The Searchlight Intensifies: Investigations, Self-Disclosures, Whistleblowers, Oh My!

Size: px

Start display at page:

Download "The Searchlight Intensifies: Investigations, Self-Disclosures, Whistleblowers, Oh My!"

Morris Sparks
6 years ago
Views:

2 AGENDA I. Agency Enforcement Updates II.Key Policy and Regulatory Updates III.Hottest Compliance Risks IV.Board s Role in Overseeing the Compliance Program 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 2

4 OIG ENFORCEMENT: RETURN ON INVESTMENT Individuals and entities excluded from Federal health care programs FY 2011 FY 2012 FY 2013 FY ,662 3,131 3,214 4,017 Total health care fraud judgments and settlements $2.4 billion $3.0 billion $2.6 billion $2.3 billion Total OIG expected recoveries (including investigations and audits) $5.2 billion $6.9 billion $5.8 billion $4.9 billion Return on investment from various HCFAC activities $1.5 to $1 $7.9 to $1 $8 to $1 $7.7 to $1 Sources: OIG Budget Requests to Congress; Health Care Fraud and Abuse Control Program Annual Report (FY 2013, FY 2014, FY 2015, FY 2016) 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 4

5 THE OIG S FY 2015 WORKPLAN Annually, the HHS OIG issues a work plan summarizing new and ongoing reviews and activities that the OIG plans to pursue with respect to HHS programs For 2015, the OIG announced two new reviews related to health centers: Health center compliance with grant requirements, focusing on allowability of expenditures and the adequacy of accounting systems that assess and account for program income HRSA oversight of vulnerable health center grantees (i.e., health centers with documented compliance issues), focusing on HRSA s award of funds to grantees with serious, ongoing compliance or performance issues Other reviews related to health centers included: Screening process for new Medicare providers Program integrity at the state level Federal Debarment and whether HHS is taking adequate precautions to ensure that individuals and entities suspended or debarred are not awarded federal grants or contracts 340B duplicate discounts, focusing on those drugs purchased through Medicaid managed care organizations and States efforts to prevent duplicate discounts 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 5

6 340B AUDITS In response to GAO report and Congressional interest, Office of Pharmacy Affairs (OPA) has begun: Annual re-certification of all covered entities (CEs), including contract pharmacy arrangements OPA on track to conduct 200 audits in FY 2015 targeted and random Review of relevant policies and procedures Verification of CE eligibility Verification of internal controls to prevent diversion and duplicate discounts Medicaid exclusion file listing Contract pharmacy compliance Testing 340B transaction records on sample basis Note: Significant uptick in 340B purchases and/or large contract pharmacy networks attract audits 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 6

7 HOT ISSUES IN 340B AUDITS Diversion Contract pharmacy dispenses 340B drugs to non-patients Prescription written by ineligible provider No patient record documenting prescription Delivery site not registered on OPA database Contract Pharmacies No written contract Actual delivery sites do not match OPA database Duplicate Discounts Inaccurate record on OPA Medicaid Exclusion File Billing Medicaid contrary to data on file No NPI or Medicaid billing number registered Using contract pharmacy to dispense to Medicaid fee-for service beneficiaries without method to prevent duplicate discounts Administrative Registration of new health center sites with OPA Wrong authorizing official or contact person No, or inadequate, written policies and procedures for 340B program 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 7

8 340B COMPLIANCE IN OSVS All OSVs after October 1, 2014 for health centers that participate in the 340B program now include questions regarding of compliance with 340B requirements (questions are not included in the site visit guide) Reviewers will ask five standard Yes/No questions: Does the health center participate in the 340B drug pricing program? If yes, does the health center have written 340B policies and procedures? If yes, do the policies and procedures account for how the health center will prevent duplicate discounts and diversion? If the health center uses contract pharmacies, do they have appropriate contracts in place with clauses to prohibit duplicate discounts and diversion? Does the health center attest that it provides oversight (e.g. annual audit or other mechanism) of the 340B drugs dispensed by the contract pharmacy? Reviewers will not actually test compliance, but will flag health centers that may be out of compliance with 340B by sharing any no responses to 340B questions with OPA, which may trigger a follow-up review by OPA 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 8

