplianceAssociation (HCCA), 5780 Lincoln Drive, Suite 120, Minneapolis, MN 55436. Subscriptionrate is $357 a year for non-members. Periodicals postage-paid at Minneapolis, MN 55436.Postmaster: Send address changes to Compliance Today, 5780 Lincoln Drive, Suite 120,Minneapolis, MN 55436. Copyright 2004 the Health Care Compliance Association. All rightsreserved. Printed in the USA. Except where specifically encouraged, no part of this publica-tion may be reproduced, in any form or by any means without prior written consent of theHCCA. For subscription information and advertising rates, call HCCA at 888/580-8373. Sendpress releases to M. Dragon, PO Box 197, Nahant, MA 01908. Opinions expressed are notthose of this publication or the HCCA. Mention of products and services does not consti-tute endorsement. Neither the HCCA nor CT is engaged in rendering legal or other profes-sional services. If such assistance is needed, readers should consult professional counsel orother professional advisors for specific legal or ethical questions.
Al W. Josephs, CHCHCCA PresidentDirector of Corporate ComplianceHillcrest Health System
Odell GuytonHCCA 1st Vice PresidentSenior Corporate Attorney,Director of Compliance,US Legal-Finance & OperationsMicrosoft Corporation
Daniel Roach, Esq.HCCA 2nd Vice PresidentVP & Corporate Compliance OfficerCatholic Healthcare West
Allison Maney, CPA, CHCHCCA TreasurerDirector of Claims Research andResolutionPacificare
Steven Ortquist, CHCHCCA SecretaryVP of Ethics & Compliance, Chief Compliance OfficerBanner Health System
Alan Yuspeh, JD, MBAHCCA Imme. Past PresidentSenior Vice PresidentEthics, Compliance & CorporateResponsibilityHCA, Inc.
Shawn Y. DeGroot, CHCVice President of CorporateComplianceRapid City Regional Hospital
CEO/Executive Director: Roy Snell, CHCHealth Care Compliance Association
Britt Crewse, MBA, MHS, CHCAssociate VP and Chief ComplianceOfficerDuke University Health System
Julene Brown, RN, BSN, CHC, CPCBilling Compliance ManagerMeritCare Health System
Suzie Draper, BSN, RNCorporate Compliance Officer andPrivacyOfficerIntermountain Health Care
Rory Jaffe, MD, MBA, CHCChief Compliance OfficerU.C. Davis Health System
F. Lisa Murtha, Esq., CHCPrincipalParente Randolph
John Steiner, Jr., JDChief Compliance OfficerThe Cleveland Clinic Health System
Debbie Troklus, CHCAssistant Vice President for HealthAffairs/Compliance University of Louisville, School ofMedicine
Sheryl Vacca, CHCDirector, National Health CareRegulatory Practice, Deloitte &Touche
Greg Warner, CHCDirector for ComplianceMayo Foundation
Counsel: Keith Halleland, Esq.Halleland Lewis Nilan Sipkins &Johnson
Charlie,
Pick up ad from page 32 of the January 05 issue
Auditoring & monitoring
Send me a PDF of this ad so I can place it next time.
35
Register NOW!for the
2005 Compliance Institute April 17 - 20 in New Orleans
Featuring: Patch Adams31.2 HCCB CEUs pending
Or visit www.hcca-info.org
PLEASE TYPE OR PRINT
First Name Last Name
Credentials
Title
Place of Employment
Address
City State Zip
Phone ( )
Fax ( )
Cancellations/Substitutions No refunds will be given for “no-shows” or cancellations. You may send a substitute; please call the Conference Office at (888)580-8373.
* Registration must be postmarked by the deadline to recievethe discount rate.
**HCCA will charge your credit card for the correct amount should your total be miscalculated.
PO number_________________ CODE: CI05CT1204
Check/money order enclosed (checks payable to HCCA)
American Express Visa MasterCard
Account No.
Name of Cardholder
Signature Exp. Date /
Federal Tax ID: 23-2882664
Method of Payment for RegistrationMake payment by check to The Health Care ComplianceAssociation. American Express, Mastercard or Visa are alsoaccepted. A $20 fee will be charged on any returned checks.Purchase orders must be paid by the conference date or paymentswill be required by the individual on-site. If the incorrect amount ismarked HCCA will charge the correct amount.
Groups:$100 discount per person for more registrations from the sameorganization. All registrations must be submitted together.
Tax Deductibility All expenses incurred during training including tuition, travel,lodging and meals, to maintain or improve skills in your professionmay be tax deductible. Please consult your tax advisor.
