NAVIGATING HEALTHCARE COMPLIANCE · –Office of Civil Rights (OCR) conduct audits as part of...

NAVIGATING HEALTHCARE

COMPLIANCECurrent trends in Health Care Enforcement

HFMA Gulf Coast Conference

Samuel J. Louis

Partner

Strasburger & Price, LLP

Navigating Healthcare Issues

The health-care industry can expect to face a wide range of compliance challenges in 2016, including new rules and increased enforcement actions. Climbing a sand covered hill seems much easier than understanding health-care regulations

Coverage of Health Care Fraud

Government arrests 243 in largest

crackdown on health-care fraudBy Lenny Bernstein and Sari Horwitz June 18, 2015

In Miami, the owners of a mental-health treatment center allegedly

billed Medicare for tens of millions of dollars’ worth of intensive

therapy that actually involved just moving people to different locations.

Some of them had dementia so severe that they couldn’t even

communicate.

In Los Angeles, prosecutors say, one doctor collected $23 million for

more than 1,000 power wheelchairs and other equipment his patients

didn’t need — which he often didn’t even provide.

And in Michigan, another physician allegedly prescribed unnecessary

narcotic painkillers in return for the use of his patients’ IDs to generate

additional false billings. When they tried to escape the scheme,

authorities say, he threatened to cut off the medications, to which his

patients were addicted.

It turns out that the government was checking on these and other

doctors, nurses and providers of psychotherapy, home care, drugs,

physical therapy and medical equipment. In the single largest

crackdown in an eight-year campaign against health-care fraud, the

Justice Department charged 243 people Thursday with $712 million in

false billings to Medicare — the medical insurance program for the

elderly — and Medicaid, which serves the poor.

Health Care EnforcementHealth Care Industry Top Ten Issues for 2016

1. Increase in False Claims Act cases related to Stark & Anti-Kickback provisions

2. Individual accountability for healthcare fraud violations

3. Enforcement of Final 60 Day Rule for Reporting and Refunding Overpayments

4. New regulations revising fraud and abuse laws

5. Increased civil monetary penalty enforcement

Health Care Enforcement

6. Aligning alternate payment models with Stark & Anti-Kickback provisions

7. Pharmacy Fraud

8. Statistical Sampling to support False Claims Act cases

9. Medicare payment and audits of providers

10. Kickbacks from pharmaceutical manufacturers

• Violations of Health Insurance Portability and Accountability Act (HIPAA)

• Anti-Kickback Statute 42 U.S.C. § 1320a-7b

– Compensation arrangements for the referral of patients

• False Claims Act 31 U.S.C. § 3729

– Civil monetary penalties for submission of false claims and potential exclusion from federal healthcare programs

• Stark Law 42 U.S.C. § 1395nn

– Referral of patients to entities owned by physician or physician has compensation arrangement

• Healthcare Fraud 18 U.S.C. § 1347

– Schemes to defraud healthcare benefit programs

Regulatory Landscape

• HIPAA, enacted on August 21, 1996 established national standards for the protection of health information

Health Insurance Portability & Accountability Act (“HIPAA”)

• Privacy Rule Standards

– Standards address the use and disclosure of individuals health information “protected health information” or PHI

• Security Rule standards

– Provides structure for covered entity to develop and implement policies and procedures to safeguard electronic health information

• Breach Notification Rule

– Requires covered entities and business associates to provide notification following a breach of unsecured protected health information

• Audit Program

– HHS Office of Civil Rights (“OCR”) conducts periodic audits of covered entity and business associate compliance with HIPAA Privacy, Security and Breach Notification Rules

Components of HIPAA

• Applies to health plans, health care clearinghouses and any provider who transmits health information in electronic form and business associates

• Covers protected health information which is

– An individual’s past, present or future physical or mental health or condition

– Health care services provided to an individual

– The past, present, or future payment for health care services to and individual

