HCCA’s New Board Members

Volume SevenNumber Three

March 2005Published Monthly

INSIDELeadership letterOn the CalendarEffectivenessCompliance on a shoe-stringJoint venturesAuditing & monitoringHCCA’s new boardmembersCEO’s letterCompliance afterBookerHIPAA challenge #3Research billing HCCA/AHIA CFG

2346

81214

1820

232628

INSIDE

HCCA’s New Board Members

2March 2005

Health Care Compliance Association • 888-580-8373 • www.hcca-info.org

Dear Colleagues:

A frequent criticism of compliance programs (and not infre-

quently compliance officers) is that such programs are

focused only on complying with the law and do little to

teach people how to behave when the law may not be clear.

Unfortunately, particularly in health care, this criticism is

probably accurate. Some of you would argue that the criti-

cism is unfounded. Many would concede the point but

blame it on the more than 100,000 pages of complex, con-

fusing and counter-intuitive laws, regulations and instructions

that plague those of us who participate in the health care

system. Others have argued that ethics is such a nebulous

topic that it is difficult to teach—particularly in an environ-

ment where you frequently feel compelled to cram large

amounts of information into education sessions that are typi-

cally much shorter than we need. Whatever the reason for

giving ethics short shrift in the past, changes to the Federal

Sentencing Guidelines, Sarbanes-Oxley, audit standards and

community expectations are going to compel each of us to

ask whether our compliance programs include the appropri-

ate ethical component.

While you will need to perform your own evaluation, I

recently was given an article that makes a reasonably com-

pelling case for a strong ethical component in a compliance

program. Interestingly, the argument had little to do with

virtue for virtue's sake and much to do with building the

case that there is a strong tie between an organization's ethi-

cal culture and its perform-

ance in a number of areas

important to the success of

virtually every business.

The article, titled "Measuring

Ethical Climate Risk," appeared in the

December 2004 issue of Internal

Auditor and was written by Colleen G. Waring who is the

Deputy City Auditor for the city of Austin, Texas. In the arti-

cle, Ms. Waring describes how the city of Austin found a

strong correlation between the ethical climate in various city

departments and the number of damage claims against the

city attributable to department personnel, the number of

complaints by the public, the volume of work related

injuries, and the use of sick leave. The study found that

weak ethical indicators were strongly associated with above

average experience in each of the areas noted above.

Equally interesting was the relative simplicity with which the

city measured the ethical climate. The measurement consist-

ed of relatively simple questions asking about an employee's

awareness of illegal acts or ethical violations in a six month

period or the employee's perception of whether her/his

supervisor "set a good example by following the laws and

policies that apply to their jobs."

I found the article both interesting and helpful. It makes a

strong case for an ethics component and at the same time

lays out a relatively simple approach for measuring that cli-

mate. Obviously, the ability to measure the climate then

gives us the ability to test strategies for improving the climate

or to incorporate the measurement into our performance

evaluation process.

Thank you Ms. Waring!

HCCA exists to champion ethicalpractice and compliance standardsand to provide the necessary

resources for ethics and compliance professionals and otherswho share these principles.

HCCA • 5780 LINCOLN DRIVE, SUITE 120 • MINNEAPOLIS, MN 55436

HCCA’SMISSION

DANIEL ROACHHCCA 2nd Vice PresidentEthics vs. Compliance

HCCA election results are inThe ballots have been counted and the election results are in.

Re-elected to the HCCA Board of Directors:

■ Rory Jaffe, MD, MBA, CHC

Chief Compliance Officer

UC Davis Health System

Sacramento, CA

■ Sheryl Vacca, CHC

Director, Health Care Regulatory Practice

Deloitte LLP

Newport Beach, CA

Newly elected to the HCCA Board of Directors:

■ Anne Doyle

Compliance and Privacy Officer

Tufts Health Plan

Waltham, MA

■ Cheryl Wagonhurst


Tenet Healthcare Corporation, Headquarters Office

Santa Barbara, CA

Newly Appointed members of the HCCA Board of Directors:

■ Cynthia Boyd, M.D., FACP, MBA,


Rush University Medical Center

Chicago, IL

■ Frank Sheeder,

Partner,

Brown McCarroll, LLP,

Dallas, TX

The HCCA 2005 Officers will be elected at the April Board of

Directors meeting and announced at the Membership Luncheon -

during the Compliance Institute on April 18, 2005 in New Orleans.

Thank you all for your participation!

3March 2005

HCCA • 888-580-8373 • www.hcca-info.org

R E S O U R C E S

T H E C A L E N D A RONON

HCCAHCCA

2005 CONFERENCES:(See page 5 for upcoming audioconferences)

ANCHORAGE, AK■ Alaska Area Meeting

July 21-22

SCOTTSDALE, AZ■ Compliance Academy

June13-16

LOS ANGELES, CA■ West Coast Meeting

July 8

SAN FRANCISCO, CA■ Advanced Academy

June 20-23

DENVER, CO■ Mountain Area Meeting

August 26

MIAMI, FL■ South Atlantic Meeting

March 11

CHICAGO, IL■ Corporate Responsibility

SymposiumSeptember 12-14

■ North Central MeetingOctober 7

NEW ORLEANS, LA■ Compliance Institute

April 17-20

BOSTON, MA■ New England Area Meeting

September 9

DETROIT, MI■ Upper North Central Meeting

June 10

MINNEAPOLIS, MN■ Upper Midwest Meeging

September 16

KANSAS CITY, MO■ Midwest Area Meeting

August 5

LAS VEGAS, NV■ Research Conference

June 5-7■ Desert Southwest Meeting

November 4

CHARLOTTE, NC■ Mid-Atlantic Meeting

May 20

PHILADELPHIA, PA■ Mid Atlantic Meeting

September 30

SEATTLE, WA■ Pacific Northwest Meeting

June 3

For more information aboutevents or resources, check out

the HCCA Website,http://www.hcca-info.org or call

888/580-8373.■ The HIPAA Security Rule■ The Health Care Compliance

Professional’s Manual■ Monitoring & Auditing

Practices for EffectiveCompliance

■ Compliance 101■ HCCA’s Guide to Resident

Compliance Training

■ Compliance, Conscience,and Conduct™, a video-basedtraining program

■ Privacy Matters A video-based HIPAATraining Program

■ Corporate Compliance &Ethics: Guidance forEngaging Your BoardVolume 1: The Board’sPerspective ■

NEWSFLASHNEWSFLASH

4March 2005


Editor's note: Shawn Y. DeGroot,

CHC, is the Vice President of

Corporate Compliance for Rapid City

Regional Hospital located in Rapid

City, South Dakota. She may be

reached at 605/719-8761.

fter a few years of articles and

programs on effectiveness,

some professionals may tire

of yet another article; however, similar

to the craze of reality shows, effective-

ness continues to be at the compliance

forefront. It doesn't take a rocket scien-

tist to determine effectiveness and I

firmly believe that while State and

Federal regulations, coding rules, and

fiscal intermediary opinions/advice are

confusing and complex, the approach

to attaining an effective compliance pro-

gram does not need to be difficult.

As Forrest Gump would say, "stupid is

as stupid does." A "simple" approach is

often the most understandable and if it

is understandable, there is no reason for

lack of implementation and action.

Understanding, implementation and

action, therein lies a simplistic approach

to effectiveness. The tools to prepare

for an effectiveness review are available

on numerous websites. Specifically, the

OIG [U.S. Department of Health and

Human Services Office of Inspector

General] has really provided excellent

guidance to initiate the process with

documents such as their Work Plan,

which addresses many aspects of health

care, the Compliance Guidance for

Hospitals, Advisory Opinions, the OIG

Orange Book and Red Book. One can

ultimately extract very pertinent infor-

mation based on the Corporate Integrity

Agreements (CIA). The CIA's can be

used as a roadmap or a template for

any organization as to what you should

be doing before they knock at your

door. The recently published Federal

Sentencing Guidelines are yet another

tool to use in the process.

What are the simple steps? First, determine whether your organiza-

tion prefers to perform a self-assessment

or hire a consultant. Regardless, I would

recommend an external review of your

compliance program from an expert

every two to three years.

Second, assign staff to review the perti-

nent documents mentioned above to

develop a work plan.

Third, this work plan is your guide for

development of risk assessments. The

risk assessments should cross reference

the documents utilized to develop the

tools and you will soon see the pattern

of repetition on areas of focus by the

OIG. While the list may be long, the

OIG is not secretive about the focus

areas for compliance in health care.

For instance, Cardiac Rehab is listed in

the 2005 OIG Work Plan. Follow-up

by listing the elements that would

demonstrate appropriate implementa-

tion, (e.g. contracts, policies) for areas

of potential noncompliance.

Completing the risk assessment tool is

the next step in the review process and

is crucial to the success of effectiveness.

Interviews could be conducted, the

assessment form could be distributed,

or anonymous survey tools could be

used. You would need to determine

what is best for your organization based

on culture. For example, if your pro-

gram is seasoned and Cardiac Rehab is

an area you have previously/recently

assessed, you may be able to limit the

depth of the assessment; however if

you have never assessed the program

area, I would recommend interviews

with the senior manager and then an

assessment at the lower level of man-

agement or staff level. Validate the ver-

bal responses with the pertinent docu-

mentation, e.g. contract, policies, etc.

The results or outcome should be paral-

lel; if not, a flaw may exist with the

"effectiveness" of a policy, communica-

tion on a procedure, a systematic infra-

structure issue, or a behavioral issue.

Documented recommendations in a

Corrective Action Plan (CAP), potential

disciplinary action for willful or deliber-

ate ignorance to policy and/or the rec-

ommendations, targeted education

including a specified timeframe for the

completed corrective action, are all com-

ponents that directly relate to an effec-

tive compliance program. Equally impor-

tant, if the results of your assessment are

positive, the Federal Sentencing

Guidelines not only require disciplinary

action but require that the organization

provide incentives for ethical behavior

By Shawn Y. DeGroot, CHC

A

Continued on page 7

SH

AW

N Y

.DE

GR

OO

T

HCCA Audio ConferencesJoin us for the following

HCCA Audio Conferences are a fast and easy way to aquire HCCB CEUs!

Get the latest “how to” information–tools you can implement–without even leaving your office! Register on theHCCA Website–www.hcca-info.org. You will receive an email afew days before the conference with any conference handouts,and dial-in information and instructions.

➤ ➤ Staff Buy In (1.2 HCCB CEUs) Speakers: Julene Brown and Dr. Cynthia BoydMarch 24

➤ ➤ Stark II Phase II (2.4 HCCB CEUs) Speaker: Gadi WeinreichMarch 22 and 23

➤ ➤ Auditing and Monitoring Two Aspects of the OIG Work Plan (1.2 HCCB CEUs) Speakers: Randall Brown and Cedrial ThomasMarch 17

➤ ➤ Sarbanes Oxley (2.4 HCCB CEUs) Speakers: Kelly Saunders, Dion Sheidy and Mark AveryApril 27 and 29

➤ ➤ Auditing and Monitoring Two Aspects of the OIG Work Plan (1.2 HCCB CEUs) Speakers: Hala Helms and Bernard MimsApril 8

*Audio CDs are available for all past audio conferences.