9 HIPAA ENFORCEMENT ACTIVITY HIPAA Final Rule Changes (2013) Business Associate definition expanded Notice of Privacy Practices requirements updated Breach definitions changed and risk assessment requirement added Compliance issues investigated most: Impermissible uses and disclosures of PHI and disclosures of more than the minimum necessary PHI; Lack of safeguards of PHI Lack of administrative safeguards of electronic PHI Lack of written Security Rule policies Lack of risk management strategies 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 9

10 ON THE HORIZON The HIPAA Audits Are (Still) Coming now in 2016! OCR created a pool of covered entities (CEs) eligible for audit Screening pre-survey (to confirm size, type, etc.) was scheduled for summer 2014 with a new anticipated start date in 2016 Selected CEs and business associates will receive notification and data requests for audits (either a desk or on-site audit) Updated protocol will be available on website OCR s Security Risk Assessment Tool: Two recent reports from the HHS Office of Inspector General focus on OCR s oversight of covered entities, recommending that OCR: Fully implement a permanent audit program Maintain complete documentation of CE compliance, including corrective action plans, in the Program Information Management System ( PIMS ) and develop an efficient method to search for and track CE investigation histories and reported prior breaches Require staff to check for previous investigations and reported prior breaches Enter small-breach information into a case-tracking system or other searchable database linked to PIMS OCR is likely to enhance scrutiny of covered entities in response to OIG s reports 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 10

11 2015 ENFORCEMENT HIGHLIGHTS Cancer Care Group, P.C. ($750,000): self-reported a stolen laptop and unencrypted backup media, which contained the names, addresses, dates of birth, Social Security numbers, insurance information and clinical information of approximately 55,000 current and former patients; investigation found additional non-compliance with HIPAA Security Rule (e.g., no policy regarding the common practice of bringing electronic hardware with ephi into and out of its facilities) St. Elizabeth s Medical Center ($218,400): failed to conduct an adequate risk analysis prior to using internet-based document sharing application containing the ephi of nearly 500 individuals; failed to timely identify, respond to, and document a known security incident and to mitigate the harmful effects Cornell Prescription Pharmacy ($125,000): disposed unsecured, unshredded documents containing the PHI of 1,610 patients in an unlocked, open container onsite and failed to implement written policies and procedures required by the HIPAA Privacy Rule 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 11

12 2014 ENFORCEMENT HIGHLIGHTS Anchorage Community Mental Health Services ($150,000): malware compromised security of ephi for 2,743 individuals because ACMHS adopted, but did not follow, Security Rule policies and procedures and failed to identify and address basic risks (e.g., updating software and installing security patches) Concentra Health Services ($1.7 million): unencrypted laptop stolen; failed to remedy identified lack of encryption and lacked adequate risk management strategies QCA Health Plan, Inc. of Arkansas ($250,000): unencrypted laptop with PHI of 148 individuals stolen from employee car New York and Presbyterian Hospital ($3.3 million): disclosed 6,800 patients ephi to Internet search engines when a computer server with access to hospital systems was errantly reconfigured Columbia University ($1.5 million): failed to conduct adequate risk analysis prior to breach and failure to monitor systems linked to ephi at New York and Presbyterian Hospital Parkview Health System, Inc. ($800,000): employees left boxes of medical records unattended in a driveway 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 12

14 340B PROGRAM OMNIBUS GUIDANCE On August 28, 2015, HRSA released proposed guidance for covered entities (CEs) enrolled in the 340B program to aid compliance with the statutory requirements: Major change to the patient definition: an individual will be considered a patient of a covered entity if (s)he meets six requirements, which must be reevaluated on a prescription-by-prescription / order-by-order basis: 1. Service must be rendered at a CE s site 2. The covered drug is ordered/prescribed by a provider employed by a CE or working as an independent contractor of CE (i.e., the CE bills for the services) 3. The drug is received as a result of a service described in criteria #2 (i.e., an individual is not a patient if the only service is dispensing of a drug) 4. The health care service must be consistent with the CE s scope of grant 5. The individual is classified as outpatient when the drug is ordered/prescribed 6. The Individual has a relationship with CE such that the CE maintains access to auditable healthcare records Major concern for health centers: prescriptions resulting from referrals to outside specialty care will not be covered because the service is not rendered at the health center site and is not billed by the health center Comments are due October 27, Feldesman Tucker Leifer Fidell LLP. All rights reserved. 14