• Disclosure permitted only

– As provided under Privacy Rule

– Authorization in writing by individual who is the subject of the information

Privacy Rule

• Permitted disclosures (without authorization from individual)

– To the individual who is the subject of the information

– Treatment, payment and health care operations

– Use and disclosure with Opportunity to Agree or Object

– Incident to an otherwise permitted use or disclosure

– Public Interest and benefit activities

• Required by Law, health oversight activities, Law enforcement

– Limited data set for research,

public health or health care operations

Privacy Rule

• Uses and Disclosures not listed in Privacy Rule

– Must obtain individuals written authorization

• Disclosure to life insurance for coverage purposes

• Potential employer of pre-employment physical

• Pharmaceutical firm for marketing purposes

• De-Identified Health Information

– Health information that neither identifies nor provides basis to identify an individual

– Two methods to De-Identify

• Formal determination by qualified statistician

• Removal of identifiers of the individual

– No restriction on use or disclosure

Privacy Rule

• Rule establishes national standards for the protection of health information that is held or transferred in electronic form

• Requires covered entities to maintain reasonable and appropriate administrative, physical and technical safeguards for protecting e-PHI

• Administrative safeguards

– Analyze potential risks to e-PHI

– Assignment or delegation of security responsibility

– Limit uses and disclosures to the minimum necessary

• Physical safeguards

– Mechanism to protect electronic systems and equipment

– Limit physical access to facilities while ensuring authorized access is allowed

Security Rule

• Technical safeguards

– Automated process used to protect data and control access to data

• All covered entities should have written policies and procedures to comply with Security Rule (maintain for 6 years after creation)

• Implementation Process

– Assess current security, risks, and gaps

– Develop an implementation plan

– Implement security measures and solutions

– Document decisions

– Reassess periodically and note changes to policies

Security Rule

• Implementation of Safeguards require covered establish policies to

– Ensure confidentiality, integrity, and availability of e-PHI they create, receive, maintain or transmit

– Identify and protect against reasonably anticipated threats to security or integrity of information

– Protect against reasonably anticipated, impermissible uses or disclosures

– Ensure workforce training and compliance

FAILURE TO ESTABLISH POLICIES AND PROCEDURES

Security Rule

Security Rule

• Requires covered entities and business associates to provide notification following a breach of unsecured protected health information

• Breach

– Impermissible use or disclosure that compromises security and privacy of PHI

– Impermissible use or disclosure of PHI is presumed to be a breach unless covered entity demonstrates low probability that PHI has been compromised

– Automated process used to protect data and control access to data

Breach Notification Rule

• Exceptions to definition of a Breach

– Unintentional acquisition, access of PHI by authorized person made in good faith

– Inadvertent disclosure of PHI by authorized person to another who is authorized to access information

– Covered entity has good faith belief that unauthorized person to whom disclosure was made would be unable to retain information


• What is unsecured PHI

– PHI that is not secured through the use of a technology or methodology approved by National Institute of Standards and Technology (“NIST”)


• How do you secure PHI?

– Encryption (must be updated regularly)

• Must be able to address data at rest and data in motion consistent with NIST Special Publications

– Guide to Storage Encryption Technologies for End User Services 800-111

– Guidelines for Selection and Use of Transport Layer Security Implementations 800-113

– Destruction of PHI in paper and electronic form

• Requires shredding or destruction such that PHI cannot be read or reconstructed (Discard properly)


• Notification

– To individual in writing within 60 days of discovery

– Phone call to individual if imminent misuse is suspected

– To HHS if breach affects more than 500 individuals and annually for all future breaches

– Posting on HHS Web site that identifies covered entity involved in breach of more than 500 individuals

CERTAINLY NOT SUGGESTED MARKETING STRATEGY

You can also De-identify information and protect PHI by removing

information such as date of birth, address, social security, name,

and family information


• Audits

– Office of Civil Rights (OCR) conduct audits as part of health information privacy and security compliance

– Phase 1

• Initiated in 2012, set audit protocols

• Randomly selected covered entity for audit

• All audits completed by December 2012

Audit Program

• Audits

– Phase 2 !!!!!!!!!!!!