Health Care Compliance Association • 888-580-8373 • www.hcca-info.org 5

Editor's note: Susan Coombes is

Director - Regulatory Compliance

and Joyce L. Lang is Director -

Management Audit Services for

Legacy Health System located in

Portland, Oregon. Susan Coombes

may be reached via email at

[email protected]. Joyce L. Lang may

be reached by phone at

503/415-5026.

et's start with the Federal

Sentencing Guidelines,

Conditions of Participation,

State Administrative Rules and Statutes,

JCAHO standards [Joint Commission on

Accreditation of Healthcare

Organizations], and the rules and regu-

lations of a minimum of 45 additional

regulatory and/or accreditation bodies

that define the complex environment of

health care providers today. And then

we'll stir in the National Patient Safety

movement; with a multitude of private

and governmental institutions continual-

ly mandating a variety of new patient

safety measures, benchmark procedures,

and reporting requirements. Finally we'll

cover the whole thing in several layers

of HIPAA, the ever-growing OIG Work

Plan, the threat of Public Report Cards,

terrorism response plans, Stark Rules,

fraud settlements in the multimillions,

Sarbanes Oxley, and shrinking public

health care funding sources. What we

have described here is the recipe for a

Compliance nightmare.

Legacy Health System is a community-

based health care system located in the

Pacific Northwest. Legacy is comprised

of two urban tertiary care hospitals fea-

turing a Pediatric Program, Level III

NICU, a Burn Center, a Level I Trauma

Center, a Comprehensive Cancer Center,

and a JCAHO Accredited Stroke

Program, as well as two full service sub-

urban community hospitals, a Home

Health Agency, Hospice and Infusion

Programs, an Assisted Living Facility,

and a full array of ambulatory care pri-

mary and specialty care clinics. Like

most health care organizations in the

United States, the challenges put forth

by the OIG in their 1996 recommended

Compliance Guidence, and through the

most recent updates to the Federal

Sentencing Guidance have besieged

those of us tasked with the work of

compliance.

As we began implementing Legacy's

Compliance Plan in 1997, our CFO,

while nervously reviewing the multi-

page "compliance issues" list we com-

piled to drive the work of our

Compliance Committee, gave us a for-

midable challenge. She stated, "Make

certain that someone with expertise has

reviewed our work processes and audit-

ed our compliance with each and every

one of these issues and every new issue

that arises in the future". This was a tall

order for a Compliance Department of

one. Limited resources forced us to find

a creative, cost-effective solution to this

conundrum.

We immediately identified the high risk

compliance services throughout Legacy,

based on the current focus of the OIG

[HHS Office of Inspector General] and

the Centers for Medicare and Medicaid

Services (i.e. cost reporting, medical

records, billing services, the Emergency

Department, contracted physician serv-

ices, etc.) and shared the following

mandates:

■ The Director of each service was

required to identify a person within

their Program who was most familiar

with their specific rules and regula-

tions and may be involved in process

auditing, regulatory surveys, etc. to

be the 'Compliance Coordinator' for

that department.

■ The Compliance Coordinators would

meet together monthly as the

Compliance Coordinators Committee,

the working group for the

Compliance Committee and a month-

ly Regulatory Mail group to address

billing directives.

■ The Coordinators would be responsi-

ble for the following activities:

• Annual investigation of OIG Work

Plan issues assigned to them, and

mitigation of risks identified

• Monthly review of their specialty

literature with identification of rel-

evant compliance concerns to be

added to the master list

• Ongoing monitoring of all high

risk processes within their special-

ty area

• Investigation and mitigation of all

newly identified concerns

The next step was to develop a Charter

for the committee members that clearly

identified their roles and responsibilities.

Both the coordinator and their Director

signed the Charter to evidence their on-

going commitment to the program.

6March 2005


by Susan Coombes and Joyce L. Lang

L

7March 2005


Since this initial work was done, the

group has grown exponentially as the

breadth of compliance issues continues

to grow. Now 25-members strong, and

supported by such ancillary departments

as the Legal Department, Management

Audit Services, and the Compliance

Department, this committee has become

the corporate resource that we had

visualized.

"How do you keep the Coordinators

motivated to take more work on to their

already full plates?" is the most common

question we receive. The answer is

easy; we have focused on providing the

Coordinators with the education, tools

and team support that a job like this

demands. From online regulatory

resource tools to monthly education by

experts, from development of invaluable

partnerships among the committee

members, to a demonstration of full

support from Senior Management, the

Coordinators feel valued and respected

for their unique competencies. Ongoing,

succinct and timely education through

respected resources such as HCCA

[Health Care Compliance Association]

provides them with the confidence that

they are focusing on the right issues

and have access to the best solutions.

We have perfected tools over the past

few years and provided opportunities

for the Coordinators to enhance their

skills. The tools that are used to organ-

ize the group and provide the checks

and balances needed to allow our lead-

ership to sleep nights include:

■ A Program Compliance Plan

template—All high-risk areas have

prepared their own compliance plan.

Every Coordinator has had the

opportunity to prepare and deliver a

presentation on their Plan to the

Coordinators and Compliance

Committee.

■ A risk assessment and control docu-

mentation tool that expands the

requirements of Sarbanes Oxley to

compliance. Coordinators are docu-

menting the compliance risks and

controls for there are and will pres-

ent summary information to the

Compliance Committee.

■ OIG and Compliance issues list for-

mats—The template facilitates the

Coordinators' capture of potential

risks from readings and other

sources, and the documentation of

analyses and actions.

■ Scripts for Regulatory Compliance ori-

entation for all new employees, man-

agers and employed physicians—

coordinators deliver the training.

We will continue to raise the bar for

Compliance Coordinators. The next

challenge we are setting before our

committee members is for everyone to

become Compliance certified (Certified

in Healthcare Compliance-CHC) through

HCCA.

In today's environment of growing regu-

latory mandates and shrinking

resources, there is no time to waste in

building your own effective Compliance

Program. Moreover, if you start by find-

ing the “rules-smart” people who

already work within your organization,

you're half way home. ■

and compliance.

The final component to an "effective"

program is to communicate the results to

the Compliance Committee and ELC

(Executive Leadership Council) or Board

of Trustees. An effective report to the

ELC or Board should identify the level of

risk (low, medium, high) risk areas based

on frequency, financial implications,

breach of contract, breach of Corporate

Integrity Agreement, as well as the

impact of negative public scrutiny.

Unfortunately, too often these reports

are purely negative in nature. As you

complete the assessments and reports,

make sure you include the positive out-

comes as well, specifically regarding

quality of care and revenue. The health

care industry is slowly beginning to rec-

ognize the positive impact of compli-

ance programs to the quality of care,

revenue, ethical culture and higher

employee morale, an intangible result

very difficult to measure.

As compliance officers, we must per-

form due diligence in actively seeking

out criminal behavior and intentional or

unintentional wrongdoing to be effec-

tive. However, in the infancy of compli-

ance we only reported risk areas and

problems, fearful of reporting any infor-

mation that enhanced revenue with vir-

tual silence on any other positive out-

come. A paradigm shift occurred a few

years ago and reporting the positive

impact of an effective compliance pro-

gram to the ELC or Board of Trustees is

a responsibility of our role. Simply stat-

ed, "it is what it is" and we have an

inherent duty to report the positive and

negative impact and consequences of an

effective compliance program. ■

Compliance effectiveness

...continued from page 4

8 Health Care Compliance Association • 888-580-8373 • www.hcca-info.org

Editor's note: John P. Krave, Esq. is a

partner at Davis Wright Tremaine

LLP in Los Angeles, California, and

specializes in transactional and reg-

ulatory health care law. He can be

reached by telephone at 213/633-

6873 or by email at

[email protected].

n December, 2004, the HHS

Office of Inspector General (OIG)

issued Advisory Opinion 04-17

(04-17) criticizing certain "contractual

joint ventures" that the government

believes to constitute disguised kick-

back arrangements involving providers

who receive indirect compensation from

lay management companies or suppliers

in exchange for a guaranteed referral

stream. Even if the parties' various con-

tracts that comprise the joint venture

qualify for Safe Harbors from prosecu-

tion under the federal Anti-Kickback

statute, the government believes that

the parties' referral-oriented objectives

for the overall arrangement may render

it illegal. Providers can, however, distill

from 04-17 and earlier guidance some

helpful business considerations and

contract terms that should persuade the

most skeptical investigator of the legali-

ty of the venture.

But as is typical of the government efforts

to discourage a particularly abusive form

of health care transaction, the issuance of

broad regulatory guidance casts suspicion

upon many legal, socially beneficial

arrangements. Joint ventures generally

serve a number of legitimate purposes

and often assist in aligning incentives,

enhancing patient access, and increasing

capacity. While market-place dynamics

are encouraging the development of a

wide array of ventures that benefit the

community, government regulators have

been less supportive of the trend.

Government scrutiny of joint ventures

over the past few years has resulted in

various cautionary messages to industry.

The limited safe harbor protection for

joint ventures under the Anti-kickback

statute, the prohibitions of the Stark Law

on physician ownership of certain types

of providers along with fraud alerts and

Advisory Opinions have established a

series of prohibitions and suggested

numerous risk factors associated with

contract joint ventures. Advisory

Opinion 04-17 continues this cautionary

tack. This guidance from the govern-

ment suggests that it would be prudent

for potential participants to carefully

consider the regulatory issues at the

onset of any joint venture negotiations.

Advisory Opinion 04-17Advisory Opinion 04-17 reiterates the

OIG's previous concerns about so called

"contractual joint ventures." The Opinion

analyzes a laboratory services venture in

which participating physician groups

refer patients while commonly controlled

suppliers provide "turnkey" management

and clinical services. The OIG reacted

negatively to the proposal, concluding

that the arrangement might violate the

Federal Anti-kickback law because it

enabled the physician groups to profit

from referrals to the new labs.

Although the OIG's conclusion is not

entirely surprising, the Opinion suggests

a disturbing limitation on the safe har-

bors under the Anti-kickback statute. The

OIG determined that the arrangement

under review (the Proposed

Arrangement) might be illegal even if its

component contracts reflected fair mar-

ket terms and otherwise satisfy the

requirements of the Anti-kickback regu-

latory safe harbors. Refusing to focus

solely on the terms of each constituent

contract, the government analyzed the

"totality" of the Proposed Arrangement,

and concluded it was "designed to per-

mit the [lay management company] to do

indirectly what it cannot do directly; that

is pay the Physician Groups a share of

profits from their laboratory referrals."

The party that requested the Opinion

(the Manager) was a company that

sought to provide pathology laboratory

services to physician groups specializing

in urology, dermatology, or gastroen-

terology (the "Physician Groups"). The

Manager would provide all services

required for each Physician Group to

operate its own pathology laboratory

(the Lab) at an off-site location. The

Physician Group, or the Manager on

behalf of the Physician Group, would

bill patients and public and private third-

party payors (including Medicare) for

pathology services furnished in the Lab.

The Manager, which was not itself a

Medicare or Medicaid provider, pro-

posed to provide its services through

affiliated entities (the Affiliated Entities),

which included a licensed, Medicare-

certified anatomic pathology laboratory

and a staffing company. A common par-

ent corporation jointly owned the

Manager and the Affiliated Companies.

The Manager and each Physician Group

were to enter into four contracts: (1) a

Management Agreement, which encom-

passed equipment leases and, if

requested, billing services; (2) a Sub-

Lease Agreement for space to be occu-

March 2005

By John P. Krave

I

pied by the Lab at a site removed from

the Physician Group's offices; (3) a

Technical Personnel Agreement; and (4)

a Pathology Services Agreement under

which the Manager would provide a

pathologist to render professional and

supervisory services on a part-time basis

as necessary to operate the Lab.

Notably, the terms of each of these

component contracts would qualify for

protection under established safe har-

bors to the federal anti-kickback law

(Social Security Act §1128B(b).)

