Health Care Compliance AssociationMedicare Part D Compliance Conference

Tips for Conducting Internal Investigations

Janice H. Ziegler, Esq.

December 10, 2007Baltimore, MD

2

3

Overview

• The legal and enforcement environment

• The Part D Compliance Program as a navigational device

• Investigations – Potential Risks

• Conducting Interval Part D Investigations

• Obligations

• Common Mistakes

• Establishing Effective Protocols

• Self-Reporting

4

The “Perfect Storm” From a Compliance Perspective?

• High profile federal health care program (with significant Congressional and other scrutiny).

• During 2006, $47 Billion in expenditures.

• Complex; extensive regulatory and contractual obligations.

• Complicated business implementation requirements and challenges.

• Substantial delegation of core functions, but Part D Sponsors remain ultimately responsible (under statute, regulations, and contract).

• Data systems complexities.

5

The Calm Before the Storm?

• Focus in 2006 and 2007 was getting the program up and running.

• Getting MEDICS in place and operational.

• CMS monitoring procedures developed, but implementation (including financial audits) lagged.

• DOJ/OIG/CMS ramping up for program review and inspection.

• Significant FWA issues anticipated.

6

• In HHS’ “Top Management Challenges” for 2007, the OIG highlighted three key areas of program vulnerability, including Medicare Part D.

• The Fiscal Year 2008 Work Plan includes a substantial number of Part D related projects.

• OIG has ongoing investigations of Part D cases, as well as audits and evaluations underway.

A Major OIG Priority: Monitoring Part D Program Operations

7

OIG 2008 Work Plan Reflects Focus on Part D Administration

• The OIG Work Plan anticipates examination of a wide range of potential issues/operational concerns, including:

• Duplicate payment for drug claims (A or B & D, Hospice & D, D & D);

• Inappropriate payment under Part D (for items that should be paid for under Part A SNF stays);

• Medicare Part D reconciliations (OIG Report estimated $4.4 Billion in overpayments); and

• Bid submissions (review of adequacy of process).

8

OIG 2008 Work Plan Reflects Focus on Part D Administration

• Part D negotiated drug prices and price concessions (disclosure and pass through of negotiated prices);

• Medicare Part D coordination of benefits;

• Marketing; and

• Part D Sponsor detection and reporting of FWA.

9

CMS’ Evolving Strategy for Detecting and Preventing FWA

• CMS continues to refine its compliance oversight strategy, which includes (or will include):

• Complaint processing;

• Data Monitoring (e.g., identifying anomalies through automated data edits, trend monitoring, and data mining);

• Financial Audits; and

• Compliance Monitoring: • Sponsor Management at CMS Central and Regional Offices;

• Compliance Audits; and

• Operational Safeguards (e.g., bid review and formulary and benefit review).

10

The role of the MEDICS

• MEDICS will:

• Evaluate reports of potential fraud by CMS, Sponsors, and beneficiaries;

• Analyze claims and other data to identify potential fraud or abuse;

• Conduct investigations and develop cases for referral to law enforcement; and

• Conduct program integrity audits.

• General Hint: Do not assume that an audit is less serious than an investigation in terms of potential financial exposure to the company. Auditors and investigators work together with increasing frequency.

11

Part D Enforcement

• In recent months, a new spirit of enforcement at CMS, as evidenced by:

• Posting of Corrective Actions

• Significant CMPs (including largest ever) imposed for alleged marketing violations

• Plan termination

12

Part D Compliance Programs: A Navigational Device

• Part D compliance plans are a contractual and legal obligation; not just “best practices.”

• Per regulation (42 C.F.R. 423.504(b)(4)(vi)) and contract, Part D Sponsors must have compliance plans that consist of:• Written policies, procedures, and standards regarding

compliance; • Designation of compliance officer and committee accountable to

senior management; • Effective training and education between compliance officer and

employees, contractors, agents, and directors; • Effective lines of communication between same;• Enforcement of standards through disciplinary guidelines; and• Effective internal monitoring and auditing procedures.

13

Part D Compliance Programs: Mandated Internal Investigations

• Procedures for prompt responses to detected offenses and development of corrective action initiatives relating to Sponsor’s Part D contract.

• If the Part D Sponsor discovers evidence of misconduct related to payment or delivery of Part D items or services, it MUST conduct a timely and reasonable inquiry into the conduct.

• The Part D Sponsor MUST conduct appropriate corrective action in response to the potential violation.

• E.g., repayment of overpayments and disciplinary actions against responsible individuals.

14

Part D Compliance Programs: FWA Plan

• In addition to the seven basic elements, Part D Sponsors must have a “comprehensive fraud and abuse plan to detect, correct, and prevent fraud waste and abuse.”