• Announced January 2016

• Review of covered entities and (business associates) policies and procedures for privacy, security and breach notification policies

Business associates

need policies as well

Law firms

Financial managers

Audit Program

• What Basis will Auditees Be Selected?

– OCR will identify pools of covered entities and business associates that represent providers, health plans, clearinghouses, business associates (Every group is fair game)

• Selection Process

– Pre-screening questionnaire sent to obtain data about size, type and operations of entity (Should include this information in policies and procedures)

– Address verification

– Pre-screening documents

• How will audit be conducted

– Initially desk audit of covered entity,

– Second round desk audit of business associate of covered entity

– Third round onsite visit

– Phase 1

Audit Program

• Violation of HIPAA

– Disclosure of Protected Health Information (“PHI”), Criminal Enforcement 42 U.S.C §1320(d) 10yrs in prison $250,000

• Theft by employee

• Unauthorized access and disclosure for personal gain or wrongful motive

– Failure to Safeguard PHI 45 CFR Part 160 and Subpart A and E. Imposition of civil monetary penalties

• Hacking

• Stolen equipment

• PHI maintained in equipment that was sold

Enforcement

• Highlights (As of March 31, 2016)

– 24,477 cases investigated and resolved requiring changes in privacy practices and corrective actions

– 33 cases resulting in civil monetary penalty of $33,689,200

– May 3, 2011, CMP of $3 million imposed on Cignet Health of Prince George’s County Maryland for 41 separate violations

– February 17, 2015, former employee of East Texas Hospital sentenced to 18 months in prison for wrongful disclosure of PHI

– September 2, 2015, CMP of $750,ooo imposed on Cancer Care Group for security rule violations. Laptop stolen from employee’s care was not encrypted

Enforcement

• Top Compliance Issues

– Impermissible uses and disclosures of PHI

– Lack of safeguards of PHI

– Lack of patient access to their protected PHI

– Use or disclosure of more than the minimum necessary PHI

– Lack of administrative safeguards

• Covered entities that have frequently been required to take corrective action

– Private Practices

– General Hospitals

– Outpatient Facilities

Enforcement

– Must ensure that PHI is protected through encryption and only persons involved in providing care has access

– Failure to produce requested health records within timely fashion which is within 30 days of request and not less than 60 days from receipt of request

• Minimum fine under HIPAA is $100 per violation, with calendar-year cap of $25,000 for identical violations. Max fine can be $50,000 for each violation with $1.5 million calendar-year cap

HIPAA

• Best Practices

– Conduct an assessment of potential risk and vulnerabilities to the confidential, integrity and availability of e-PHI

– Implement Policies and Procedures that govern receipt and removal hardware and electronic media that contain e-PHI into and out of facilities

– Encrypt files, Encrypt files, Encrypt files

HIPAA

Anti-Kickback Statute

• Anti-Kickback Statute 42 U.S.C. § 1320a-7b

– Prohibits payments, directly or indirectly, overtly or covertly, in cash or in kind to induce the referral of a person for the furnishing or arranging for the furnishing of any item or service for which payment is made by a federal health care benefit program

– Cannot solicit or receive

– Cannot offer or pay

– Punishment 5yrs, $25,000


• Physician Owned Practices

• Laboratory Facilities

• Home Health Agencies

• Durable Medical Equipment Co.