15 OMB SUPERCIRCULAR: PROCESS AND EFFECTIVE DATES On Dec. 19, 2014, HHS issued the agency-implementing rules set forth in 45 CFR Part 75, superseding 45 CFR Part 74 and 92 for awards made after the effective date In the interest of establishing one location for each federal department s implementing regulations, HHS provided a link to its policy implementation in 2 CFR Part 300 Dec. 26, 2014 The Supercircular became effective as to grant awards made after this date Current awards unchanged Grace period for implementation of new procurement rules: health centers have TWO full fiscal years after the effective date to implement the new procurement rules (originally one year, but extended to two years by recently issued FAQs) To take advantage of the grace period, health center must: Document in internal procurement policies that the health center is following the old procurement rules AND Meet the documentation standard 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 15

16 OMB SUPERCIRCULAR: TIME & EFFORT REPORTING Documentation of staff time spent on programmatic activities that demonstrates health center s right to charge costs to Federal grant New rules emphasize the use of internal controls, rather than specific required procedures (e.g., budget estimates are not usable alone, but are usable on an interim basis as long as there is a review process) Documentation Standards (45 C.F.R (i)(1)) No rigid rules regarding the type of records or reporting time frame If a time and effort reporting system met the old requirements, it will likely meet the new ones Personal Activity Reports are no longer the default rule (but government could choose to require them if a grantee does not meet new standards) 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 16

17 OMB SUPERCIRCULAR: TIME & EFFORT REPORTING Documentation must accurately reflect the work performed : Internal controls must provide reasonable assurance that the charges are accurate, allowable, and properly allocated Documentation must be incorporated into the health center s official records Records must reasonably reflect the total activity for which an employee is compensated by the health center Records should include both federally assisted and all other activities, distributing an employee s salary among multiple activities, if applicable Each health center must comply with its own established accounting policies Charges for salaries and wages of nonexempt employees must be supported by records indicating hours worked (no change) Records may reflect categories of activities expressed as a percentage distribution of total activities 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 17

18 OMB SUPERCIRCULAR: CHANGES TO PROCUREMENT Organizational conflicts of interest Maintain written standards of conduct outlining organizational conflicts of interest if the health center has a parent company, affiliate, or subsidiary that is not a state, local government, or Indian Tribe Under the Supercircular, organizational conflicts of interest means that because of relationships with a parent company, affiliate, or subsidiary organization, a health center is unable or appears unable to be impartial in conducting a procurement action involving a related organization Sole Sourcing rules Outlines four circumstances where sole source procurements over $3,000 are allowed: (1) Item is available from only one source; (2) Public exigency or emergency; (3) Authorized by awarding agency; or (4) After solicitation from a number of sources, competition deemed inadequate Simplified Acquisition Threshold updated ($150,000) May use simplified procurement procedures for purchases under this threshold Micro-Purchase Threshold Do not need to solicit competitive bids for a purchase of supplies or services under $3,000, so long as the cost is reasonable Not new (but still important) Competition requirements Documentation of cost/price analysis 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 18

19 THE SUPERCIRCULAR: OTHER MAJOR CHANGES Strong encouragement to use Indirect Cost Rate Agreements (ICRA) Indirect cost rate: specific % applied to a base (e.g., Direct Salaries, Modified Total Direct Costs or Useable Sq. Ft.) If a grantee has a negotiated indirect cost rate, all Federal agencies must accept it unless there is a statutory, regulatory, or otherwise approved reason for deviation. Pass through entities also have to recognize their subrecipients negotiated ICRA between the sub and the feds (if one exists) Minimum flat rate for entities (10% of modified direct costs) that have not previously had a negotiated rate before, may be used indefinitely Subrecipient vs. Contractor Distinguishes between Subrecipient (2 CFR ) and Contractor (2 CFR , previously known as vendors ) based on the nature and purpose of the funds Impacts procurement requirements, reporting obligations, and collateral rights for subrecipients 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 19

