3/16/2016

1

EFFECTIVE COMPLIANCE: LESSONS

LEARNED FROM THE PAST AND

PREPARING FOR THE FUTURE

Bret Bissey, Senior VP, Compliance Services, MediTract, Inc.

Sean McKenna, Partner, Haynes and Boone, LLP

Kenneth Zeko, Senior VP, CHAN Healthcare, LLC

© 2016 CHAN Healthcare

Outline

• Current compliance environment• New governmental resources• 2015 Activity• Data analytics• Hospital/physician arrangements - risks• Enforcement outlook

• Steps to ensure effective compliance• Securing executive leadership buy-in• Embedding compliance in operations• Demonstrating compliance effectiveness

• Corporate integrity agreements and mandated compliance• Examples• Trends

2

Current Compliance Environment

3

3/16/2016

2

2015 Activity• DOJ recovered more than $3.5 billion in FY 2015

• Down from last year’s $5.6 billion recovery• But continues 4-year record of recoveries over $3 billion

• Of $3.5 billion –• $1.9 billion from healthcare industry, including $330 million from

hospitals • $2.8 billion (more than half) from cases filed by whistleblowers

• Number of qui tam suits exceeded 600• Down from last year’s 700• But way up from 1987’s 30• Whistleblowers received record $597 million

4

Data Analytics: An Evolution

• Investment into data analytics• Prevent payment of fraudulent claims

• Identify trends and red flags

• Identify outliers

• New Investigative and Enforcement Strategies• The “Fraud Prevention System”

• Automated provider screening program

• Next Generation Desktop

5

The Fraud Prevention System• “The Fraud Prevention System is the state-of-the-art

predictive analytics technology required under the Small Business Jobs Act of 2010.” • Since June 30, 2011, it has run predictive algorithms and other

sophisticated analytics nationwide against all Medicare fee-for-service claims prior to payment.”

• “For the first time in the history of the program, CMS is systematically applying advanced analytics against Medicare FFS claims on a streaming, nationwide basis as part of its comprehensive program integrity strategy.”• Report to Congress: Fraud Prevention System, Second

Implementation Year 2014

6

3/16/2016

3

Healthcare Fraud Prevention Partnership

Purpose is to improve the detection and prevention of healthcare fraud by:• Exchanging data and information between the public and

private sectors• Leveraging various analytic tools against data sets provided by

partners• Providing a forum for public and private leaders and subject

matter experts to share successful anti-fraud practices and effective methodologies for detecting and preventing healthcare fraud

See https://hfpp.cms.gov/about/index.html

7

Enforcement Outlook • Government budget shortfalls

• Innovative methods to save healthcare dollars

• Criminal and administrative activity increasing

• Greater attention by DOJ and OIG-HHS on individuals and arrangements

• Investigations becoming more complex• Unprecedented focus on punishing medical decisions

• e.g., implantable cardiac defibrillators

• Entire industry segments under scrutiny

• Conduct of ancillary player affecting physicians and systems

8

• Creation of Health Care Fraud Prevention and Enforcement Action Team (HEAT)• New laws and new tools for the Government to fight fraud, waste, and

abuse

• On June 30, 2015 HHS OIG announced formation of a new affirmative litigation team to focus exclusively on pursuing civil monetary penalties and exclusions• Doubles the number of dedicated litigators to bring cases under the

civil health care laws, • Team will be look at FCA cases as sources of potential enforcement

actions

9

New OIG Resources

3/16/2016

4

Yates Memorandum• Issued September 2015

• Entitled “Individual Accountability for Corporate Wrongdoing”

• Emphasizes DOJ’s commitment to combat fraud “by individuals”

• Recommends:

• Not to give cooperation credit unless company provides facts re: individuals

• To focus investigations on individuals “from the inception”

• Not to release “culpable individuals” from liability absent “extraordinary circumstances”

• Not to settle with company without “clear plan to resolve related individual cases”

10

Physician Quality Reporting System (PQRS) Accuracy and Consistency*** Incentive to Report, Participate