• Adult Day Care Facilities

• Partial Hospitalization Program for Mental Health

• Physical Therapy Clinic

• Pharmacy

– Payment of individuals who are involving in marketing and payment takes into account value or volume of referral SIGNIFICANT RISK OF CIVIL AND CRIMINAL SANCTIONS


• Compensation arrangements between facilities and physicians to serve as medical director

– Must meet safe harbor provisions

– Payment amount must be commercially reasonable and set in advance ($10,000 a month for 10 hours of work)

– Services must be commensurate with skill, background experience of provider and of value to the facility

• Podiatrist performing orthopedic procedures

• Psychologist reading toxicology report

• Family practice physician managing pain management clinic

– If physician refers patients to facility, must ensure that referrals are not tied to or connected in any way with compensation (Just don’t do it)


• Referral fees paid to

– Marketers or sales reps that take into account volume or value of referrals such as “per” test, claims or medical service. Viewed as a clear inducement to over utilize health care services

– Independent Diagnostic Testing Facilities by Physicians for specimen processing

– Management Services Organizations (MSOs) agreements where member physicians refer patients to each other. Even though federal health care benefit program is not directly implicated, can still indirectly result in violation

• HHS-OIG, Office of Counsel to the Inspector General(New)

– Pursues smaller cases against physicians in administrative proceedings

– Often uses threat of exclusion to extract settlement

FALSE CLAIMS ACT

• False Claims Act 31 U.S.C. § 3729-3732

– Any person who

• Knowingly presents, or causes to be presented, a false or fraudulent claim for payment or approval

• Knowingly makes, uses or causes to be made or used, a false record or statement material to a false or fraudulent claim

• Conspires to defraud the government by committing a violation of the FCA

• Liable to Government for civil penalty of not less than $5,500 and not more than $11,000 per claim, plus three times the amount of damages sustained by Government

• Qui Tam- Suit brought by individual regarding fraud and abuse

– 13 U.S.C. § 3730 (b)(1)

False Claims Act

• HOW DOES THIS AFFECT YOUR ORGANIZATION?

• Employee becomes disgruntled and tells government officials that entity is doing something wrong

– Billing for patients visits w/out seeing patients

– Upcoding the level of services being provided

– Paying referral fees

– Referring patients for services to facilities you have a financial interest (designated health services, not professional services)

– Billing for unnecessary ancillary services

• RESULT – UNDER INVESTIGATION FOR VIOLATION OF FALSE CLAIMS ACT, PAYMENT OF DAMAGES AND POSSIBLE EXCLUSION FROM PARTICIPATION IN FEDERAL HEALTHCARE PROGRAM

CMS 60 Day Rule Reporting and Refunding Overpayments

• February 11, 2016 CMS published Rule regarding Medicare providers obligation to report and return overpayments arising under Parts A & B

• Requires providers to report and return within the latter of

– 60 days after overpayment is identified or

– Date any corresponding cost report is due

• Overpayment is defined as any funds a person receives or retains to which the person after “applicable reconciliation” is not entitled

– Applies to claim related overpayments

– Cost report errors

– Payments as a result of improper referrals that violate Stark & AKS (WOW)!!!!!!!!


• Any payment impermissibly retained can be considered an obligation under FCA

• A related provision under ACA subjects providers who fail to comply with potential Medicare and Medicaid program exclusion and civil monetary penalties (CMP)(New)

• Reasonable Diligence Standard

– Provider knows overpayment exists or

– Acts in reckless disregard or deliberate ignorance of overpayment

• Must undertake investigation to determine overpayment after receiving “credible information” of possible existence

What a new nightmare this will be to deal with


• Six-Year Lookback Period

– Overpayments must be reported and returned within six years of the date the overpayment was received

• Process for Reporting Overpayment

– Continue use of OIG Self-Disclosure Protocol

– Must indicate how overpayment was identified and calculated

• Confusion!!!!