Each Physician Group would compen-

sate the Manager in a flat monthly fee

(the Monthly Fee) intended to compen-

sate the Manager for the pathologist's

part-time services. The Physician Group

and Manager would determine the

amount of the Monthly Fee by reference

to historical utilization data. The

Physician Group would also pay a per-

specimen charge and a fee for any

billing and collection services rendered

by the Manager.

The Manager planned to establish up to

five independent Labs in a single build-

ing, with no shared use of space or

equipment. Each Physician Group

would lease its own space on a full-

time basis, and would make exclusive

use of the premises. The pathologists

and technical personnel would rotate

among the Labs, provide only services

on behalf of a single Physician Group at

a time, and use only that Group's space

and equipment for performance of serv-

ices on the Group's behalf.

The OIG analyzed the Proposed

Arrangement under the federal Anti-

kickback law, which prohibits the pay-

ment of remuneration to induce or

reward referrals of items or services

payable by a Federal health care pro-

gram, including Medicare or Medicaid.

The Opinion cites cases interpreting the

federal Anti-kickback law to prohibit

any arrangement where even one pur-

pose is to provide compensation for the

referral of goods or services to be paid

for by a federal program. The OIG also

made reference to its 2003 Special

Advisory Bulletin on contractual Joint

Ventures. The Special Advisory Bulletin

emphasized the risks of an arrangement

in which a health care provider con-

tracts with a manager/supplier (which

might otherwise be a potential competi-

tor) to establish a related line of busi-

ness and receives the profits resulting

from the provider's referral of Medicare

and Medicaid beneficiaries to the new

enterprise.

The Opinion indicates that the

Proposed Arrangement is akin to the

ventures the OIG criticized in the

Special Advisory Bulletin. In refusing to

protect the Proposed Arrangement, the

OIG cited several reasons:

■ The Manager and the Affiliated

Entities provide "turn key" services

under circumstances that suggest to

the OIG that they should be viewed

as a single entity. The entities are

commonly controlled and share a

single corporate purpose. As a result,

the Manager, though its affiliates,

would be in position to provide

pathology services in its own right in

competition with the contracting

Physician Groups, billing insurers

and patients in its own name and

retaining all reimbursement.

According to the OIG, the only credi-

ble business purpose for the involve-

ment of the Physician Groups in the

new lab ventures was the referral of

patients.

■ The Physician Groups would be

expanding into a related line of busi-

ness (i.e., pathology), but would be

contracting out substantially all of

their operations to Manager, a poten-

tial competitor for this business. In

the OIG's view, this meant that the

only significant role for the Physician

Groups would be to provide patient

referrals to the Manager.

■ As characterized by the government,

the Physician Groups were assuming

very little financial risk under the

arrangement. The Groups would

have control over the volume of

business they would send to the Lab.

They could, presumably, ensure that

they generated sufficient Lab busi-

ness to meet or exceed the Monthly

Fee. The "per specimen" and billing

fees also resulted in no financial risk

because they, too, were based on

actual utilization.

■ Each Physician Group would share

the economic benefit of its Lab with

the Manager.

Advisory Opinion 04-17 should provoke

a careful scrutiny of any planned or

ongoing arrangements between a

provider and an organization that facili-

tates the provider's entry into a new

line of business to which the provider

will refer patients. While caution is

advised, it is important to note that no

trial or appellate court has yet consid-

ered whether the OIG is correct in con-

cluding that the Proposed Arrangement

or a similar venture may be illegal

under the Federal Anti-kickback law.

Indeed, the Opinion has been criticized

as a clear circumvention of the protec-

9March 2005

Continued on page 9


10March 2005


tions afforded by the regulatory safe

harbors to the anti-kickback statute. If

each component of the Proposed

Arrangement fits within a safe harbor,

the mere presence of an underlying

profit motive should not nullify the pro-

tection afforded to those who have

structured their arrangements to meet

the safe harbor criteria. Should an

arrangement such t as that described in

the Opinion be challenged by the gov-

ernment, a defendant may be able to

successfully argue that because the

component contracts fall within estab-

lished safe harbors, the venture cannot

be deemed to violate the anti-kickback

statute. In addition, compliance with the

safe harbors demonstrates that the par-

ties did not "knowingly" violate the

Anti-kickback law as required by the

Court of Appeals decision in Hanlester

Networks v. Shalala.

Although there are strong legal argu-

ments to be made, challenging the

OIG's position is risky and the govern-

ment's leverage in any prosecution is

always enormous. For the time being,

parties should be aware that in the gov-

ernment's view a turn key management

agreement that provides for fair market

value payments for the services and

meets the other safe harbor criteria is

not necessarily legal, particularly if the

physicians have no significant opera-

tional role and their profits from the

venture are traceable to their referral of

federal patients.

Providers other than physiciansAlthough Advisory Opinion 04-17 inter-

prets a physician-oriented scenario, the

government's concerns regarding con-

tractual joint ventures apply with equal

force to other types of providers. The

OIG's special advisory bulletin issued in

April, 2003 discussed the regulatory

risks of these ventures in generic terms,

and applied identical legal principles to

"turnkey" management arrangements

regardless of whether the owner was a

physician, hospital or other healthcare-

related business. The bulletin analyzes

scenarios involving (i) a hospital that

expands into a durable medical equip-

ment business, (ii) a durable medical

equipment supplier that expands into

the nebulizer pharmacy business, and

(iii) a nephrologist who expands into a

home dialysis business. In each of these

cases, the provider is capable of refer-

ring, or at least indirectly steering

patients to, the provider's newly-

expanded business under terms that

raise the same regulatory risks that the

government addresses in Advisory

Opinion 04-17.

Responding to government concernsTo address the OIG's concerns, parties

contemplating ventures akin to that

described in the Advisory Opinion 04-17

should consider incorporating elements

of provider financial risk and multiple

referral sources into the arrangement.

More specifically, recommended compli-

ance measures include the following:

■ Establish Fixed Periodic Fee

Compensation for Manager. The

owner may wish to compensate the

manager according to a periodic

fixed fee (e.g., a monthly payment)

or other mechanism that cannot vary

according to referral volume. The

parties should set the fee after arm's

length negotiations, and the rate

should not vary during the term to

reflect referral volume or value. The

term of the arrangement should be

for a period of at least one year, dur-

ing which the fee should be fixed.

Later adjustments to the fee should

reflect increases in the consumer

price index or other objective factors

unrelated to the volume or value of

referrals. The parties should also con-

sider retention of an independent

appraiser to validate their judgment

that the manager's fee reflected fair

market value.

■ Increase Provider Financial Exposure.

The government often targets

arrangements in which it is difficult

or impossible for referring physicians

or providers to suffer financial losses.

Venture participants can strip away

this insulation by ensuring that the

provider, rather than the manager,

has financial responsibility for such

items as inventory, supplies, and

leased equipment. Parties can

reduce the fixed management fee

described above to reflect that the

provider now bears financial risk for

these items. The resulting arrange-

ment might make the manager

responsible only for the provision of

technical and professional personnel.

■ Expand Provider Decision-making.

The government disfavors arrange-

ments in which the physician or

other provider has limited control

over critical operational decisions,

such as the level of staffing and the

establishment of charges. The struc-

ture of these hollow arrangements

suggests that the lay manager is the

true "owner" of the business and that

the provider's primary role is to

ensure a stream of referrals. To over-

come this concern, the physician or

other provider should control deci-

sions that impact the quality of care

within the new business. Staffing lev-

els, the selection of clinical equip-

Contractual joint ventures ...continued from page 9

11March 2005


ment and supplies, and the introduc-

tion of new service lines are deci-

sions properly within the peculiar

expertise of a physician provider. As

an added benefit, restructuring

arrangements that involve a physician

participant may also avoid violations

of state laws that prohibit the corpo-

rate practice of medicine. The

involvement of multiple independent

managers for different aspects of the

enterprise may also be helpful, pro-

vided the resulting venture amounts

to something beyond a more cir-

cuitous version of arrangements criti-

cized by the government in 04-17

and other guidance.

■ Avoid Exclusivity Provisions. Contract

ventures should include express

terms which promote open access for

patients. Conversely, the government

is likely to express particular concern

about arrangements which prohibit

the manager from providing services

in its own right to a provider's

patients in a setting outside the ven-

ture.

■ Expand Marketing Efforts. The gov-

ernment may doubt the legality of

any arrangement in which either or

both participants engage in market-

ing efforts typical of health care busi-

nesses which face bona fide competi-

tion. The parties should engage in a

bona fide marketing campaign

designed to expand the venture's

patient base beyond the confines of

the provider's practice or business as

it existed as of commencement of the

venture. The provider should be

responsible the cost of the campaign,

and should not compensate the man-

ager on an incentive basis for the

success of its marketing efforts.

■ Ensure that the Venture Has a

Legitimate Business Purpose Other

than the Generation of Captive

Referrals. A well-defined and docu-

mented bona fide business purpose

independent of the generation of

referrals offers a valuable defense

against government scrutiny in all

contractual joint ventures, but espe-

cially where the arrangement appears

to generate guaranteed revenues by

"locking up" a captive referral stream

for the participating manager/suppli-

er. For example, a contractual joint

venture to provide outpatient dialysis

would more likely withstand govern-

ment scrutiny if the community

lacked alternative providers of such

services, and patient need would oth-

erwise remain unmet. It is critical,

however, to document these ratio-

nales while forming the venture

rather than as a less credible after-

thought.

■ Implement a Compliance Plan for the

Venture. It is axiomatic that all mod-

ern health care providers should inte-

grate corporate compliance policies

and protocols into their practices or

operations, and contractual joint ven-

tures are no exception. Unless other

considerations apply, the venture's

compliance structure should integrate

with that of the participating

provider.

Don't try this at homeWe note in closing that contractual joint

ventures tend to be complex in struc-

ture, and that the parties' true motiva-

tions for their involvement are often

divergent and even hidden from each

other. Parties also are notorious in their

lack objectivity in assessing their own

motivations for involvement and have a

flawed, self-serving perception of likely

government response to arrangements

that appear favorable for business rea-

sons. As a result, parties should exercise

extreme caution in all stages of plan-

ning and negotiating contractual joint

ventures, as well as in the documenta-

tion of these endeavors. Such prudence

is essential for fundamental business

reasons as well as for compliance con-

cerns. For these reasons, the use of

experienced, independent legal counsel

and consultants is often critical to a suc-

cessful outcome. ■

Two ComplianceAcademies

comming thisSpring!

Advanced AcademyJune 20-23, 2005

Hyatt at Fisherman’s Wharf

San Francisco, CA

Compliance AcademyJune 13-16, 2005

Hilton Scottsdale Resort & Villas

Scottsdale, AZ

Academy registration and the

Compliance Certification (CHC)

exam form can be found at

www.hcca-info.org

12March 2005


Editor's note: John A. Beattie is a

Principal with Parente Randolph.

He is also a Certified Public

Accountant (CPA) in Pennsylvania

and a Certified Fraud Examiner

(CFE). Jeffrey Miller is Associate

Corporate Counsel with Mercy

Health Systems. Mr. Beattie may be

reached at 717/540-4709. Mr. Miller

may be reached at 610/567-6812.

he United States Department

of Health and Human

Services, Office of Inspector

General (OIG) has reported over $762.5

million dollars in audit related savings

for fiscal year 2004, and $1.9 billion dol-

lars receivables due from investigations.

The False Claims statute remains the

OIG's tool of choice, however, an arse-

nal of equally potent tools are available.

They include laws relating to: conspira-

cy to defraud, false statements, mail

fraud, wire fraud, RICO and money

laundering. Key elements of the Civil

False Claims Act include knowingly pre-

sented or causing to present a false or

fraudulent claim for payment to Federal

programs.