• PQRS is a quality reporting program that uses negative payment adjustments to promote reporting of quality information by individual EPs and group practices

• Those who do not satisfactorily report data on quality measures for covered Medicare Physician Fee Schedule services furnished to Medicare Part B beneficiaries [including Railroad Retirement Board, Medicare Secondary Payer and Critical Access Hospitals method II] will be subject to a negative payment adjustment under PQRS. Medicare Part C–Medicare Advantage beneficiaries not included

• Beginning in 2015, CAHs using billing method II may participate in PQRS by all reporting mechanisms, including claims-based reporting

11

Physician Quality Reporting System 2015 Measures Listhttps://www.cms.gov/Medicare/Quality-Initiatives-Patient-Assessment-Instruments/PQRS/MeasuresCodes.html

12

3/16/2016

5

Quality “Measurement Fatigue”

• Public sector• Today more than 500 different state and regional quality measures

• Only 20% used by more than 1 program

• Private Insurers – unique evaluation measures• More than 550 additional performance measures

• Source of enormous inefficiency

• Could this lead to compliance problems?

13

Physician Compensation ConcernsAgreements between hospitals & physicians in New Quality Model• June 2015 – OIG Fraud Alert focuses on Physician Compensation

Arrangements

• Targeted at physicians and directs that all compensation arrangements need to be fair market value and reflect payment for bona fide services that have been provided

• If any purpose of the arrangement is to compensate a physician for past or future referrals, the potential does exist for violation of the Anti-Kickback Statute

• This could result in possible criminal, civil or administrative sanctions, including but not limited to exclusion from the federal healthcare programs and potential draconian penalties via the False Claims Act

• Many new Clinical Integration Models which will need to be reviewed and monitored

14

Why Should a Provider Be Compliant?

• Quality reporting is the future• Population-based medicine models of future care

• Reputational risk• Both locally and regionally

• Never good to have bad data• If this data (coding) is not accurate…what else is not

properly being done?• Where do auditors focus their energies - the good guys or the bad

guys?• Learned whistleblowers• False Claims Act potential?

• Reduction in pay of 2-3 percent

15

3/16/2016

6

Disclosure of “Violations”• ACA requires repayment within 60 days

• CMS now issued final rule

• Disclosure to DOJ• Possible non-prosecution of business entity

• See USAM § 9-28.000, et seq.

• Limited civil FCA multiplier• See FCA § 3729

• HHS-OIG Self-Disclosure Protocol• Lower damages/no integrity obligations

• CMS Voluntary Self-Referral Disclosure Protocol• Do not disclose both to CMS and OIG• Use OIG protocol if implicates other laws• 81 Fed. Reg. 7653

16

17

Steps to Ensure Effective Compliance

United States Federal Sentencing Guidelines

• USSG § 8B2.1. Effective Compliance and Ethics Program• Exercise due diligence to prevent and detect criminal conduct

• Promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law

18

Securing Leadership Buy-in

3/16/2016

7

19

Guidance on Board Responsibilities

20

Guidance, cont’d

Board Governance – Leading Practices

• Does board receive tailored education to what is occurring (internally and externally)?

• Does board understand various types of risk?• Compliance officer can communicate with the board whenever he or she

wants without hesitation?• Does CCO have routinely scheduled executive sessions with board?

• Does CCO report to board?

• Does the board have any role in CCO’s performance evaluation? • Is there a formal compliance committee of the board?• Are board members involved in the compliance program oversight?• What is the compliance knowledge level of board?

• Engage experts to assist in program functioning/validation of “effectiveness” of compliance program

• Is external assistance available when necessary?

• Does board receive updates from the organization?

21

3/16/2016

8

Board Attestation

22

CEO Attestation

23

Executive Leadership – Leading Practices

• Does leadership understand the seven elements of compliance?

• Does the CCO report to the CEO?• How frequently does the CCO meet with the CEO?

• Are the meetings formally scheduled?• Are agendas prepared? • Are notes taken? • Are minutes taken?• How often are these meetings canceled/rescheduled?

