A 12-Step Program to Better Compliance: A Practical Approach Kim Harvey Looney Anna M. Grizzle 615.850.8722 615.742.7732 kim.looney@wallerlaw.com agrizzle@bassberry.com 11389849 Strict Government Compliance Enforcement Continues Civil Fraud Recoveries FY 2009-2013 ($ Billions) 2 waller.com 1
Strict Government Compliance Enforcement Continues Number of New Qui Tam Lawsuits Filed by Year (FY 2009-2013) 800 700 600 500 400 300 200 100 0 433 753 2009 2010 2011 2012 2013 Source: Fraud Statistics Overview, Civil Division, U.S. DOJ (Dec. 23, 2013) 3 Recent Developments Gov t and relators pursuing FCA claims under theory that Stark violations taint Medicaid claims U.S. ex rel. Baklid-Kunz v. Halifax Hospital Med. Ctr., No. 6:09-cv-1002 (M.D. Fla.) [T]he Medicaid statute prohibits payments to a state for medical services resulting from improper referrals, as defined under the Stark Amendment. Under the FCA, a defendant may be liable for submitting its own false claim or for causing another to submit a false claim. U.S. ex rel. Schubert v. All Children s Health Sys., No. 8:11- cv-01687 (M.D. Fla.) The substantive prohibitions contained in the Stark Amendment are therefore applicable to claims submitted to Medicaid through 1396b(s), and Relator has adequately alleged federal and Florida False Claims Act violations. 4 waller.com 2
Recent Developments Increased scrutiny related to the appropriateness of patient admissions and status St. Joseph s Medical Center - $4.9 million to settle FCA allegations regarding improper short stay admissions (Feb. 2013) Shands Teaching Hospital & Clinics - $26 million to resolve FCA allegations regarding improper inpatient admissions (July 2013) Kyphoplasty Settlements 55 hospitals agree to pay $34 million to settle FCA allegations regarding inpatient kyphoplasty procedures (July 2013) Beth Israel Deaconess - $5.3 million to resolve FCA allegations regarding improper inpatient admissions 5 Recent Developments Increased scrutiny related to reemergence of employed physician model and acquisition of physician practices Results in recent FCA cases suggest focus on valuation issues regarding physician compensation: U.S. ex rel. Drakeford v. Tuomey Healthcare, No. 3:05-cv- 02858 (D.S.C.) - $237 million FCA judgment focused on part-time physician employment arrangements Intermountain Health Care Inc. $25.5 million to settle FCA allegations that hospital paid incentive compensation to physicians in violation of Stark U.S. ex rel. Luque v. Adventist Health, No. 2:08-cv-1271 (E.D. Cal.) - $14.1 million to resolve FCA allegations that hospital paid physicians above fair market value compensation 6 waller.com 3
Recent Developments Recent FCA results suggest focus on billing for unnecessary procedures: St. Joseph London Hospital - $16.5 million FCA settlement for medically unnecessary heart procedures (Jan. 2014) Allegiance Health - $4 million FCA settlement for medically unnecessary heart procedures (July 2013) Dubuis Health System - $8 million FCA settlement for medically unnecessary long term acute care hospitalizations (July 2013) 7 Recent Settlements Abbott Laboratories Pharmaceutical and device off-label settlement Focused on the off-label marketing of Depakote $1.6 billion Pled guilt to misbranding and illegal remuneration 8 waller.com 4
Recent Settlements BCBS of Tennessee HITECH breach notification settlement 57 unencrypted computer hard drives stolen PHI of over 1 million patients $1.5 million Not performing required security evaluation and inadequate facility access controls 9 First Circuit Expands Liability to Contractual Provisions United States ex rel Hutcheson v. Blackstone Med. Lower court A claim can be false or fraudulent for misrepresenting compliance with a legal condition of payment only if Condition is stated in a statute or regulation 1 st Circuit overturned False or fraudulent claims are not limited to conditions set out in regulations or statutes. Holding that a claim may be false or fraudulent because a defendant failed to comply with the terms of underlying contractual provisions as well. 10 waller.com 5
Avoid the Consequences of Non-Compliance Harm to Reputation Disruption to Operations Lost Profits Mandatory Corporate Integrity Agreements Costly Fines and Settlements Criminal Prosecution 11 So How Do You Get There? 12 Basic Steps 1. Know the Scope of a Compliance Program 2. Know the General Compliance Requirements and the Requirements Specific to Your Industry 3. Identify Your Risk Areas 4. Implement Written Policies, Procedures and Standards of Conduct 5. Promote Transparency and a Culture of Compliance 6. Designate a Compliance Officer and Committee 12 waller.com 6