– If after investigation, provider determines no overpayment, but later regulatory officials discover and seek actions under FCA, and ACA for CMP

– Revision of entities compliance plan is also needed to include policies to comply with new rule

Pharmacy Fraud

• November 2015 Novartis Pharmaceuticals, maker of Excedrin, Ritalin agrees to pay $370 million for providing kickbacks to pharmacies to promote drugs to patients

• April 27, 2016 Pfizer Inc. agrees to pay $784.6 million to resolve allegations that Wyeth, which it acquired in 2009, underpaid drug rebates to Medicaid, the federal health insurance program

STARK LAW

• Stark Law 42 U.S.C. 1395nn

• Prohibits physician or family member of physician to make a referral to an entity he/she has a financial relationship

– for the furnishing of designated health services paid for by a federal healthcare program

– the entity to which the referral was made cannot submit claim to federal healthcare program

• Financial relationship means

– Ownership or investment in facility (lot of exceptions to this)

– Compensation arrangement with facility (Exceptions)

STARK LAW• What is not considered compensation (MUST COMPLY WITH

PROVISIONS)

– Rental of office space; rental of equipment

– Bona fide employment relationship (Valuable Services)

– Personal services arrangements

• Set out in writing , signed by parties and covers services of the arrangement

• Covers all services to be provided

• Total services contracted do not exceed those that are reasonable and necessary for legitimate business

• Term for at least one year

• Compensation is at fair market value

• does not take into account value or volume of referrals

• Does not involve promotion of business

Medical Directorship

• HHS-OIG issued a Fraud Alert regarding Physician Compensation Arrangements issued June 9, 2015

– Physicians who enter into compensation arrangement such as medical directorships must ensure that they reflect fair market value for bona fide services the physician actually provides. Although many arrangements are legitimate, an arrangement may violate the anti-kickback statute if even one purpose is to compensate for past or future referrals of federal health care program business

– Alert mentioned Fairmont Diagnostic Center in Houston, Texas

– 12 individual physicians who had what they called questionable medical directorship arrangement paid settlements from $50,00 to $195,000

Medical Directorship

• One Step Diagnostic Diagnostic, Inc.

– Owners paid physician to be Medicare Directors of various facility locations around Houston

• Some did not have written agreements

• Some of the physician were Podiatrist

• Some were paid cash

• Physicians referred their patients

ALTHOUGH ONE STEP SETTLED GOVERNMENT IS GOING AFTER INDIVIDUAL PHYSICIANS SEEKING SETTLEMENTS

HEALTHCARE FRAUD

• Healthcare Fraud 18 U.S.C. § 1347 10yrs, $250,000, 20yrs, $250,000 if serious bodily injury results

• Whoever knowingly and willfully executes a scheme to defraud a healthcare benefit program or obtain money from the program through means of false or fraudulent, representations, promises

• States that with respect to violations, a person need not have actual knowledge of this statute or specific intent to commit a violation.

• Schemes

– Billing for services not provided

• Not in office for date of claim

• Services performed by staff but billed as physician service

• Giving medications to patients billing as office visit

• Does not possess equipment to perform test

• Billing for multiple procedures when only one procedure

HEALTHCARE FRAUD

– Billing for excessive and unnecessary test, services items (DME arthritis kits)

• Bone density test for men

• Multiple eye exams

• Numerous examinations for vertigo

• Unnecessary test associated with pain management, weight loss, varicose veins

• Unnecessary dental services not supported in medical record

– Upcoding services provided

• billed for physical therapy but actually performed messages

• Intensive E/M when simple 10 minute exam actually performed

HEALTHCARE FRAUD

• Payment of kickbacks

– Referral of patients to partial hospital program for mental health

– Referral of patients to DME ,physical therapy clinic

– Home health agency

– Referral to Pharmacy for unnecessary compounded drugs

• Providing drugs for nonmedical purpose

– Pharmacy scheme (Promethazine with codeine)

• Selling patient information that is used to bill for healthcare services

– Employee of doctor sold health information about federal agent

Why Focus on Health Care Fraud

• Identifying and Recovering Improper Payments. In 2013, CMS reported that Medicaid's improper payment rate was 5.8%. The projected federal share of the $24.9 billion improper payments was $14.4 billion; almost 97 percent of these improper payments were overpayments.