20 PROPOSED RULE: MANAGED CARE CMS Proposed Rule Medicaid and Children s Health Insurance Program (CHIP) Programs; Medicaid Managed Care, CHIP Delivered in Managed Care, Medicaid and CHIP Comprehensive Quality Strategies, and Revisions Related to Third Party Liability First time since 2002 that CMS has updated the rules governing Medicaid Managed Care Organizations (MCOs) Aimed at addressing the changing needs of the population: beneficiaries with more complex needs, larger geographic areas, additional services, and newly eligible adults under the ACA by: Strengthening beneficiary protections Aligning Medicaid managed care standards with other coverage programs Addressing delivery and payment system reform Improving the quality of care across delivery systems Increasing health plan and state accountability Strengthening state and federal oversight 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 20

21 PROPOSED RULE: MANAGED CARE NACHC submitted comments on July 24, 2015: Commented on a number of issues impacting health centers including: The intersection of the 340B program and Medicaid managed care Network adequacy standards for MCOs Whether health centers can receive state funding for providing outreach & enrollment assistance to Medicaid MCO enrollees States responsibility to make wrap-around payments directly to health centers Credentialing requirements under MCOs Value-based purchasing initiatives Beneficiary protections 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 21

22 PROPOSED RULE: MENTAL HEALTH PARITY Centers for Medicare & Medicaid Services (CMS) Proposed Rule Application of Mental Health Parity Requirements to Coverage Offered by Medicaid Managed Care Organizations, the Children's Health Insurance Program (CHIP), and Alternative Benefit Plans Previous laws enacted in 1996 and 2008 require parity between mental health/substance use disorder (MH/SUD) benefits and medical/surgical benefits with respect to financial requirements and treatment limitations under group health plans and group and individual health insurance coverage ACA extended parity requirements to public coverage and the proposed rule implements this change ensuring that: MH/SUD benefits are no more restrictive than medical and surgical services All beneficiaries receiving services through Medicaid managed care organizations (MCOs) or under alternative benefit plans (ABPs) have access to MH/SUD benefits regardless of whether services are provided through the MCO or another service delivery system The full scope of the proposed rule applies to CHIP, regardless of how care is provided (e.g., fee-for-service or managed care) 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 22

23 PROPOSED RULE: MENTAL HEALTH PARITY NACHC submitted comments on June 9, 2015: Seeking clarification that the rule does not allow states to place quantitative service limits on required services provided at health centers (e.g., behavioral health services provided by Clinical Psychologists and Licensed Clinical Social Workers) Recommending that CMS encourage states to: Cover a broad range of behavioral health provider types Allow health centers to bill for two visits if a patient receives both medical/surgical services and MH/SUD services on the same day Update PPS rates to reflect the way that health centers provide services (i.e., integrated physical and behavioral health services) 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 23

24 FTCA PROPOSED RULE ON DE-DEEMING Department of Justice (DOJ) Proposed Rule Determination That an Individual Shall Not Be Deemed an Employee of the Public Health Service regarding de-deeming released March 6, 2015 Proposed rule outlines criteria and a process by which the DOJ can determine that an individual shall be barred from participating in the FTCA program ( de-deemed ) as it may expose the Government to an unreasonably high degree of risk of loss Proposed criteria, which mirror the statute, include one or more findings that the individual: Did not comply with procedures set by the health center to reduce the risk of malpractice Has a history of malpractice claims filed against him or her (outside the norm for similarly licensed or certified providers in that specialty) Refused to reasonably cooperate with the AG in defending the claim Provided false information relevant to his or her duties in relation to the claim Was the subject of disciplinary action taken by a state medical licensing authority or a state or national professional society 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 24

25 FTCA PROPOSED RULE ON DE-DEEMING NACHC submitted comments on May 5, 2015: Requesting more information on: How DOJ will interpret and implement the criteria used to determine if an individual poses an unreasonably high degree of risk of loss (e.g., how many claims constitutes a history of malpractice claims?) The nature, extent, and timing of the required consultation between DOJ and DHHS regarding potentially de-deemed individuals Recommending that individual providers subject to an administrative hearing be given an explanation of the initial determination (i.e., why (s)he poses an unreasonably high degree of risk ) at the time (s)he is notified of the hearing 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 25

28 REQUIRED & ADDITIONAL SERVICES Ensure mix and level of services is consistent with needs assessment / strategic plan Determine most effective mode of delivery for each in-scope service; can vary by site Ensure contracted service arrangements, hospitalization and other referral arrangements are formalized and compliant 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 28