"Knowingly" includes with a willful

blindness or a reckless disregard for the

truth or falsity of claims. If a provider

submits claims where it has an aware-

ness of the high probability of a materi-

al inaccuracy of the claims, it may have

violated the Civil False Claims Act. And

the level of proof is lower in civil ver-

sus criminal. In the former it is prepon-

derance of the evidence, on the latter

beyond a reasonable doubt. Liability for

Civil False Claims Act violations can be

treble damages, plus $5,500-11,000 per

false claim submitted. As a result, a

provider that submits as little as 100

false claims with a value of $5,000

could find its potential liability reaching

into the millions.

The OIG published its 2005 Work Plan

in the last quarter of 2004. This docu-

ment serves as a primary source for out-

lining areas the OIG believes warrant

closer scrutiny. The document continues

to demonstrate that the submission of

accurate claims to be the single biggest

risk area. Effective compliance programs

have in place a work plan development

process related to risk areas applicable

to their specific entity's needs. But,

being mindful of the OIG's Work Plan

within this context it prudent. Three

areas included in the 2005 Work Plan

are:

1. Aberrant DRG coding,

2. Incorrect use of the -25 modifier and

3. Rebates paid to hospitals.

The OIG's focus on aberrant DRG cod-

ing is, indeed, not new. The OIG antici-

pates it will determine whether some

acute care hospitals exhibit aberrant

coding patterns. Traditionally, the OIG

focuses on the examination of DRGs

that have a history of aberrant coding.

And, history being a dynamic process

means aberrant DRG codes change.

Current DRG codes that are or continue

to come under the microscope are

DRGs 014, 079, 296, 416 and 475.

Under the prospective payment system,

the DRGs for inpatient acute care

depend on accurate coding of diag-

noses and procedures. Inaccurate cod-

ing by hospitals can lead to Medicare

overpayments.

The incorrect use of the 25 modifier is

another area included on the current

OIG work plan. OIG anticipates it will

determine whether providers appropri-

ately used this modifier. In general, a

provider should not bill Evaluation and

Management (E & M) codes on the

same day as a procedure or other serv-

ice unless the E & M service is a signifi-

cant, separately identifiable service from

such procedure or service. A provider

reports such a circumstance by using

modifier -25.

The following is an example of the

proper use of the 25 modifier. A patient

returns for a follow up visit for his/her

sciatic pain. During the course of the

visit, the patient mentions to their physi-

cian that he/she is experiencing pain in

their left shoulder. The physician deter-

mines that an injection is needed. In

order for the physician to be reim-

bursed for both the E & M and shoulder

injection services, a 25 modifier must be

appended to the E&M service. Failure to

do so would result in most Medicare

carriers only paying for the drug inject-

ed and one service/procedure. Either

the injection or the E&M service would

be reimbursed, whichever is paid at the

lower rate. (Many commercial payers

will not separately pay for the injected

medication.) The OIG will determine

whether claims with a 25 modifier were

appropriately billed and reimbursed.

Determination of whether hospitals are

By John A. Beattie and Jeffrey Miller

T

Health Care Compliance Association • www.hcca-info.orgMarch 2005

13

properly identifying purchase credits as a

separate line item in their Medicare cost

report is another anticipated area of the

OIG's attention. Hospitals are required to

report rebates paid by vendors on their cost

reports. In the case of drugs, some of the rebates

can be substantial. Because critical access hospitals

are cost based reimbursed, there could be a reim-

bursement implications for these hospitals. Even

though the cost report is largely an informational

submission for most providers, it still must sub-

scribe to Medicare regulations regarding reporting

costs. Overstatement of costs on cost reports by

not offsetting rebates against applicable expenses

distorts the cost to reimbursement comparison and

Medicare rate setting computations.

These are just a few of the risk areas identified in

the OIG's 2005 Work Plan. The OIG's "follow the

money" philosophy has consistently proven an

effective audit and monitoring strategy.

Development of analytical and inspection process-

es and procedures to assess and monitor risk areas

is essential. Focusing your efforts on these three

areas is a prudent course of action. ■

CERTIF IED INHEALTHCARECOMPLIANCECHCCHC

The Healthcare Compliance Certification

Board (HCCB) compliance certification

examination is available in all 50 States.

Join your peers and become Certified in

Healthcare Compliance (CHC).

CHC certification benefits:

■ Enhances the credibility of the compli-

ance practitioner

■ Enhances the credibility of the compli-

ance programs staffed by these certi-

fied professionals

■ Assures that each certified compliance

practitioner has the broad knowledge

base necessary to perform the compli-

ance function

■ Establishes professional standards and

status for compliance professionals

■ Facilitates compliance work for com-

pliance practitioners in dealing with

other professionals in the industry,

such as physicians and attorneys

■ Demonstrates the hard work and dedi-

cation necessary to perform the compliance task

CHC Certification, developed and managed by HCCB, became available

June 26, 2000, since that time hundreds of your colleagues have become

Certified in Healthcare Compliance. Linda Wolverton, CHC, Director,

Compliance, Triad Hospitals, Inc. says that she sought CHC Certification

because “...many knowledgeable people work in compliance, and I wanted

my peers to recognize me as ‘one of their own’.” With certification she is

“recognized as having taken the profession seriously, having met the nation-

al professional standard.”

For more information on how you can become CHC Certified,

please call 888/580-8373,

email [email protected], or visit the HCCA Website:

http://www.hcca-info.org/Template.cfm?section=HCCB_Certification

The Compliance Professional’s Certification

Congratulations on achieving CHC status! The Health care

Compliance Certification Boardannounces that the following

individuals have recently successfully completed the

Certified in HealthcareCompliance (CHC)

examination, earning CHC designation:

William G. Clark

Mary Mccann

Jan Lee Usset

Lori Lemasters

Maria N. Burke

Rory Scott Jaffe

Gloria Maria McNeill

Lori Olds

Wendy Sue Portier

Mary Snyder

Survey Results

On February 8, HCCA asked its members:

Does your ComplianceDepartment Report tothe Audit Department?

We received 447 responses over two days.

Here’s the results:

91% (409): Does not Report to the Audit

Department

6% (26): Jointly Reports to Audit and Another

Department or Individual

3% (12): Reports to the Audit Department

14March 2005


Editor's note: Roy Snell conducted

this interview with the newest mem-

bers of HCCA's Board of Directors -

Cynthia E. Boyd, M.D., FACP, MBA,

Rush University Medical Center;

Anne Doyle, Tufts Health Plan;

Frank Sheeder, …; Cheryl

Wagonhurst, Tenet Healthcare - at

the end of January 2005.

Cynthia E. BoydM.D., FACP, MBA

Assistant Professor, Department of

Internal Medicine

Associate Vice President, Chief

Compliance Officer

Director, Medical Staff Operations

Rush Medical College

Rush University Medical Center Facility

Chicago, IL

RS: What unique perspective do you

think you can bring to the

association?

CB: First, as a general internist with

clinical practice and teaching

experience, I have a keen sense of the

challenges and the perspective that

clinicians have and the views they share

with respect to health care

compliance. My practice experience has

included working in a staff model

HMO, a university faculty plan, and as a

solo private practitioner on the

faculty of academic medical centers. In

addition, I have been closely

involved in medical education as a for-

mer assistant dean, and much of

compliance involves education and

addressing the specific learning

styles/preferences of our varied audi-

ences.

My current role as Director of

staff operations, which includes working

on issues related to patient care,

quality improvement, and the creden-

tialing/privileging process, all lend a

unique perspective in addressing some

of the principles and challenges

associated with compliance.

It is the nexus of these experiences

that has given me a sound foundation

on which to build my current role of

Compliance Officer. I hope to bring this

perspective and experience to the table

with HCCA.

RS: How has HCCA helped you?

CB: HCCA has provided me with the

opportunity to meet, network, and tap

into an incredible resource of knowl-

edgeable and energetic professionals

featurearticle

Meet HCCA’s Newest Directors

15March 2005


who have made my job a lot more fun

and a bit easier to perform.

HCCA is also well respected in the

industry as a resource and as an organi-

zation.

RS: What do you think HCCA does

well?

CB: HCCA does a good job of pro-

viding information and remaining

current with the ever changing compli-

ance profession.

HCCA understands and supports

compliance professionals by providing

meaningful and useful workshops, sem-

inars, conferences, and publications that

are readily available, accessible and

easy to use.

RS: How is the compliance profes-

sion changing?

CB: The compliance profession is

being driven mainly by outside forces,

i.e. the government. These outside

forces will define the extent and scope

to which this profession will continue

to evolve.

With that said, I believe the health

care industry is a very large and com-

plex one that will also continue to

evolve and change. There are political,

professional, ethical, moral, social, eco-

nomic, and policy forces that all inter-

play into making the health care indus-

try one of the most dynamic and impor-

tant industries that has an effect on

every American.

No other industry has such a

unique place in our lives and the lives

of our loved ones, and it is for this rea-

son that I think health care compliance

will always be at the forefront of this

profession.

Anne Doyle

Compliance and Privacy Officer

Tufts Health Plan

Waltham, MA

RS: How long have you been

involved in HCCA?

AD: I have been a member since

1998, the early days of HCCA. This was

back when people still looked puzzled

when you told them that you worked

in "Compliance!"

RS: What is the most important pur-

pose or service HCCA provides?

AD: I firmly believe that HCCA's pri-

mary purpose is to serve its members.

To me, "serving members" means meet-

ing each member's needs, whether they

are a new compliance officer imple-

menting a new compliance program, or

a seasoned compliance professional

measuring the effectiveness of a mature

compliance program.

HCCA's national and local area

conferences—as well as its publications

—offer tremendous information and

learning opportunities across a range of

industry topics and levels.

I hope to see HCCA continue to

strengthen its website and use technolo-

gy in a way to help members connect.

If a compliance officer at a multi-site

physician's office is struggling to imple-

ment a records management program,

and I'm in a health plan in

Massachusetts having just implemented

such a program, I want it to be easier

for my colleague to post a question and

get a quick response from me and oth-

ers around the country. Compliance

professionals have a tremendous

knowledge base and I'm excited by

ways that HCCA can help us share and

leverage that knowledge.

RS: What leadership experience

have you had that will help you in your

new role?

AD: I have to laugh at this question,

because what comes to mind first are

some extracurricular leadership activi-

ties that have prepared me well for the

HCCA Board. These include leadership

of my local school board and coaching

kids in sports. In both cases, listening

and responding to the needs of differ-

ent constituents were critical to my suc-

cess.

I'm looking forward to helping to

improve HCCA by listening and learn-

ing from members.

RS: What unique perspective or

industry experience do you think you

will bring to the board?

AD: I bring several perspectives to

the Board.

As Compliance and Privacy Officer

at Tufts Health Plan, a managed care

plan representing approximately

700,000 members, I bring the perspec-

tive of a payer. I also bring the view-

point of someone who has developed a

compliance program from the ground

up and has experienced the challenge

Continued on page 16

16March 2005


of bringing fresh approaches to a

mature program. I also represent the

northeast area, a first for the HCCA

board.

Frank SheederPartner

Brown McCarroll, LLP

Dallas, TX

RS: Have you worked with any

other associations?

FS: I am a member of the American

Bar Association, the American Health

Lawyers Association, and the Dallas Bar

Association.

RS: You recently attended your first

HCCA strategic planning meeting, what

are your observations about the meet-

ing?

FS: The HCCA Board of Directors is

an energetic, enthusiastic, cohesive, and

thoughtful group that strives to put the

interests of HCCA members first.


think you can bring to the association?