Register before 4/1/05* After 4/1/05 HCCA Members $849 $899 Non-Members $999 $1049 HCCA Membership & Registration $1049 $1099 Pre Conference Registration Morning $125 $125 Pre Conference Registration Afternoon $125 $125 Post Conference Registration $125 $125
WEB EMAILwww.hcca-info.org [email protected]
FAX MAIL(952) 988-0146 Send form with payment to:
5780 Lincoln Dr., Suite 120 Minneapolis, MN 55436
36
June 13-16, 2005 Hilton Scottsdale
Resort & VillasScottsdale, AZ
ACT NOW! - SPACE IS LIMITED!
YES! I'm interested in taking the Healthcare Compliance Certification (CHC) exam!
YES! Please sign me up for the Compliance Academy!
$ 2500 Members$ 3000 Non-Members$ 2795 HCCA Membership & RegistrationSave $205.00 by joining HCCA today!
PLEASE TYPE OR PRINT
First Name Last Name
Credentials
Title
Company
Address
City State Zip
Phone
Fax
Federal Tax ID: 23-2882664
Payment TermsPlease enclose payment with your registration and return it to theconference office at the above address, or fax your credit card pay-ment to (952) 988-0146.
PO number_________________ CODE: CAM0605Check enclosed (checks payable to HCCA)American Express Visa MasterCard
Account No. Exp. Date
Name of Cardholder
Signature
WEBwww.hcca-info.org
MAILSend form with tuition fee to:Conference Office 5780 Lincoln Dr., Suite 120 Minneapolis., MN 55436
FAX(952) 988-0146
[email protected] 1-888-580-8373
CC
Health Care Compliance Association
37
3838
39
40
41
4242
43
4444
Charlie,Please insert the new CCH ad on the supplied disk
here.Please send me a PC compatable file for me to insertinto the next issue.
45
Pickup December ‘04 page 413M ad
was supplied on customer MAC disk
Charlie, Please send me a PC compatable file for me to insertinto the next issue.
4646
At MC Strategies, we can help you get there. Our consultants provide comprehen-sive assessments, such as Chargemaster reviews that help you identify billingissues and ensure HCPCS/CPT accuracy. And APC validations that include CPT and ICD-9 accuracy verification. But helping you get compliant is only part of what we do.
Our WebInservice® online training features the industry‘s most comprehensive set of compliance curricula. Our EduCode® Compliance curriculum is a practical yetextremely informative program that covers general compliance as well as the highly-technical and high-risk areas of billing and coding compliance. And because allWebInservice training is delivered online, you can rest assured that you‘re tapping into the most efficient and cost-effective training method available today.
Achieving compliance today is a complex task. And it takes more than knowing the basics, but rather, knowing it all from A to Z. To learn more, log ontowww.mcstrategies.com or call us at 800-999-6274.
HCPCS/CPT, APC, ICD-9. No wonder you have to be compliant to the letter.
MC Strategies – Consulting Facilitating performance and compliance.
WebInservice® – Training Improving efficiency through knowledge.
47Health Care Compliance Association • 888-580-8373 • www.hcca-info.org 47
C O R P O R A T E C O M P L I A N C E & E T H I C S :G U I D A N C E F O R E N G A G I N G Y O U R B O A R D
Name:
Title:
Company:
Address:
City:
State: Zip:
Phone:
Fax:
Email:
Format: DVD VHS
Mail to: SCCE5780 Lincoln Drive, Suite 120Minneapolis, MN 55436
Phone: (888) 277-4977
Total Payment $ ______________
Purchase Order # _____________Check/Money OrderVISA MasterCard
Number Exp. Date
Name of Card Holder
Signature of Card Holder
Code: CT1104Please make check payable to:
Society of Corporate Compliance and Ethics (SCCE)
FAX: (952) 988-0146
Online: www.corporatecompliance.org
Email: [email protected]
Order Today!Non-Members $395 SCCE/HCCA Members $345
www.corporatecompliance.org
Bringing the vision ofleadership together
with a compliant andethical culture
"This video provides anoverview of the Board’srole in compliance."
Odell GuytonSenior CorporateAttorney, Director ofComplianceMicrosoft Corporation
“It’s pretty clear thatthe best compliance program in the world ismeaningless even if it’sfunded with a good wellmeaning complianceofficer if the leadershipof the company is notbehind it and isn’t supportive…”
Honorable Michael E. Horowitz,Commissioner, UnitedStates SentencingCommission