29 BOARD-MANAGEMENT RELATIONSHIP Board of Directors role: Determines health center mission and vision, goals, priorities and strategy Adopts general policies Establishes measures of accountability Selects and oversees CEO Evaluates the overall performance of the health center CEO/Management s role: Implementation of Board-established priorities and policies Hire, evaluate, fire all staff Operate within available resources Address patient and employee grievances Keep the Board fully informed Foster respectful Board-Management relationships and recognizes their respective roles and limitations (i.e., Board and CEO should not cross the line or usurp each other s roles): Board should participate in reviewing and approving key actions of the health center, but delegates implementation of priorities and policies and comprehensive day-to-day operational responsibilities to CEO and the management team Management must trust the Board to establish strategic priorities, make broad policy decisions, and approve key health center actions 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 29

30 SLIDING FEE DISCOUNT PROGRAM (PIN ) Schedule of Charges must be consistent with locally prevailing rates and designed to cover the health center s costs Schedule of Discounts off charges must be applied uniformly to all patients who qualify Only factors for eligibility are income and family size (as defined by the Board) No discounts for patients with annual income above 200% FPL Health centers receiving non-330 funding sources that provide for discounts above 200% (such as Ryan White funds) may reduce such patients payments accordingly by allocating all or some of the charge to such other source At least three graduated pay classes between 101%-200% FPL (% or flat fee) No more than a nominal fee for patients at or below 100% FPL Discounts must be applied to all services furnished within the health center s scope of project for which a charge has been established (required or additional, regardless of the type of service or mode of delivery) Additional flexibility with respect to discounting supplies and equipment related to a service, such as eyeglasses or dentures (compared to supplies and equipment included in a service, e.g., casting materials and bandages) Ensure discounts offered by in-scope referral providers or pay the difference Fully charge all third-party payors 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 30

31 SLIDING FEE DISCOUNTS Full board must approve and periodically review all SFDP policies, not just sliding fee discount schedule Evaluate annually whether discounts or nominal fee(s) create a barrier to care Policy regarding eligibility / income verification documentation should balance the need to ensure no barrier to care with requirement to offer discounts/nominal fees to patients with certain levels of annual income If a patient chooses not to provide the required eligibility verification information, health centers may deem the patient ineligible and charge them full fee (provided this policy is applied uniformly) Health centers cannot require patients to apply and be turned down for insurance prior to accessing the SFDS, or provide a blanket waiver of fees for all individuals in a special population Establish and/or review and update policy regarding whether and in what circumstances health center may waive or reduce fees for individuals who do not otherwise qualify for discounts Approve and update partial payment / discount schedules and policies Establish and/or review procedures regarding bad debt write offs and collection from self-pay patients 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 31

32 COLLABORATIONS & AFFILIATIONS Structure affiliations / collaborations in compliance with all Section 330- related requirements (including service requirements and affiliation policies) and, as appropriate, procurement rules PINs # and # address Affiliation Agreements 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 32

33 CONFLICT OF INTEREST POLICY Boards must approve and annually update a comprehensive Conflict of Interest Policy ( Standards of Conduct ) Adopt policies that define conflict of interest and establishes other prohibitions regarding: gifts and gratuities, nepotism, and bribery Establish procedures to disclose and manage potential or actual conflicts of interest for board members, employees, contractors and other agents of the health center Specifically consider the following risks: Board members or immediate family members providing services to the health center Board member expense reimbursement policies Confidentiality Address consequences for violating the policies 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 33

34 ADDITIONAL GOVERNANCE HIGH RISK AREAS Rogue conduct: Individually speaking for or acting in an official capacity on behalf of the health center without specific authorization Publicly disagreeing with decisions made or actions taken by the full board and/or management Communicating with health center staff directly (except in special circumstances, e.g., staff assigned to support board committees) Preferential treatment: Scheduling patient appointments Discounts, waivers of fees/collections 340B Contracting with health center to provide goods/services 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 34