FS: My experience in representing

providers as outside counsel, and in

dealing with regulators and prosecutors

to help solve instances of non-compli-

ance.

RS: What professions other than

compliance officer do you think HCCA

can serve?

FS: I believe HCCA can serve senior

leaders and board members to help

educate them about compliance and to

work toward obtaining their buy-in on

this crucial aspect of operating in

today's business environment.

RS: What impact does the recent

Supreme Court ruling have on the com-

pliance profession?

FS: I don't think it changes anything.

The foundational principles of the com-

pliance profession, which are embodied

in the United States Sentencing

Guidelines and elsewhere, are

unchanged by the Booker decision.

Cheryl Wagonhurst


Tenet Healthcare Corporation

Santa Barbara, CA


think you can bring to the association?

CW: I believe that the perspective

that I can bring is that of having

worked both as a health care lawyer

and now as a compliance officer in the

good times and the bad.

RS: How is the compliance profes-

sion changing?

CW: I believe that the compliance

profession is becoming more of an

establish profession. I think that the role

of the compliance officer is becoming

much more accepted and defined by all

industries.

RS: What impact does the recent

Supreme Court ruling have on the com-

pliance profession?

CW: Very little in my opinion.

Compliance is so deeply imbedded

especially in the health care field. Many

providers have mandatory CIAs with the

government and those that don't have

some sort of program based on the

OIG's Guidance. If they don't, then they

are not very attuned to what's happen-

ing in the area of health care enforce-

ment today. That being said, I think that

many providers are also realizing that

compliance is actually "good" for busi-

ness and that's an added incentive for

doing the right thing—every time.

RS: What professions other than

compliance officer do you think HCCA

can serve?

CW: I think that HCCA can and

should involve all professions that touch

on health care compliance. So much of

what HCCA does can help physicians,

coders, HIM professionals and others in

the health care profession better under-

stand the complex area of health care

compliance. ■

HCCA's Newest Directors

17Health Care Compliance Association • 888-580-8373 • www.hcca-info.orgMarch 2005

Health CarHealth Care Compliance e Compliance AssociationAssociation

YOUR HCCA STAFFThe The Association forAssociation for Health CarHealth Care Compliance Pre Compliance Professionals.ofessionals.(888) 580-8373 | (952) 988-0141 | fax (952) 988-0146(888) 580-8373 | (952) 988-0141 | fax (952) 988-0146

Claudia HoffackerDeputy [email protected]

Margaret DragonDirector of [email protected]

Darin DvorakConference [email protected]

Caroline Lee BivonaConference [email protected]

Tracy HlavacekConference [email protected]

April KielDatabase AdministratorMember [email protected]

Patti EideAdministrative [email protected]

Gary DeVaanGraphic Services [email protected]

Wilma EisenmanMember [email protected]

Beckie SmithConference [email protected]

Karrie HakensonProject [email protected]

Kaeren AndersonGraphic [email protected]

18March 2005


This is a very important moment

in the history of the compliance

profession.

Compliance may be expanding in scope and responsibility.

Like billing and legal, accounting has had some difficulty

policing itself. Like the others, accounting may not welcome

oversight by compliance. We will hear once again comments

such as, "I got it" and "Compliance does not have the expert-

ise, etc." The ques-

tion is "Will anyone

listen?"

Once again the

leadership will

have to assess

what is missing

from the equation

and whether com-

pliance can bring

"it" to the table.

Some will say the

problem is related

to conflicts of inter-

est rather than a lack of oversight and understanding of the

accounting rules.

Does any department have more oversight and standards of

behavior than accounting? Who else has annual audits and

"Generally Accepted Principles." I personally believe that

other than its conflict of interest problem, the accounting pro-

fession is a model for the rest of us to follow. Their only

problem is that personal gain, power, and pressure can foul

up any system.

At this point, I have to believe that some health care boards

are wondering "Is any department capable of following the

regulations?" "First the legal and billing departments took

their eye off the ball and now accounting is having trouble?"

You have to believe that this is frustrating for boards. You

can't pick up a paper without seeing an accounting scandal.

Now HealthSouth is demonstrating that health care is not

immune to

accounting scan-

dals. Oh…. the

humanity!

No department

has more systems,

procedures and

controls than

accounting.

Boards have to be

incredulous. We

have annual

audits, controls,

generally accepted

accounting procedures, and we are still having problems.

Many of the accounting problems come to light as a result of

a whistleblower who tried to get someone's attention. Fifteen

people have pleaded guilty in the HealthSouth case. Many

must have known that something was wrong, but could not

or would not stop it. Boards have to believe that there is a

problem with independence. Someone wants the numbers to

look good as opposed to being accurate. ■

Roy Snell

The HealthSouth trial has begun

"This is a very important moment in thehistory of the compliance profession.

Compliance may be expanding in scopeand responsibility. Like billing and

legal, accounting has had some difficul-ty policing itself. Like the others,

accounting may not welcome oversightby compliance."

19March 2005


Share Compliance Documents With Other HCCA Members...

And win one of 12 Portable DVD PlayerCourtesy of:

Each time you add a compliance doc-ument to the HCCA Website you willhave an additional chance to win aPolaroid Portable DVD Player * **,courtesy of Brown

McCarroll L.L.P. Add 30documents and you will

have 30 chances to wineach month for a period of

12 months– November 2003 to October 2004. OnePortable DVD Player willbe given away eachmonth for 12 months.Any non-copyrightedcompliance document willcount, such as policies, proce-dures, forms, memos, presentations,educational tools, government documents,articles, white papers, or miscellaneousdocuments. Just visit eCommunities onthe HCCA Website:

www.hcca-info.org*No repeat winners.**HCCA staff members are not eligible.

Announcing

February’s winner:

LANCE LORIA

20March 2005


Editor's note: William D. Darling,

JD, is a partner with Brown

McCarroll, LLP, located in Austin,

Texas. His practice focuses on fraud

and abuse and corporate compli-

ance matters. Kevin M. Wood, JD,

an associate with Brown McCarroll,

LLP, in Austin, Texas, represents

physicians and other health care

providers on such matters as fraud

and abuse, and corporate compli-

ance, and HIPAA. William Darling

may be reached via email at bdar-

[email protected] and Kevin Wood

may be reached via email at

[email protected].

primary motivation for the

widespread development of

corporate compliance pro-

grams by health care providers is the

incentive to do so contained in the

United States Sentencing Guidelines.

The United States Sentencing

Commission issued organizational

guidelines in 1991 that apply to entities

that are sentenced for federal crimes.

The organizational guidelines provide

entities with the ability to seek a down-

ward departure from the federal sen-

tence that would otherwise be dictated

by the United States Sentencing

Guidelines, upon a showing that the

entity has an effective corporate compli-

ance program. The organizational

guidelines establish seven elements that

are minimum standards for an effective

compliance program. The seven stan-

dards essentially direct that an effective

corporate compliance program will

include:

1. Adopting compliance standards and

procedures reasonably capable of

preventing and detecting wrongdo-

ing;

2. Knowledge of the compliance pro-

gram by the organization's governing

authority and reasonable oversight by

the governing authority with respect

to the implementation and effective-

ness of the compliance program,

including the appointment of specific

high-level individuals to administer

program. To the extent specific indi-

viduals are delegated day-to-day

operational responsibility for the

compliance program, such individu-

als must periodically report to the

high-level individuals and, as appro-

priate, the governing authority, on

the program's effectiveness.

3. Reasonable efforts not to delegate

authority inappropriately to persons

whom the organization knows, or

should know through the exercise of

due diligence, have engaged in ille-

gal activities or other conduct incon-

sistent with the organization's tenets.

4. Reasonable steps to communicate

the standards and procedures (and

other aspects) of the compliance pro-

gram throughout the organization by

conducting effective training sessions

for all personnel, including distribut-

ing appropriate information with

respect to the responsibilities given

to those individuals charged with the

program's administration and

enforcement.

5. Reasonable steps to ensure that the

compliance program is followed,

including monitoring and auditing to

detect misconduct; periodically evalu-

ating the effectiveness of the compli-

ance program; and having and publi-

cizing a system (including mecha-

nisms to allow for anonymity or con-

fidentiality) whereby the organiza-

tion's employees and agents may

report or seek guidance regarding

potential or actual misconduct with-

out fear of retaliation.

6. Consistent promotion and enforce-

ment of the compliance program

throughout the organization through

the use of appropriate incentives to

comply with the program and disci-

plinary measures for those engaging

in misconduct and for failing to take

reasonable steps to prevent or detect

inappropriate conduct.

7. Taking reasonable steps when

wrongdoing has been detected to

respond appropriately to the wrong-

doing and to prevent further similar

conduct, including making any nec-

essary modifications to the organiza-

tion's compliance program.1

The Office of the Inspector General of

the United States Department of Health

and Human Services (OIG) has issued

A

By William D. Darling, J.D. & Kevin M. Wood, J.D.

WIL

LIA

M D

.DA

RLI

NG

21March 2005

Compliance Guidance to various types

of providers and entities in the health

care industry. This Guidance embraces

the foregoing seven elements as found

in the United States Sentencing

Guidelines.

In 2004, the United States Supreme

Court declared the sentencing guide-

lines for the State of Washington to be

unconstitutional in Blakely v.

Washington.2 Washington's sentencing

guidelines (which were similar to the

United States Sentencing Guidelines)

allowed a judge to consider facts not

found by a jury as he or she deter-

mined a defendant's sentence.

After the Blakely decision, a number of

federal defendants who were sentenced

under the United States Sentencing

Guidelines appealed their sentences.

One of the appellants included Mr.

Booker, who received an upward depar-

ture from the sentence he generally

would have received under the

Guidelines. Under the United States

Sentencing Guidelines, Mr. Booker

would have received a prison sentence

of 210-262 months for the drug offense

for which he was convicted. Instead, the

judge assessed a thirty-year sentence

based on facts he himself determined.

The judge conducted a sentencing hear-

ing and found that certain facts existed

by a preponderance of the evidence.

None of these facts were presented to a

jury. Mr. Booker appealed the enhanced

sentence, and two questions were pre-

sented to the U.S. Supreme Court.

The Booker decisionThe questions presented in Mr. Booker's

appeal to the Supreme Court were:

1. Whether the court violated Mr.

Booker's Sixth Amendment right

under the United States Constitution

by imposing an enhanced sentence

under the United States Sentencing

Guidelines based on the sentencing

judge's determination of a fact (other

than a prior conviction) that was not

found by the jury or admitted by the

defendant.

2. If the answer to the first question

was "yes," the following question was

presented: whether, in a case in

which the Guidelines would require

the court to find a sentence-enhanc-

ing fact, the Guidelines as a whole

would be inapplicable such that the

sentencing court must exercise its

discretion to sentence the defendant

within the maximum and minimum

set by statute for the offense of con-

viction.

It is important to note that these ques-

tions had nothing to do with the appli-

cability of the seven elements of an

effective compliance program found in

the United States Sentencing Guidelines

for Organizations (and incorporated by

the OIG into its Compliance Guidance).

Indeed, the questions presented by the

Booker case involved the United States

Sentencing Guidelines for Individuals.

On January 12, 2005, the U.S. Supreme

Court delivered an opinion in United

States v. Booker.3 In the Booker deci-

sion, the Court held that Section

3553(b)(1) of Title 18, United States

Code, the law which makes the use of

the United States Sentencing Guidelines

by federal judges mandatory, was

inconsistent with the right to a jury trial

afforded by the Sixth Amendment to the

United States Constitution. Federal

judges are now able to sentence defen-

dants without a mandatory requirement

that they follow the United States

Sentencing Guidelines.