• Can employees give examples of leadership’s commitment to compliance?• Does CCO have an understanding of employees’ perceptions of

executive leadership’s commitment to compliance?

24

3/16/2016

9

Leadership – Leading Practices, cont’d.

• Does leadership participate in operational compliance committee/matters?

• Does leadership provide outreach to employees regarding compliance

• Does leadership evaluate/consider suggestions regarding:• Risks

• Value

• Strategic Vision

• Growth

25

Leadership – Leading Practices, cont’d.

• Does leadership kickoff annual compliance risk assessment process?

• Does leadership introduce the hotline at least annual?

• Does leadership offer frequent/comprehensive compliance training?

• Does leadership compensation include compliance metrics?

26

27

Embedding Compliance in Operations

3/16/2016

10

Effective Compliance

28

Employee Attestation

29

Compliance

Legal/risk management

Internal Audit

HIM

Utilization management

Quality

Revenue Cycle/finance

Pharmacy

Laboratory

30

Leading Practice Committee ExamplesNon-executive participants, but department leaders or delegates. Typically includes:

Research

Admitting/registration

Emergency department

Radiology

Physician leadership

Nursing

IT

HR

Health plan

3/16/2016

11

31

Leading Committee Examples, cont’d.Typical functions:• Compliance risk identification• Compliance risk mitigation• Compliance training• Monitoring and auditing • Addressing findings from monitoring/auditing• Monitoring status of corrective actions

Sample agendas items: • Regulatory and compliance updates• Discussion of operational compliance monitoring and auditing by each

member of committee• Compliance training update• Discussion of necessary action items to continue to evolution of

compliance program• Addressing ad-hoc issues as necessary

32

Demonstrating Effective Compliance

33

Road Map for Compliance Program DocumentationManuals, plan, or other documents that describe approach to the compliance program,such as:• Organizational chart• Budget• Board meetings• Compliance program document• Compliance program roles, responsibilities• Code of conduct• Annual report

Boards' resolutions, agendas, or minutes that describe role in overseeing compliance:• Board audit/compliance committee charter• Compliance committee charter• Compliance department charter• Operational compliance committee charter• Operational compliance committee and Board audit/compliance committee agendas

and meeting minutes that the committees' roles in overseeing compliance program

3/16/2016

12

Road Map, cont’d. Summaries of self-reporting, disclosures, incidents and corrective action plans:• If organization’s compliance efforts result in reduced overpayments, compliance should track• Disciplinary measures, if any associated with incidents

Compliance policies and supporting documents:• Self-disclosure• Non-retaliation• Corrective action• Training• Conflict of interest• Risk assessment

Hotline information:• Reports• Tracking, trending metrics• Significant incidents reports• Efforts undertaken to raise hotline awareness

34

Road Map, cont’d. Compliance risk assessments:• Risk assessment process• Risk assessment results

Compliance auditing/monitoring:• Auditing/monitoring findings• Reports• Corrective action plans• Key Compliance and Operational metrics focused on outcomes.

Compliance Training and communications regarding compliance:• Training modules• Newsletters• Updates• Tracking/trending (what happens when 100% don't complete)

Documentation describing how business areas with compliance risks interact with the compliance program:• Mini-compliance plan documents for areas that have compliance risks• The departmental plan should be based upon the traditional elements of effective compliance programs

35

Elements to Consider in Your Benchmarking Efforts

3636

Other Data Points to Trend by Year

Annual Audit Work Plan Completion

Budget Analytics

Audit Benchmarking Scorecard

Audit/Monitoring

Potential Areas of Trending Your Coding, Billing Results

Education

Hotline Calls

• Refunds.• Physician

arrangements• Survey results

3/16/2016

13

Physician Arrangements - Leading Practices• Ensure that systems are in place to track, monitor and

report time and effort• Track nonmonetary compensation• Conflicts of interest disclosures• Keep documentation of negotiations• Proactively manage complaints or concerns and ensure

corrective action• Track remuneration to and from all parties • Track services and activity logs• Monitor use of leased space or equipment• Regularly audit logs and reports to substantiate payments

37

Arrangement Leading Practices, cont’d.