Filed Cases 1997-2008 Nationally

Chart 1: Criminal Health Care Fraud Cases Filed, FYs 1997-2008

282

332

371

457445

361 362

395382

355

434

502

0

50

100

150

200

250

300

350

400

450

500

550

1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008

3

5

22

7

16

7

23

15

7

17

25

0

5

10

15

20

25

30

1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008

Health Care Fraud - Defendants in Cases Filed Fiscal Years 1998-2008,

Cases Filed/Defendants Charged• 2009 - 481 cases filed, 803 defendants charged, 583 convicted,

$1.6 billion collected

• 2010 - 488 cases filed, 931 defendants charged, 726 convicted,


• 2011 - 550 cases filed, 1,430 defendants charged, 743 convicted,

$4 billion collected


$3 billion collected



• 2014 - 496 cases filed, 805 defendants charged,734 convicted,


• 2015 - 925 cases filed, $3.35 billion collected

Cases Filed/Defendants Charged

• Do not have figure on number of physicians charged

• However, physicians hold the key to Medicare and Medicaid trust fund

• Physician services are large portion of claims filed

• Without physician participation, fraud could not occur in many instances

Affordable Care Act

• The Affordable Care Act signed March 23, 2010

• HCF prosecutions – Clarification that Specific Knowledge of, or Intent to Violate Health Care Fraud and Anti-Kickback Statute is notrequired

– Makes prosecutors job easier “do not have to prove defendant had actual knowledge of the specific statute in issue or the specific intent to violate the statute”

New Tools

• Expands “federal health care fraud offense” to include violations

– Anti-Kickback statute (42 USC 1320a-7b)

– Attempt or Conspiracy (18 USC 1349)

– Food, Drug & Cosmetic Act (21 USC 331)

– ERISA plans (29 USC 1131)

New Tools

• Violation of Ant-Kickback statute now forms basis for false claim under civil False Claims Act statute

• Suspension of payments to providers if agencies receive credible allegations of fraud, meaning an allegation that has an indicia of reliability

Individual Accountability

• On September 9, 2015 Deputy Attorney General Sally Yates issued a memo encouraging prosecutors to pursue individuals as opposed to virile corporations in civil and criminal actions

• Six key steps were identified in pursuing individuals

– corporations will be eligible for cooperation credit only if they provide DOJ with "all relevant facts" relating to all individuals responsible for misconduct, regardless of the level of seniority

– Both criminal and civil DOJ investigations should focus on investigating individuals from the inception of the investigation

– Criminal and civil DOJ attorneys should conduct parallel proceedings

– absent extraordinary circumstances, DOJ should not agree to a corporate resolution that provides immunity to potentially culpable individuals

Individual Accountability

• Key steps cont’d

– Have a clear plan to resolve open investigations of individuals when the case against the corporation is resolved

– Civil attorneys should focus on individuals as well, taking into account issues such as accountability and deterrence in addition to the ability to pay

Investigative Agencies

• Investigative Agencies

– Federal Bureau of Investigation (FBI)

– Health and Human Services, Office of Inspector General (HHS-OIG)

– Medicaid Fraud Control Unit, Office of Attorney General for the State of Texas (MFCU)

– Food and Drug Administration (FDA)

– Drug Enforcement Administration (DEA)

– Internal Revenue Service (IRS)

– Immigration and Customs Enforcement (ICE)

HHS-OIG Work Plan 2016

• November 4, 2015, HHS-OIG published work plan, enforcement priorities for 2016

• FDA

– Oversight of postmarketing studies of approved drugs

– Assess FDA’s designation and inspection of high-risk food facilities

– Review of information exchange in the drug supply chain as required by section 202 of the Drug Supply Chain Security Act.