35 ADDITIONAL HIGH RISK AREAS CEO compensation packages & wage and benefit scales for other personnel: Health centers may pay reasonable compensation Comply with Internal Revenue Service requirements (to avoid intermediate sanctions ) and the applicable cost principles when establishing CEO compensation and, more generally, when approving salary and benefit scales for all other categories of personnel consistent with Section 330-related regulations Documentation of comparability Include all compensation, including fringe benefits, incentives, etc. No conflicts of interest Remember, ALL compensation must be considered, including: fringe benefits, insurance, car allowances, incentives, etc Feldesman Tucker Leifer Fidell LLP. All rights reserved. 35

36 DISTINGUISHING BETWEEN LOBBYING AND POLITICAL ACTIVITY Lobbying: written or oral communication that is an attempt to influence (for or against) specific legislation, including referenda, initiatives, or similar ballot measures Tax law: Health centers may lobby, within certain limits Federal cost principles: federal grant funds may not be used to support the cost of lobbying activities Education is not lobbying! Political activity: Health centers may not intervene in any election for public office or attempt to influence the outcome of any federal, state or local election Board members can support or oppose candidates and engage in political process as individuals, PROVIDED THAT they do not act on behalf of the health center or use any health center resources 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 36

38 MANDATORY COMPLIANCE PROGRAMS Caremark Decision: Delaware Court held that a Board s failure to adopt a compliance program may constitute a breach of fiduciary duties Section 330 implementing regulations require a health center s Board of Directors to ensure that the health center is operated in compliance with applicable Federal, State and local laws and regulations (42 C.F.R. 51c.304(d)(3)(v)) 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 38

39 7 ELEMENTS OF EFFECTIVE COMPLIANCE PROGRAMS (PER FEDERAL GUIDELINES) 1. Designate a compliance officer/contact 2. Conduct internal monitoring and audits 3. Develop written standards and policies to implement the Compliance Program and govern health center operations 4. Conduct culturally and linguistically competent training and education programs 5. Develop effective, clear, open lines of communication between compliance and health center personnel - open door policy and policy prohibiting retaliation 6. Investigate detected problems and develop corrective action 7. Publicize and enforce disciplinary standards 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 39

40 NEW YORK STATE S EIGHT ELEMENTS OF EFFECTIVE COMPLIANCE PLANS 1. Written policies and procedures that describe compliance expectations 2. A designated compliance officer and compliance committee 3. Education and training of all affected employees and persons associated with the provider 4. Communication lines and processes for the reporting of compliance concerns 5. A system for responding to, investigating, correcting and reporting compliance issues as they are raised 6. Enforcement and disciplinary policies and procedures to encourage good faith participation in the compliance plan 7. Monitoring and auditing systems to aid in the routine identification of compliance risk areas 8. A policy of non-intimidation and non-retaliation against any person for good faith participation in the compliance plan 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 40

41 IMPLEMENTING COMPLIANCE PROGRAMS Organizational structure of an effective program: Board of Directors Oversees compliance program; may delegate some of the oversight activities to a Compliance (or Audit) Committee of the Board but should retain final oversight responsibility Holds Chief Executive Officer (CEO) accountable for compliance Chief Executive Officer Hires Compliance Officer Holds senior staff accountable for compliance within respective areas of responsibility Compliance Officer Implements compliance program at health center Provides accurate and complete reports to the CEO and the Board May chair a staff-level compliance committee 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 41

42 OVERSEEING THE COMPLIANCE PROGRAM Board s role in ensuring health center compliance: Approve adequate financial support for the compliance program Review and update compliance program policies Review the annual compliance program work plan and, during the year, monitor progress toward its implementation Receive regular reports from the compliance officer about Compliance Program activities; consult with management about investigations of significant compliance concerns (as appropriate) Periodically evaluate the effectiveness of the Compliance Program 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 42

43 KEY QUESTIONS FOR IMPLEMENTING A COMPLIANCE PROGRAM When establishing a new compliance program or reviewing an existing compliance program, consider whether the health center has: Implemented all seven elements? Identified and prioritized high risk areas? Operated under an annual compliance work plan? Established oversight of compliance program by Board of Directors? Allocated sufficient resources based upon the size and budget of health center? Demonstrated effectiveness in promoting compliance? 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 43

44 GENERAL COMPLIANCE ADVICE FOR THE BOARD Do: Participate in training and education regarding compliance program and high risks Be prepared to be consulted and act aggressively if material compliance issues are identified NOTE: Review compliance issues in Executive Session Request periodic independent audits of the compliance program Do not: Succumb to the temptation to be an outlet for employees who want to end run the established compliance process Expect management to report all unsubstantiated allegations (as opposed to substantiated and significant compliance concerns) Pay lip service to compliance without a true commitment, including a commitment with words, actions, and financial support 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 44