So How Do You Get There? 12 Basic Steps (continued) 7. Educate the Board and Senior Management 8. Conduct Effective and Ongoing Training 9. Conduct Internal Auditing and Monitoring 10. Respond Promptly 11. Enforce Standards Through Well-publicized Disciplinary Guidelines 12. Evaluate and Measure Program Effectiveness Regularly 13 Step 1 Know the Scope of a Compliance Program Medicare Rules Medicaid Rules Third Party Payer Rules Stark Anti-Kickback Sarbanes-Oxley HIPAA and HITECH EMTALA Safety Quality Accreditation Employment and Labor Laws Other Applicable Federal or State Laws Implement Code of Conduct Compliance and Training Includes Contractors and Subcontractors 14 waller.com 7
Step 2 Applicable to all: Know the General Compliance Requirements and the Requirements Specific to Your Industry 1. Implementing written policies, procedures and standards of conduct; 2. Designating a compliance officer and compliance committee; 3. Conducting effective training and education; 4. Developing effective lines of communication; 15 Step 2 Know the General Compliance Requirements and the Requirements Specific to Your Industry (continued) 5. Enforcing standards through well-publicized disciplinary guidelines; 6. Conducting internal monitoring and auditing; and 7. Responding promptly to detected offenses and developing corrective action 16 waller.com 8
Step 2 Compliance Requirements (continued) Industry specific guidance from HHS includes: Nursing Facilities Research Hospitals Pharmaceutical Manufacturers Ambulance Suppliers Individual and Small Group Physician Practices 17 Step 2 Compliance Requirements (continued) Industry specific guidance from HHS includes: MCOs Hospice Durable Medical Equipment Prosthetics, Orthotics, and Supply Industry Third-Party Medical Billing Companies Clinical Laboratories Home Health Agencies 18 waller.com 9
Step 3 Identify Your Risk Areas Each operation will have its own particular areas of risk for non-compliance issues Identify your specific risk areas Design a compliance program accordingly HHS has issued guidance concerning common risk areas for different industries: https://oig.hhs.gov/compliance/complianceguidance/index.asp 19 Step 3 Examples of Different Risk Areas Pharmaceutical/Manufacturers/Suppliers Integrity of data used to establish payment Kickbacks and other illegal remuneration Compliance with laws regulating drug samples Individual and Group Practices Coding and Billing Reasonable and Necessary Services Only Documentation timely, accurate and complete Improper Inducements 20 waller.com 10
Step 4 Implement Written Policies, Procedures & Standards of Conduct These documents should: Describe compliance expectations; Implement the operation of the compliance program; Provide guidance on dealing with compliance issues; Identify how to communicate issues to compliance personnel; Describe how issues are investigated and resolved; and Include a policy of non-intimidation and non-retaliation 21 Step 4 Policies and Procedures May include: Fraud, waste and abuse training requirements Reporting Structure Hotline and other reporting mechanisms Methods of investigating and addressing issues Update regularly 22 waller.com 11
Step 4 Standards (Code) of Conduct The Code of Conduct should: State principles and values of the company Include an expectation that all employee s will act in an ethical manner Describe reporting mechanism for fraud, waste and abuse Explain how issues will be handled Include a commitment to compliance and lawful conduct Approved by the entity s full governing body 23 Step 4 Distribution of Policies, Procedures and Standard of Conduct Update regularly to reflect changes in laws and regulations Distribute to Employees: Within 90 days of hiring When there are updates Annually Written acknowledgement 24 waller.com 12
Step 5 Promote Transparency and a Culture of Compliance Some basics on how to do this: Code of conduct committed to compliance Identify and address conflicts of interest Ensure regular and effective training Conduct internal on both: Contractual; and Legal obligations 25 Step 5 Promote Transparency and a Culture of Compliance (continued) Some basics on how to do this: Maintain clear records of compliance issues and their resolution Report potential violations to the appropriate authority immediately; AND Develop effective and open lines of communication 26 waller.com 13
Step 5 Effective Lines of Communication Between Personnel and Compliance Officer Board/Senior Management and Compliance Officer Clear non-retaliation policy for reporting Use multiple methods to communicate 27 Step 6 Designate Compliance Officer and Committee OIG guidelines for Compliance Officer: - Should be a member of senior management - Direct access to the governing body and senior management - Reports to senior most leader and to governing body - Reports made through the compliance infrastructure - Revise program according to changes in law or organization - Develop and coordinate in educational and training programs - Ensure independent contractors are aware of compliance program - Investigate and act on compliance issues OIG recommends designation of a compliance committee to advise the compliance officer if appropriate for entity size and operations. 28 waller.com 14