There is speculation that a significant

battle will arise between the U.S.

Congress and the federal judiciary on

this issue. On one hand, some senators

and congressmen want to maintain uni-

formity and the taking of a hard line

toward the sentencing of federal defen-

dants. On the other hand, the federal

judiciary wants to maintain more discre-

tion in the sentencing of federal defen-

dants. The bottom line is that the

Booker case may spawn Federal legisla-

tion to add a jury component into the

federal sentencing system that would

once again make use of the United

States Sentencing Guidelines as manda-

tory in connection with the sentencing

decisions made by federal judges.

Application of the Booker case to com-pliance programsThe Booker case has caused some in

the health care industry to question the

continued necessity of maintaining their

compliance programs. Abandonment or

reduction of the importance of an orga-

nization's compliance program would

generally be ill-advised, especially if

such a decision were predicated on the

Booker decision. The basic holding in


KE

VIN

M.W

OO

D

22March 2005


the Booker case is that the United States

Sentencing Guidelines continue to be

available to federal judges to consider in

sentencing on a non-mandatory basis.

The real value of an effective compli-

ance program may not be in the poten-

tial reduction in a federal sentence

assessed against an organization. One

school of thought holds that those

organizations that are actually sentenced

in a federal criminal proceeding gain lit-

tle value from the presence of a compli-

ance program. If an organization is

being sentenced in a federal criminal

proceeding, it is likely that neither the

OIG, the United States Department of

Justice (DOJ), nor the federal judge pre-

siding in the case will believe that the

organization's compliance program was

truly effective. Also with the threat of

mandatory exclusion from participation

in federally funded health care pro-

grams that accompanies a federal con-

viction, contending that the organization

has an effective compliance program

may be "too little, too late."

The real value, instead, may lie in con-

vincing the DOJ, the OIG, or the federal

judge presiding in the case that the

organization has undertaken a compli-

ance program in good faith and that the

crime that may have occurred was

indeed an anomaly. The benefit of

establishing the bona fides of the orga-

nization's compliance program may be

that the organization is not charged

criminally in the first place, or that civil

penalties are mitigated.

Furthermore, it is difficult to see how

the Booker decision could nullify all of

the good compliance work that has

been done so far since the seven ele-

ments of an effective compliance pro-

gram are so embedded in the OIG's

Compliance Guidance and in the

approaches adopted by organizations in

and outside the healthcare industry. It

is unlikely that the OIG will retreat from

its positions on the seven elements

because of this decision.

Practical advice Overall, the compliance universe has

not been greatly altered by the Booker

case. The perception created by the

popular press may be that management

may safely eliminate or significantly

reduce the costs associated with an

organization's compliance program. In

fact, the press coverage of the Booker

case has possibly been sufficient

enough that this misperception may be

deeply embedded in the minds of some

compliance professionals. This public

perception cannot be maintained when

one looks at the value of a compliance

program in practice.

The compliance officer in an organiza-

tion should take steps to ensure the

governing body and management that a

compliance program remains just as

necessary and important today as it was

before the decision in the Booker case

was published. It may even present an

opportunity to further educate the orga-

nization's management and employees

about the importance of maintaining an

effective compliance program. The deci-

sion in the Booker case has in no way

diminished the importance of having an

effective compliance program. An

organization that does not take its obli-

gation to maintain an effective compli-

ance program incurs the potential for

serious risks to the organization that are

difficult to justify. Compliance profes-

sionals should work actively within their

organizations to reaffirm the importance

of the compliance program to the pro-

tection of the organization as a whole.

■1 United States Sentencing Commission, Guidelines

Manual, § 8B2.1 (Nov. 2004).

2 See Blakely v. Washington, 125 S. Ct. 2531, 159 L. Ed.

2d 403, 75 U.S.L.W. 4546 (U.S. June 24, 2004).

3 See United States v. Booker, No. 04-104, 2005 U.S.

LEXIS 628 (U.S. Jan. 12, 2005).

still necessary after Booker? ...continued from page 21

Full Name:

Title:

Organization:

Address:

City/State/Zip:

Telephone:

Fax:

E-mail:

HCCA individual membership costs $295.00; corporate member-ship (includes 4 indiv. memberships, and more) costs $2,500.00. CT subscription is complimentary with membership. HCCA non-member subscription rate is $357.00/year.❑ Payment enclosed❑ Pay by charge: ❑ AmEx ❑ MasterCard ❑ Visa

Card #: Exp. Date:Signature:

❑ Please bill my organization: PO#Please make checks payable to HCCA. Please return subscription coupon to

5780 Lincoln Drive, Suite 120, Minneapilis, MN 55436.

To order Compliance Today (CT) complete this coupon

23March 2005


Editor's note: Connie Emery, CPA,

CIA, CISA, CISSP, CIPP, is

Information Privacy/Security

Officer, VP, Compliance Department

with Tenet HealthSystem. She may

be reached in Dallas, Texas at

469/893-6709.

t Tenet, we have been work-

ing diligently since January

2001 to ensure our covered

entities are compliant with the HIPAA

regulations. Throughout the process, we

have encountered many significant chal-

lenges:

■ Challenge #1 - Privacy compliance

due April 2003.

■ Challenge #2 - Transaction and Code

Set (T&C) compliance (or request for

an extension) due October 2003.

■ Challenge #3 - Security compliance

due April 2005.

Challenge #3Our information security compliance

efforts began early in 2001. It became

apparent during the initial planning

phase that the health care industry was

not a "leader" in regard to information

security practices. In fact, when it came

to security over information and infor-

mation assets, there was significant

room for improvement. Since informa-

tion is required to ensure that patients

receive quality care and providers

receive timely payment, health care has

historically been an industry based on

information sharing between its many

participants (hospitals, physicians,

health plans, employers, family mem-

bers, health care agencies, etc.).

Much of 2001 was spent reading the pro-

posed HIPAA security rule, developing

charts to identify the required policies,

matching identified policies to industry

standards, and writing and re-writing

those policies. Once the policies were

written, they were reviewed and re-

reviewed and "blessed" by outside coun-

sel. The final documents were released

to all covered entities and posted on our

internal website in December 2001.

This year, we once again began a

review of the policies to confirm that

they adequately addressed revisions

made in the final security rule, and to

address changes in technology, industry

standards, and the operations of our

covered entities. The same process was

followed; writing, re-writing, reviewing,

and re-reviewing. The revised policies

were posted in December 2004.

Training for our workforce has been

developed and all employees are required

to participate in that training by April 1,

2005. The training will take place on-line

with supplemental PowerPoint™ presenta-

tions (in English and Spanish) for individ-

uals who may not have access to a com-

puter. Supplemental privacy and/or securi-

ty training is also offered to an employee

or a group of employees on a discre-

tionary basis when those individuals have

been involved in a privacy/security inci-

dent. The privacy and security incident

response process requires collaboration

between the Compliance Department,

Hospital Compliance Officers, Information

Systems Departments, and numerous

other groups.

What an achievement-the policies are

finished and all employees will be

trained by April 1! What more could we

have to do? The answer-A LOT! As we

work to meet the April 2005 security

compliance deadline, we have identified

a few areas that may impact any covered

entity's ability to achieve compliance.

A complete and accurate inventoryOur very first challenge to achieving

compliance with the security rule was

ensuring we had a complete and accu-

rate inventory of all applications and

systems that would be impacted by the

rule. We started this process from

scratch because a few years had passed

since the inventory from our Y2K efforts

was last updated. At last count, Tenet

had over 900 applications and 19 oper-

ating systems that were impacted by the

HIPAA security regulations (not account-

ing for the different versions and instal-

lation configurations that exist for

A

By Connie Emery

Team members are: Back (from left): Connie Emery, Info. Privacy/Security Officer; Donna Masters, Administrative Assistant

Front (from left): Andrew Vezina, Mgr. Privacy/Security; Kevin McCaslin, Specialist IS Security Sr.; Rick Frie, Mgr. Privacy/Security


24March 2005


dozens of applications).

As Tenet acquires and/or develops new

applications, the inventory is continu-

ously updated. Each system and its

operating environment have been

assessed for compliance and remedia-

tion plans are being developed.

In addition to our systems and applica-

tions, we were tasked with identifying

all of the biomedical devices that may

be impacted by the security regulations.

Issues that covered entities may

encounter related to bio-medical

devices include:

■ Verifying the inventory is complete

and accurate, including the most cur-

rent information.

■ Verifying the equipment listed in the

inventory creates, receives, maintains

or transmits electronic protected

health information (ePHI), including

all assets that handle ePHI, and

excluding assets that handle health

information without any patient iden-

tifiable data.

■ Obtaining assurance from biomedical

equipment vendors that their equip-

ment is HIPAA compliant.

■ Identifying compensating controls for

equipment that cannot be made com-

pliant.

■ Justifying the expense of implement-

ing controls to ensure information is

kept confidential.

So, how do you add security controls to a

piece of equipment or an application that

has no controls? What do you do if the

cost of remediation is too high? Keep it

behind lock and key-simple, right?

Covered entity evaluationThe security rule requires an evaluation

of the covered entity's compliance with

both the technical and non-technical

components of the regulation [§

164.308(a)(8)]. Tenet has over 400 phys-

ical locations (hospitals, clinics, business

offices, and corporate offices) where

activities occur that include the creation,

maintenance and transmission of ePHI.

Our compliance program includes an

initial on-site "evaluation" of these loca-

tions to ensure controls are in place to

address both information privacy and

security. We started the evaluation

process in January 2002 and, with a

staff of five very dedicated individuals,

completed the initial evaluations of all

400 locations in December 2004.

The next step is to perform an annual

risk assessment and identify entities with

a relatively high risk of non-compliance.

A ranking system was used to compare

risk between facilities, with ranking met-

rics including key risk indicators such as

management turnover, management

input, reported privacy/security inci-

dents, changes to information systems,

bed size, affiliated non-hospital entities,

etc. Based on the results of this risk

ranking, on-site visits will be conducted

at approximately 36 hospital locations

(and the associated non-hospital entities)

each year, which should allow us to visit

all physical locations every 1-3 years,

depending on risk ranking.

We perform remote network vulnerabili-

ty scans of the other locations and pro-

vide facility management with self-

assessment tools to ensure on-going

compliance. Covered entities should

also implement procedures for monitor-

ing incident reporting and assisting, as

needed, in incident remediation.

Business associate agreements (BAAs)

As noted in the recent GAO report

"Health Information—First-Year

Experiences under the Federal Privacy

Rule"; the requirement to develop

agreements with business associates that

extend privacy protections "down-

stream" is overly burdensome. We

couldn't agree more! With over

1,200,000 vendors who provide supplies

and services to Tenet affiliated covered

entities; just identifying the list of busi-

ness associates was a HUGE task for us.

The list provided to our covered entities

for verification included 31,000 vendors

who MAY have required a BAA. Total

confirmed BAs for Tenet during the pri-

vacy roll-out was approximately 14,000.

We anticipate the final number of true

BAs to be approximately 10,000.

The security rule [§ 164.314(a)(2)(i)]

adds language that covered entities may

not have incorporated into their initial

business associate agreements. Revisions

to the contracts may be needed to

strengthen the security language and

revised agreements may need to be

executed with the vendors.

Another hurdle in regard to BAAs—how

do covered entities keep up with new

vendors? To address this issue we:

■ Implemented a process that requires

all new vendors to be reviewed to

determine if they are a business asso-

ciate. Our accounts payable system

was updated to flag vendors who are

business associates, and to provide

reports including that information.

■ Will continue providing periodic

training to the hospital compliance

officers regarding business associate

requirements.