– Monitor domestic and imported food recalls

– Controls over networked medical devices at hospitals

– Tobacco establishment compliance with the Family Smoking

– Prevention and Tobacco Control Act


• Medicaid

– Dental services for children—inappropriate billing

– Medicaid beneficiary transfers from group homes and nursing facilities to hospital emergency rooms

– State and CMS oversight of provider ownership information

– Provider payment suspensions during pending investigations of

– credible fraud allegations

• Major Health Care Fraud Schemes OIG Investigations

– controlled and non-controlled prescription drugs

– home health agencies

– personal care homes and community based services

– ambulance transportation


• Major Health Care Fraud Schemes cont’d

– durable medical equipment; and

– diagnostic radiology and laboratory testing.

• Hospitals

– Reconciliations of outlier payments, cost associated with defective medical devices, inpatient admission criteria, quality of care

• Nursing Homes

– Questionable billing patterns

• Criminal

– Durable Medical Equipment Companies (DME)

• Motorized Wheelchairs

• Arthritic Kits

– Pain Management Clinics

• Prescription Drugs

– Independent Diagnostic Testing Facilities (MRI claims)

Enforcement Priorities

ENFORCEMENT PRIORITIES

• Incentive Payments for Electronic Health Records (EHR) Medicaid

– CMS encouraged providers to convert and utilize EHR systems for maintaining medical record information

– Provided Incentive Payments if Meaningful Use of certified EHRcould be established outlined in 42 CFR 495.6

– Prior to receiving payment documentation must be submitted and certified

– Recent audits by state contract auditor employs different standard for review and request for overpayments are being made by State regulatory agencies

NEW ENFORCEMENT ACTION

ENFORCEMENT PRIORITIES

• Chiropractic services

– Whether claims submitted for noncovered services

– Billing for inappropriate chiropractic services

• Diagnostic radiology

– Medical necessity of high cost test

• Physicians

– Place of service coding errors

– In network agreements with payer, but utilizes management company to submit out of network claims

• Lawsuits filed by payer claiming fraud

Enforcement Priorities

– Physicians associated with

• Pain Management Clinics

• Durable Medical Equipment Clinics

• Home Health Agencies

• Physical Therapy Clinics

• Facilities that provide mental health services

• Compounding pharmacies

• Diagnostic Testing facilities

– Unauthorized Disclosure of Protected Health Information

Recurring Issues

• Improper payments (kickbacks)

• Physician receiving payment although no service is performed

• Physician allowing license to be used to commit fraud

• Referral of patients to facility which provider has financial interest

• Physician billing for service performed by staff

• Provider billing for service but does not have requisite equipment to perform service

• Provider serving as medical director but provides little oversight

• Theft or unauthorized disclosure of protected health information

• Compounding pharmacies dispensing same drug to the public

• Violation of third party payor rule (Always billing Medicare first)

COMPLIANCE PLAN

Seven Fundamental Elements of an Effective Compliance Plane

1. Implementing written policies, procedures and standards of conduct

2. Designating a compliance officer and compliance committee

3. Conducting effective training and education

4. Developing effective lines of communication

5. Conducting internal monitoring and auditing

6. Enforcement of Standards

7. Responding promptly to detected offenses and taking corrective action

COMPLIANCE PLAN

1. Make compliance plans

a priority

2. Know your fraud and abuse risk areas

COMPLIANCE PLAN

3. Manage your

financial relationships

4. Just because another provider is doing something doesn’t mean you can or should

COMPLIANCE PLAN

5. When in doubt, seek help

THANK YOU

Samuel J. Louis

Partner

Strasburger & Price, LLP

909 Fannin Street

Houston, TX 77010

(713) 951-5600

NAVIGATING HEALTHCARE COMPLIANCE · –Office of Civil Rights (OCR) conduct audits as part of...

Documents

Transcript of NAVIGATING HEALTHCARE COMPLIANCE · –Office of Civil Rights (OCR) conduct audits as part of...