• Identify potential sources of obligations to repay• Claims submissions• Enrollment forms• Contracts• Certifications

• Keep up with evolving legal standards• Receivables monitoring, auditing, disclosure• Listen and investigate when an employee, contractor,

agent, or anyone tells you that there is a “problem” at the company• Remediate promptly• Consider self-disclosure, repayment strategies, and obligations

38

39

CIA Trends & Effect on Compliance Programs

3/16/2016

14

CIA Trends

• Executive leadership, management, and board attestations/certifications

• Disgorgement of compensation for bad actors

• Supplemental documentation requests

• Multi-issue CIAs

• Quality of care CIAs

• Arrangement reviews

40

Factors Resulting in CIAs

• Scope of allegations• Amount of damages

• Nature of allegations • Failure of care vs. billing

• Provider type• Large providers/companies may already have compliance function

• Repeat offenders

• Poor tone at the top/lack of compliance programs

• Reputation of provider

41

Notable Broward CIA Requirements Include:• Extensive management certifications

• Focus arrangement database and process, policies, etc.

• Risk assessment and internal review process regarding arrangements and focus arrangements

• Independent review organization (IRO)• Arrangements systems review – systems, processes, policies and

procedures relating to the initiation, review, approval and tracking of arrangements

• Arrangements transaction review – 50 to determine whether they complied with the focus arrangement procedures and requirements

42

3/16/2016

15

Recent Medical Necessity CIAs

• King’s Daughters Medical Center - May 2014• $40.9 million settlement

• 5-year CIA

• Saint Joseph London - January 2014• $16.9 million settlement

• 5-year CIA

43

Nason Medical Center – Management Certifications• Certifying employees specifically expected to monitor and

oversee activities within their areas of authority and annually certify compliance with applicable federal healthcare program requirements

• Persons include employees with management responsibilities, such as: • Billing manager • Director of Human Resources • Medical directors• Manager and CEO • Laboratory director • Radiology director • Business administration manager • Accounting director • Director of business analysis

44

Nason Medical Center – Employee Certification“I have been trained on and understand the compliance requirements and responsibilities as they relate to [insert name of department, and/or facility], an area under my supervision. My job responsibilities include ensuring compliance with regard to the [insert name of department, and/or facility] with all applicable Federal health care program requirements, obligations of the Corporate Integrity Agreement, and Nason policies, and I have taken steps to promote such compliance. To the best of my knowledge, except as otherwise described herein, the [insert name of department] of Nason is in compliance with all applicable Federal health care program requirements and the obligations of the Corporate Integrity Agreement. I understand that this certification is being provided to and relied upon by the United States."

45

3/16/2016

16

Dignity Health• Appointment of service area compliance officers• Service area compliance committees• Must submit to OIG all documentation reviewed and

actions taken related to compliance oversight• Board resolution of compliance with CIA

• If cannot achieve, explain why

• Certifications:• Executive leadership (9)• Operations leadership (15)• CFO - with annual report submission

• Address inpatient medical necessity• Risk assessment and internal review process

46

Infirmary Health Systems, Inc. • Federal whistle-blower lawsuit that claimed clinics

routinely overpaid doctors to refer radiology patients to hospitals

• Paid $24.5 Million• Whistleblower was physician, received $4.4 million

• Case centered on incentives paid to physicians for referrals

• Signed Corporate Integrity Agreement http://oig.hhs.gov/fraud/cia/agreements/Infirmary_Health_System_07182014.pdf

• Five-year commitment

• Legal IRO required

• Focus arrangement obligations

47

48

Final Thoughts

3/16/2016

17

Compliance Must Be Effective

If an organization is found guilty of a violation of state or federal laws, the government may offer a reduction in penalties if an effectivecompliance program is in place

49

Questions?

bbissey@meditract.com

sean.mckenna@haynesboone.com

kzeko@chanllc.com

50