■ Plan to perform a "global" review of

business associate agreements in

HIPAA challenge #3 ..continued from page 23

25March 2005


2005 to ensure ongoing compliance

with the BAA process.

Finally, as required by the security rule

[§ 164.308(8)(b)(1)], the contract

between a covered entity and a busi-

ness associate must provide that the

business associate implement adminis-

trative, physical, and technical safe-

guards that reasonably and appropriate-

ly protect the confidentiality, integrity,

and availability of the ePHI that it cre-

ates, receives, maintains, or transmits on

behalf of the covered entity. How does

a covered entity ensure that vendors are

living up to these requirements? It's not

possible to audit every business associ-

ate. To address this issue:

■ We will perform a risk assessment of

our business associate relationships

and identify those of relatively high

concern. Potential high risk vendors

include third party copy vendors and

transcription vendors, since they have

access to a great deal of ePHI and

they use processes that could poten-

tially cause inappropriate disclosures.

■ Our compliance plan for 2005 will

include audits of selected business

associates.

■ When an incident is reported that

involves a business associate, remedia-

tion will include a review of the busi-

ness associates corrective action plan.

Management supportAfter Y2K (the event that was a non-

event), compliance teams may have had a

difficult time convincing management that

HIPAA is here to stay and will require sig-

nificant resources to ensure compliance.

Tenet's management has provided

resources (funding and personnel) to sup-

port Tenet's HIPAA compliance initiatives.

Many covered entities may, however,

struggle to maintain an adequate level of

management support. Reasons for this

struggle may include the fact that Health

and Human Services' enforcement rule

promotes voluntary compliance and the

rule is seen as having no "teeth". In

addition, the Office of Inspector General

(OIG) 2004 Work Plan had no HIPAA

(privacy or security) projects identified

for completion in 2004.

Now, however, the 2005 Work Plan

identifies three projects that address pri-

vacy/HIPAA. Those three projects are:

■ Managed Care Organization's

Compliance With HIPAA: (OAS; W-

00-05-41007; A-04-00-00000; expected

issue date: FY 2005; new start)

■ Privacy of Medical Records: (OAS; W-

00-05-58007; A-01-00-00000; expected

issue date: FY 2005; new start)

■ Compliance With the Health

Insurance Portability and

Accountability Act Privacy Final Rule-

University Hospital: (OAS; W-00-04-

41006; A-05-04-00000; expected issue

date: FY 2005; work in progress)

While these are all privacy review proj-

ects, this new interest by the OIG and

stronger enforcement by HHS may assist

covered entities in continuing to gain

management support of their HIPAA

compliance efforts.

All that paperThe HIPAA security regulations are

addressing a critical industry issue related

to the protection of an individual's ePHI.

Ensuring the confidentiality, availability

and integrity of ePHI is a necessary com-

ponent of providing quality patient care.

What about all that paper? Paper is creat-

ed during the registration process, passed

to the nurses on the floor, processed and

sent to the Health Information

Management department, and used in

countless other processes around the hos-

pital. Copies of medical records are pro-

duced and provided to physician offices,

payors, corporate departments, third party

vendors, local health agencies, etc. What

information is contained in these paper

documents? Anything that could identify a

patient including their social security

number (SSN), date of birth (DOB),

address, phone number…

As the health care industry moves

toward implementation of electronic

health records (EHRs), perhaps some of

the paper documentation maintained by

covered entities will be eliminated. This

initiative is in its infancy and causes

additional, yet different, concerns about

the confidentiality, availability and

integrity of ePHI. By the way, what ever

happened to the Unique Patient

Identifier (UPID) initiative?

Challenge #4HIPAA compliance implementation con-

tinues to be a challenge. As we work to

achieve and maintain compliance with

the HIPAA regulations, we will continue

to have many challenges and record

many successes. We are confident that

our efforts to make sure Tenet-affiliated

covered entities are compliant with the

security rules will be successful.

So, what's on the list for Challenge #4 -

the National Provider Identifier (NPI)?

With a due date of May 2007, it seems

there is plenty of time to prepare. Our

goal is to start working toward NPI com-

pliance immediately after the April 2005

security deadline. The projected outcome

of Challenge #4 - SUCCESS, of course! ■

26March 2005


Editor's note: John E. Steiner Jr., Esq.

is the Chief Compliance Officer and

Privacy Official for the Cleveland

Clinic Health System. Heidi R.

Carroll, Esq. Corporate Compliance

Specialist, for the Cleveland Clinic

Health System. They may be reached

at 216/444-1708.

his article is the second of

two articles on clinical

research compliance issues.

The first article, published January 2005

in Compliance Today, focused on the

monitoring of clinical research study

budgets and clinical research participant

billing at the trial level. This article

focuses on monitoring and auditing of

clinical research participant billing at

both the departmental and institutional

level.

Both articles illustrate specific methods

and techniques for designing, imple-

menting, and maintaining key compo-

nents of a clinical research compliance

program. As a general matter, clinical

research sites should continue to

demonstrate good faith efforts to com-

ply, despite the daunting scope of the

task. There is no question that the field

needs additional 'tools,' (e.g. software,

information technology support, inter-

faces, and the like) to improve overall

compliance levels.

It is apparent that 'help is on the way'

from the private sector, given the critical

importance of clinical research to

advance medical knowledge and patient

care. Increasingly, at HCCA conferences

and in other venues, vendors are dis-

playing products and services that are

responding to this segment of the com-

pliance field. Moreover, there are

increasingly frequent and focused train-

ing and education programs available

for clinical research personnel to stay

current with compliance requirements.

Several of those requirements are dis-

cussed below in the context of 'moni-

toring and auditing' recommendations

for clinical trials.

Self-auditsAs part of the overall compliance pro-

gram, a method should be established

to conduct self audits. "Self-audits may

be used to determine whether (1) bills

are accurately coded and accurately

reflect the services or items furnished as

documented in the medical records, (2)

documentation is complete, (3) services

or items provided are reasonable and

necessary…"1 Therefore, a technique

must be developed to audit and moni-

tor clinical research participant billing

procedures and evaluate those accounts.

Depending on the size and structure of

the organization, monitoring may be

conducted either centrally through inter-

nal audit or at the departmental level.

Individuals appointed to conduct the

auditing and monitoring (referred to as

a 'monitor' in this article) should… "ide-

ally include those people in charge of

billing and medically trained profession-

als." 2

Monitors' checklist

First, the monitors should document

that each clinical research trial has a

binder or folder that includes the fol-

lowing information (as outlined in the

first of these two articles):

1. Clinical Research Billing Checklist

2. Clinical Research Study Budget/

Amendments

3. Clinical Research Participant Billing

Procedure

4. Research Participant Monitoring Plan

5. Informed Consent Document

Monitors should construct a checklist to

review the following documents for

completeness:

1. Clinical Research Billing Compliance

Checklist

■ Is it complete?

■ Was it submitted to the proper

institutional office or committee?

■ Does it contain an analysis of the

research participant charges stan-

dard of care charges vs. research

charges?

2. Clinical Research Study Budget/

Amendments

■ Was a detailed budget prepared?

■ Was the budget properly amend-

ed, if necessary, in the event of a

protocol change?

3. Clinical Research Participant Billing

Procedure

■ Are special billing procedures

noted if research costs occur while

a research participant is: 1) an

inpatient or outpatient (special

charge tickets) or 2) receiving an

ancillary service?

■ Coverage requirements:

• Items or services were either

designated as research costs or

standard of care

• Pre-certification requirements of

third party payors

T

By John E. Steiner Jr., Esq. and Heidi R. Carroll, Esq.

27March 2005


• Advance Beneficiary Notices

• Coding requirements(e.g. spe-

cial Charge Description Masters

(CDM), such as an

Investigational Device CDM)

■ For Investigational Device Trials,

if applicable:

• A copy of the FDA approval

letter

• Copies of all the approval letters

received from the Medicare

Fiscal Intermediary (FI). The FI

will only approve coverage for

a specific number of investiga-

tional devices. If the number of

enrolled Medicare patients

increases or is expected to

increase beyond the approved

number, another letter must be

submitted to the FI.

• A copy of all the materials

required to be submitted to or

maintained by the Medicare

Fiscal Intermediary.

4. The Clinical Research Participant

Billing Procedure should contain a

research participant monitoring plan.

■ Are the research personnel adher-

ing to the monitoring plan?

■ Are identified billing mistakes

being properly corrected?

If the monitors notice a deficiency in

any of the above documentation, the

monitors should instruct the clinical

research support personnel to either

correct the deficiency within 30 days,

or if an item is not applicable, provide

a written explanation as to why it is

not applicable.

In addition to establishing that each trial

has a documented clinical research par-

ticipant billing procedure/monitoring

plan, the monitors might to be directed

to review two research participant

accounts from each active clinical trial

during the time in which: only research

charges; or research and standard of

care charges were generated.

The monitors should review the partici-

pants' accounts and bills to ensure that:

■ "Standard of care" charges and

research charges were appropriately

posted Research charges were not

billed to the patient's insurance and

appropriately applied to the research

account/activity number.

■ For Medicare patients, determine

whether or not proper coding was

applied:

• For trials identified as "qualifying"

under the Medicare September

2000 National Coverage Decision

(NCD) the ICD-9-CM code, V70.7

and the "QV" procedure code

modifier, should be used accord-

ing to the NCD.

• For Investigational Devices catego-

rized by the FDA as a Category B

Devices, the revenue code 624

should be used.

Monitors should require the clinical

research support personnel to correct

any billing errors and determine

whether or not the error(s) have

occurred on any other research

participants' accounts.

Annual or semi-annual reports should

be submitted to the Corporate

Compliance Committee. The report

should include the percentage of clini-

cal research trials that passed the initial

monitoring review and those that were

re-reviewed because the clinical

research trial did not have a complete

research participant billing procedure.

Based on the results of the audit report,

the Corporate Compliance Committee

may make policy recommendations,

provide additional education, or recom-

mend improved billing processes.

1Monitoring & Auditing Practices for Effective

Compliance Programs. Ed. John E. Steiner, Jr. Esq.

Philadelphia: Health Care Compliance Association:

2002.

2 Id.

WEBLINKSWEBLINKSCompliance Profession■ Christian & Timbers Hot Jobs 2004

listed

7. Chief ethics officer

8. Chief compliance officer

http://www.ctnet.com/pr/release

Details.asp?prid=256

■ Christian & Timbers Hot Jobs 2005

lists Chief compliance officer as #3

http://www.ctnet.com/pr/studies/

hotjobs2005/default.html

CMS■ COPs for Transplant Centers and

Organ Procurement Organizations

http://www.cms.hhs.gov/media/

press/release.asp?Counter=1335

■ Proposed Rule would Modernize

ESRD Conditions for Coverage



■ Resources To Educate Health Care

Professionals About Medicare's

Preventive Services

http://www.cms.hhs.gov/medlearn/

preventiveservices.asp

■ CMS Proposed New Coverage Criteria

for Wheelchairs, Scooters



Emphasizinga documented

comprehensiveapproach to compliance auditingby Debi Weatherford

Editor's note: This is the fifth article

in a series offered by The

HCCA/AHIA Auditing & Monitoring

Focus Group regarding seven com-

ponents to expand on the roles of

compliance and internal audit

functions, provide detailed "how to

steps", and discuss the essential coor-

dination links between compliance,

internal audit, legal, and manage-

ment that are necessary for each

component.

The next priority for the focus group

will be to publish articles and guid-

ance materials on (1) compliance

related policies that should be in

place and (2) compliance educa-

tion/awareness tools and techniques.