Step 6 Independence of Officer and Committee Maintaining independence Increases effectiveness of compliance program and Shows a commitment to fostering compliance Should you separate counsel and other senior management from compliance? OIG guidelines: Does the compliance officer have independent authority to retain legal counsel? A recent Deferred Prosecution Agreement with HSBC requires separating the compliance officer from counsel and elevating compliance officer within hierarchy. 29 Step 7 Educate the Board and Senior Management on Responsibility Board responsible for overseeing compliance programs Held accountable for violations if Oversight is substandard; or A culture of non-compliance exists within business 30 waller.com 15
Step 7 Educate the Board and Senior Management on Responsibility (continued) Park Doctrine Criminal liability does not require awareness of wrongdoing or conscious fraud Prima facie case: evidence that the defendant had, by reason of his position in the corporation, responsibility and authority to prevent in the first instance, or promptly correct, the violation complained of and that he failed to do so. U.S. v. Park. 31 Step 7 Educate the Board and Senior Management on Responsibility (continued) OIG Will hold corporate officials accountable for healthcare fraud Doctrine often applied in criminal cases Purdue Frederick: OIG excluded CEO, GC, and Chief Medical Officer for 12 years 32 waller.com 16
Step 7 Educate the Board and Senior Management on Responsibility (continued) CMS Guidelines on Governing Body and Senior Management http://www.cms.gov/regulations-and- Guidance/Guidance/Manuals/index.html 33 Step 8 Conduct Effective & Ongoing Training Who Should Receive Training? All employees Including CEO, senior executives and management Governing body First Tier, Downstream and Related Entities How often? Upon initial hiring When new requirements emerge Annually 34 waller.com 17
Step 8 Conduct Effective & Ongoing Training (continued) Document training Record and retain clear documentation of substance and attendance Documentation is evidence of compliance 35 Step 8 Conduct Effective & Ongoing Training (continued) Don t forget about the Compliance Officer and Compliance Committee Regular training Ongoing education Conferences Webinars Industry Publications OIG website 36 waller.com 18
Step 9 Conduct Internal Auditing and Monitoring Create an audit plan and update regularly Review Proactively, Not Retroactively Evaluate the cause of any issues Establish corrective plans Further guidance: OIG Workplan Current CIAs 37 Step 10 Respond Promptly to Situations and Undertake Corrective Action Establish a system to respond to any issues promptly Reasonable inquiry into any potential noncompliance Communicate with individual reporting issue, if appropriate Use the system to track the issues and their resolution 38 waller.com 19
Step 10 Respond Promptly to Situations and Undertake Corrective Action (continued) Use the system to track the issues and their resolution Take appropriate corrective action to: Correct the current problem Disclose to government (CMS/OIG) if necessary Deter future violations 39 Step 11 Enforce Standards Through Well- Publicized Disciplinary Guidelines Establish disciplinary procedures and clear consequences for violations Disseminate disciplinary guidelines and ensure employees are aware of them Apply uniformly across the entity and at all levels 40 waller.com 20
Step 11 OIG Disciplinary Guidelines OIG has provided specific guidance on disciplinary procedures that may be useful Procedures should: Articulate expectations for reporting and resolving issues Identify noncompliance or unethical behavior; and Set forth the degrees of disciplinary actions that may be imposed Provide for more significant sanctions for intentional or reckless noncompliance 41 Step 12 Evaluate and Measure Program Effectiveness Regularly Why do we need to regularly evaluate the compliance program? Demonstrates commitment to compliance Detects problems within program early Prevents unnecessary violations due to program weaknesses May avoid enforcement actions CMPs CIAs Exclusion Criminal prosecution Revocation of billing privileges 42 waller.com 21
Step 12 Evaluate and Measure Program Effectiveness Regularly (continued) How do you do it? Set benchmarks and measurable goals Measure attainment of goals regularly Investigate failure to meet goals Report results to board Assess where the problems are and suggest solutions Adequate funding Sufficient support throughout the entity, including upper management 43 Questions? Kim Harvey Looney Anna M. Grizzle 615.850.8722 615.742.7732 kim.looney@wallerlaw.com agrizzle@bassberry.com 44 waller.com 22