15

The FWA Part D Guidance

• FWA Part D Guidance

• June 2005 (8 page draft)

• April 2006 final (approx. 70 pages)

• “Must” vs. “Should”

• Regulatory duty to investigate and conduct appropriate corrective action.

• Significant Sponsor flexibility in developing comprehensive FWA plans; no musts, but lots of recommendations.

16

An Early Snapshot – The OIG’s Take on Part D Compliance Plans

• December 2006 OIG Report:• All Part D Sponsors had compliance plans.

• Seven basic elements generally addressed (at least at a high level); development of FWA program more challenging.

• Few plans contained all 11 of the Part D manual recommendations reviewed.

• Compliance plans lacked detailed FWA programs, even where items were addressed.

• June 2007 CMS Compliance Plan Best Practices Self-assessment Tool

17

Part D Compliance Programs: CMS Recommended Self-Disclosure

• FWA plan “should include procedures to voluntarily self-report potential fraud or misconduct related to the Part D program to the appropriate government authority.”

• Optional self-disclosure remains the state of play, but CMS issued a request for additional comments on December 5th and is committed to requiring mandatory self-reporting once details are resolved.

18

CMS Request for Comments on Mandatory Self-Disclosure

• Comments due on or before February 4, 2007.

• Open issues: • What constitutes “fraud and misconduct”? Should

this be the trigger?

• Who will be responsible to report (e.g., Sponsor or downstream entities)?

• At what point will reporting be required (upon initial discovery or after reasonable due diligence)?

• who will receive the report (e.g., the MEDIC, Part D plan manager, or central office)?

19

Investigations: What is at Stake?

• The government has a range of potential sanctions it can impose on non-complying Part D plans (depending on the nature of the violation), including (but not limited to):

• Intermediate sanctions/termination (or non-renewal) of contract by CMS;

• FCA or AKL enforcement actions, which could result in the imposition of substantial financial penalties and exclusion from participation in federal health care programs.

20

False Claims Act

• Part D Sponsors submit numerous reports and other information to the government that affect the level of payment.

• Under the Part D program, reliance on a subcontractor can lead the Sponsor to falsely represent the costs of the program to the government or to request greater payment amounts than actually justified, resulting in FCA allegations.

21

Anti-Kickback Law

• AKL provides for criminal penalties for individuals or entities that knowingly and willfully offer, pay, solicit, or receive remuneration in order to induce or reward business payable (or reimbursable) under Medicare and other Federal Programs, unless an exception applies.

• Civil penalties of $50,000 per kickback plus 3x amount of the kickback authorized under OIG CMP authority.

• Exclusion (mandatory for certain convictions; permissive in other instances).

22

Responding to Identified Problems

• Lets assume that you have a well-functioning Compliance Plan, and that a potential Medicare overpayment issue is identified through internal audit, compliance hotline reporting, or an exit interview.

• What do you do?

23

Conduct CMS Mandated Internal Investigation

• Chapter 9 (Part D Program to Control FWA).

• Part D Sponsors “must” conduct a timely, reasonable inquiry into any conduct where evidence suggests there has been misconduct related to payment or delivery of drugs under Part D contract (§ 50.2.7.1).

• Follow-up investigations stemming from hotline inquiries and other complaints “should”be initiated within two weeks of receiving the complaint. (§ 50.2.4.2, § 50.2.7.1, and § 50.2.8.2.)

24

“Reasonable Inquiry”

• Section 50.2.7.1 states:

• A reasonable inquiry includes a preliminary investigation of the matter by the Part D Compliance Officer and/or Special Investigative Unit (SIU) for the Sponsor.

• In the event that the Sponsor does not have either the time or the resources to investigate the potential misconduct, it “should” refer the matter to the MEDIC within two weeks of the date the potential misconduct is identified so the potentially fraudulent or abusive activity does not continue.

25

Common Mistakes Made Early in An Investigation

• Assuming the company did nothing wrong. • Believing that an investigation can be made to go away

quickly by giving a “quick and dirty” explanation of company practices in the area.

• Making explanations for the company before qualified, expert health care counsel has carefully assessed the facts and applicable law. Erroneous or incomplete statements made early can be quite damaging.

• Failing promptly to take control of information flow to the government (as well as to the company’s employees and other parties).

• Failing to protect documents from destruction, leading to other potential liability or culpability (e.g., obstruction of justice).

26

Practical Effect of FWA Guidance –Establish a Plan for Investigations

• CMS and its contractors “will investigate all cases as potentially fraudulent and will refer to law enforcement as warranted.”