45 OIG GUIDANCE ON BOARD S ROLE IN COMPLIANCE Given the growing enforcement environment and its increasing emphasis on compliance, OIG developed a series of resources for health care organization Boards of Directors These educational resources: Describe the Board s duties and obligations related to the development, implementation, and oversight of a compliance program Distinguish between the roles of in-house counsel and the compliance officer and each position s reporting relationship to the Board Recognize that oversight of quality of care is core fiduciary responsibility of Board members and an emerging enforcement priority Focus on the Board s obligation to make reasonable inquiries into operations in order keep a finger on the pulse of health center activities and ensure that structures and processes exist to review data for accuracy, evaluate potential risks, and address any identified concerns related to quality of care Each include a series of suggested questions to assist Boards in exercising their responsibilities related to the organization s compliance and QI/QA programs 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 45

46 OIG S SUGGESTED STRUCTURAL QUESTIONS Structural questions to oversee and understand the scope, structure, goals and limitations of the program: How is the compliance program structured and who are the key employees responsible for its implementation and operation? How is the Board structured to oversee compliance issues? How does the compliance reporting system work? How frequently does the Board receive reports about compliance issues? Does the compliance program address the significant risks of the organization? How were those risks determined and how are new compliance risks identified and incorporated into the program? What will be the level of resources necessary to implement the compliance program as envisioned by the Board? 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 46

47 OIG S SUGGESTED OPERATIONAL QUESTIONS Operational questions assist periodic evaluation of the program s effectiveness, and the sufficiency of the reporting system: How has the Code of Conduct been incorporated into corporate policies across the organization? How do you know it is understood and accepted across the organization? Have compliance-related responsibilities been assigned across the appropriate levels of the organization? Has management provided the Compliance Officer with the autonomy and resources necessary to perform assessments and respond appropriately to misconduct? What is the scope of compliance-related education and training across the organization? How is the Board kept apprised of significant regulatory and industry developments affecting the organization s risk? Does the organization periodically evaluate the effectiveness of the compliance program? 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 47

48 OIG S SUGGESTED QUALITY QUESTIONS Questions to oversee and understand the scope and operation of quality and safety initiatives: What are the goals of the QI/QA program? What metrics and benchmarks are used to measure progress toward these goals? How does the organization measure and improve the quality of patient care? Who are the key management and clinical leaders responsible for these programs? How are the QI/QA processes integrated into overall corporate policies and operations? Are clinical quality standards supported by operational policies? How does management implement and enforce these policies? Are there internal controls? Does the Board have a formal orientation and continuing education process to help members understand the QI/QA program? What information is essential to the Board s ability to understand and evaluate the organization s QI/QA program? How are the QI/QA processes coordinated with the corporate compliance program? What processes are in place to promote the reporting of quality concerns and to protect those who ask questions and report problems? What guidelines exist for reporting quality and/or patient safety concerns to the Board? 2015 Feldesman Tucker Leifer Fidell LLP. All rights reserved. 48

49 RESOURCES: OIG GUIDANCE ON BOARD S ROLE IN COMPLIANCE The Health Care Director s Compliance Duties: A Continued Focus of Attention and Enforcement (2010), a compilation of the three previous resources: Corporate Responsibility and Corporate Compliance: A Resource for Health Care Boards of Directors (April 2003) An Integrated Approach to Corporate Compliance (July 2004) Corporate Responsibility and Health Care Quality: A Resource for Health Care Boards of Directors (Sept. 2007) NEW: Practical Guidance for Health Care Governing Boards on Compliance Oversight (April 2015) Clarifies roles of, and relationships between, the Board and the organization s audit, compliance, and legal departments Emphasizes that compliance programs are not one size fits all and must be tailored to each organization Underscores the importance of establishing processes for reporting issues within the organization and explains practical approaches to identifying potential risks Highlights ways to encourage organization-wide accountability for achievement of compliance goals and objectives These reports and other compliance resources from OIG are available at this link: Feldesman Tucker Leifer Fidell LLP. All rights reserved. 49