• Unless willing to allow MEDIC to conduct the “internal investigation,” the Sponsor must have an internal investigation plan and process in place, with adequate staffing, resources, and access to qualified legal counsel.

27

Considerations for Establishing Internal Investigation Protocols

• Roles and Responsibilities

• Timeframes for action

• Involvement of legal counsel – attorney-client and “attorney work product” protections

• Information gathering and interview considerations

• Documenting Investigatory Findings

• Legal Analysis

28

Create a Written Investigative Work Plan

• Lead roles and responsibilities

• Compliance, SIU, legal counsel (be specific)

• Tasks (be specific)

• timeframes and deadlines (be specific)

• Review and revise periodically throughout investigation (be flexible and nimble)

• Include assessment of corrective actions

• Avoid listing legal conclusions

29

Role of Compliance Officer/SIU

• Develop investigative work plan.

• Supervise initial fact finding to assess credibility of complaint; document date of discovery and initial steps.

• Gather (or have others gather) background information – what was known, by whom and when?

• Assess whether to engage counsel.

• Apprise senior management at appropriate times.

• Ensure timely investigation ensues – managing resources effectively.

30

Establishing a “Control Group”

• Internal investigations may involve sensitive information and require exercise of considerable judgment.

• Determine which personnel will assist.

• Designate single liaison to communicate with government/MEDIC, as relevant.

• If “high risk” area (potential legal violations, considerable dollars at issue), consider involving legal counsel.

• Keep group small, if possible.

31

Use of Legal Counsel

• Communications with counsel must be kept confidential to maintain attorney-client privilege.

• Communications seeking legal advice protected; underlying facts are NOT protected.

• Attorneys may supervise investigatory work of others - protected by “Work Product” doctrine (e.g., hire forensic consultants).

• Use of Internal vs. External Counsel.

32

Information/Fact Gathering

• Ensure documents are secured and preserved intact.

• Memo to employees – do not destroy/alter.

• Emails/voicemails/electronic data present challenges to preserve.

• In determining who should gather documents, look for individuals who are independent, reliable and organized.

• Relevance - Err on side of over-inclusiveness at gathering stage.

• Document controls – bate stamping, system to record source of documents.

• Document review – relevance, privilege, “hot documents.”

33

Employee/Contractor Interviews

• Information gathered is “confidential,” but may be shared with management and/or government.

• If very sensitive (e.g., potential criminal violation), apprise of access to their own counsel.

• Two people should conduct interviews (including a note-taker) to avoid “he said/she said.”

• Interview notes – If not an attorney, avoid legal conclusions in notes.

• Access to downstream contractor personnel – look to terms of contract.

34

Assessing Investigative Findings

• Systemic problems or isolated incident?

• Legal/regulatory/contract violation?

• Intentional, negligent, or inadvertent?

• Assessing whether organization “should have known” of violation (reckless).

• Documenting findings (is less more?).

35

Sharing Findings

• Senior management report

• Board of Directors (Compliance/Audit Committee or full Board)

• Reporting findings to MEDIC

36

Referral to MEDIC and Others

• If, after conducting a reasonable inquiry, the Sponsor determines that potential fraud or misconduct related to the Part D program has occurred, the conduct “should”be referred to the MEDIC promptly, but no later than 60 days from determination (and sooner if discovered at 1st

tier or downstream entities – so as to help MEDIC identify and address scams and schemes). • Referral to be documented in format prescribed by

CMS.• What if you can’t meet 60-day reporting timeframe?

• Per CMS Manual, if timeframe cannot be met, Sponsor should contact the MEDIC for further guidance.

• Tips for working with MEDICs.

37

No Report Required

• If no report to MEDIC, document rationale.

• Corrective action nonetheless advised?

• Share with affected employees/contractors?

• What you share, form of report, etc. may itself become subject to scrutiny, so choose carefully.

38

Self-Reporting of Potential Fraud?

• CMS recognizes that regulations state that self-reporting is “voluntary.”(42 C.F.R. § 423.504(b)(4)(vi)(H)), but believes that self-reporting of FWA is a critical element of an effective FWA compliance program.

• CMS has proposed modifying the MA and Part D regulations to add mandatory self-reporting, but declined to do so at this point.

• Considerations.

39

How Do Part D Investigations Differ from Other Types of Investigations?

• Layers of agency/government oversight/ involvement; allocation of responsibility still evolving

• Coordinating and interacting with MEDICs

• Program complexity; need to dig deep

40

Questions and Answers

Janice Ziegler, Esq.

Sonnenschein – Washington DC

202 408-9158

JZiegler@sonnenschein.com

25181273