The author's contact information may

be found at the end of this article.

A focus group of Health Care

Compliance Association (HCCA) and

Association of Healthcare Internal

Auditors (AHIA) members has been

meeting the past nine months to

explore opportunities to better define

and explain auditing and monitoring,

clarify the roles of compliance and

internal audit functions as they address

issues within their healthcare organiza-

tions, and develop guidance and refer-

ence materials on key aspects of health

care auditing and monitoring processes.

The Seven Component Framework

developed by the HCCA/AHIA focus

group for compliance auditing and

monitoring is comprised of the follow-

ing activities:

■ Perform a risk assessment and deter-

mine the level of risk

■ Understand laws and regulations

■ Obtain and/or establish policies for

specific issues and areas

■ Educate on the policies and proce-

dures and communicate awareness

■ Monitor compliance with laws, regu-

lations, and policies

■ Audit the highest risk areas

■ Re-educate staff on regulations and

issues identified in the audit

This article focuses on emphasizing a

documented comprehensive approach

to compliance auditing. This is the fifth

in a series of articles prepared by the

HCCA/AHIA auditing and monitoring

focus group.

Documented comprehensive approachto compliance auditingThe compliance and internal audit func-

tions serve as an integral check and bal-

ance system to help the Board of

Directors ensure integrity, accuracy,

accountability and consistency within

the hospital system that it oversees. A

documented comprehensive approach

to compliance auditing is an essential

component of the compliance function.

The following sections will address:

■ Planning the focus of the compliance

audit

■ Conducting an opening conference

■ Selecting the sample

■ Writing the report

■ Documenting the audit and follow-up

activities

Planning the focus of the compliance audit

Compliance audits focus on areas

deemed to involve the greatest compli-

ance risks. As you plan the focus of

the compliance audit for a particular

issue, the following areas of the Seven

Component Framework should have

already been addressed:

■ Perform a risk assessment and deter-

mine the level of risk

■ Understand the laws and regulations

■ Obtain and/or establish policies for

specific issues and areas

In addition, a review of compliance

planning resources should have been

completed, as discussed in the third

article published by the HCCA/AHIA

focus group titled "Developing a

Compliance Work Plan for Compliance

Auditing and Monitoring in Health Care

Organizations".

In your audit planning and research,

identifying settled cases by the Office of

Inspector General (OIG) related to the

specific audit issue assists you in deter-

mining how the laws and regulations

were applied. These cases are refer-

enced by the OIG's Common

Identification Number. The value of

case review can be demonstrated by

summarizing an example of an OIG

report: "Audit of Observation Service

Billing by Presbyterian Hospital of

Dallas," Common Identification Number

A-06-01-00087.

The issues identified by the OIG as

illustrated in this report included:

28March 2005


FOCUSGROUP

HCCA/AHIACOMPLIANCECOMPLIANCE

29March 2005


■ Medical records contained standing

orders for observation following out-

patient surgery.

■ Physicians' orders for observation

level of care were not documented in

the medical record.

■ Services were ordered as inpatient

services by the admitting physician,

but billed as outpatient observation

services.

■ Medical records did not document

complications following an outpatient

procedure to warrant observation

services.

■ Specific language in the medical

record, such as "no complications" or

"patient tolerated the procedure

well", was used to identify an

uncomplicated treatment or proce-

dure before determining that the

observation services were

unallowable.

■ Time was charged to observation

prior to a scheduled procedure,

which is not allowable for reimburse-

ment as observation service. Note

also that time spent in surgery and

recovery cannot be simultaneously

billed as observation.

A detailed focus for your audit is recom-

mended over a broad focus. By narrow-

ing your focus, you can isolate issues,

determine your exposure, develop action

plans that are better tailored to address

the issue and thereby facilitate change.

In addition, you can more quickly edu-

cate the appropriate personnel in the

area regarding the issue, your audit

approach and what was discovered.

Using the above example of observa-

tion, consideration should be given to

separating the focus on the compliance

audit of observation services into the

following audits:

(1) Audit observation cases that came in

through the Emergency Department.

(2) Audit post-surgical observation cases.

(3) Audit pre-surgical observation cases.

(4) Audit observation cases that convert-

ed to inpatient during a portion of

the stay.

(5) Audit a statistical valid sample of

observation cases to determine if

other issues exist.

In defining scope, consideration should

also be given to the nature of audit

steps performed, including but not limit-

ed to analytical reviews, interviews,

shadowing, process verification and

internal controls evaluation.

Conducting an opening conferenceAn opening conference serves as the

foundation for orienting and involving a

core cross-functional team that is

knowledgeable and concerned with the

compliance issue at hand. It is very

important to choose your team mem-

bers carefully. In addition to the appro-

priate compliance audit team members,

you should include key people involved

in the process and individuals who

have accountability for the function and

the ability to facilitate change.

In your opening conference, it is recom-

mended that the following topics be

addressed:

■ Specify the compliance issue to be

audited.

■ Clarify why it is a compliance issue.

■ Review relevant information such as

laws, regulations, settled cases, etc.

■ Discuss your planned audit approach.

■ Define what will constitute a testing

error or exception.

■ Designate a contact person for infor-

mation validation and discussion.

■ Determine a routine face-to-face

schedule with the contact person to

discuss concerns, questions and vali-

date findings.

■ Define the communication channel

for escalation of any major issues.

■ Discuss the timeframe for conducting

the audit.

■ Determine constraints such as

planned time-off, busy times, sched-

ule conflicts.

■ Validate that you have current policies,

procedures, flow charts, guidelines,

protocols, etc. related to the issue.

■ Emphasize that a detailed corrective

action plan will be required to

address any problems identified.

■ Determine if an exit conference will

be held at conclusion of the audit.

■ Communicate who will be receiving

copies of the final report.

The goal of this important communica-

tion process is to not only conduct a

compliance audit but also improve the

knowledge of the process owner(s) and

responsible management regarding the

issue, its risks and mitigating strategies.

The opening conference should be doc-

umented and a meeting summary dis-

tributed to all attendees highlighting

important information learned, pending

information to be received, and agreed

upon communication channels.

Selecting the sample Sampling for compliance audits will vary

depending upon the intent of the audit.

If the primary objective of the audit is to

determine, in a non-statistical manner,

whether a possible compliance concern

exists, a sample of 20 to 30 claims may

be appropriate for a preliminary assess-Continued on page 30

30March 2005


ment. If the intent of the audit is to

determine the error rate and define

overall exposure, a statically valid sam-

ple methodology should be employed.

The types of data/records and time peri-

od to be tested are determined based

on the purpose of the audit projects

and other key factors determined by the

Chief Compliance Officer (CCO) and

the Chief Audit Executive (CAE).

Data/records may be concurrent (before

a claim is submitted for payment) or

retrospective (after a claim has been

submitted for payment), and may be

selected randomly, judgmentally, or sta-

tistically. The significance of a valid sta-

tistical sample is that the results may be

extrapolated over the entire population

of transactions. Because of this, it is

important that the CCO, CAE, legal

counsel, process owner, and auditor

agree on the process upfront. When sta-

tistical samples are required, sampling

software such as the OIG's "RAT-STATS"

statistical software should be utilized.

Legal counsel is important in decisions

resulting in statistically valid results

since such results may impact govern-

ment reporting requirements and related

disclosure issues.

Writing the reportThe report should provide a high-level

picture of your compliance audit. The

sections of your report can be customized

for your organization or for the type of

issue. Consideration should be given to

including the following report categories:

■ Introduction—What precipitated the

audit

■ Objective

■ Approach

■ Findings and Key Observations

■ Recommendations

■ Management Response (Detailed

action plan may be attached)

■ Internal Controls and Ongoing

Monitoring Techniques

■ Follow-up Measures

Each compliance audit should contain

written documentation to support the

audit.

Documenting the audit and follow-upactivitiesIn compliance auditing, it is important

that detailed documentation exist to

support the audit process, report and

follow-up activities. The comprehensive-

ness of this documentation is critical to

protect the organization and provide

evidence of the audit. The documenta-

tion should be organized in a manner

and contain sufficient information to

allow a third-party reviewer to reach the

same conclusions.

Examples of documentation to support

the audit and follow-up activities are:

■ Planning documents and audit pro-

grams

■ Research material related to the issue

■ Questionnaires, flowcharts, checklists,

narratives and meeting summaries

■ Notes and memoranda from inter-

views

■ Organizational data, such as organiza-

tional charts and job descriptions

■ Information about operating and

financial policies

■ Analysis and tests of transactions,

processes and account balances

■ Sampling methodology

■ Audit results communication

■ Management response and action

plan

■ Results of post-engagement reviews

■ Active monitoring of conditions

until corrected

In conclusion, following the above steps

will enable a compliance audit with an

appropriate level of planning, documen-

tation, and communication, to achieve

desired objectives as well as facilitate a

constructive review process in partner-

ship with the process owner(s) and

responsible management.

Members of the HCCA/AHIA focus

group are:

■ Randall K. Brown

Baylor Health Care System

[email protected]

■ Britt H. Crewse

Duke University Health System

[email protected]

■ Al W. Josephs

Hillcrest Health System

[email protected]

■ Glen C. Mueller

Scripps Health

[email protected]

■ Debi J. Weatherford Revenue

Cycle Solutions

[email protected]

comprehensive approach to compliance auditing ...continued from page 29

Call for authors!Please email your article or topicideas to Compliance Today editor,Margaret Dragon, at [email protected]. Be sure toinclude your telephone number. Oryou may call Margaret at 781/593-4924 to discuss your article ideas.

● March 21 (May Compliance Today)

● April11 (June Compliance Today)

● May 14, 2005 (July Compliance Today)

OIG FinalSupplemental

Compliance Program Guidance forHospitals Released On January 27, the U.S. Department of

Health and Human Service Office of

Inspector General (OIG) released its

Supplemental Compliance Program

Guidance for Hospitals which is expect-

ed to be published in the January 31

Federal Register.

This guidance updates the previously

issued OIG Guidance for Hospitals and

takes into account recent changes to

hospital payment systems and evolving

industry practices. The supplemental

guidance focuses on measuring and

improving the effectiveness of existing

compliance efforts and identifies addi-

tional fraud and abuse risk areas for

hospitals.

Risk areas outlined in the Supplemental

Compliance Program Guidance for

Hospitals include:

■ Billing under the outpatient prospec-

tive payment system,

■ Physician self-referral law,

■ Federal anti-kickback statute,

■ Relationships between hospitals and

physicians,

■ Relationships between hospitals and

other providers,

■ Joint ventures,

■ Practitioner recruitment

■ The furnishing of substandard care.

The guidance also identifies practical

measures hospitals can use to gauge the

effectiveness of their compliance pro-

grams. For more:

http://oig.hhs.gov/publications/

docs/press/2005/012705release.pdf

Illinois Attorney General SuesDrugmakersOn February 8, the Chicago Tribune

reported that "Illinois Atty. Gen. Lisa

Madigan's office on Monday sued

dozens of major drugmakers, accusing

them of defrauding the state by over-

charging government programs and

Illinois Medicare customers out of hun-

dreds of millions of dollars.

"Madigan's suit, which targets 48 big

drugmakers including Illinois-based

Abbott Laboratories and Baxter

International Inc., is the latest assault in

a wave of attacks on the pharmaceutical

industry. Prosecutors in at least 19 other

states over the last two years have

brought a series of similar complaints as

part of an ongoing effort to rein in the

soaring costs of prescription drugs.

"Filed late Monday in Cook County

Circuit Court, Madigan's suit accuses the

firms of engaging in a "scheme" for

more than a decade by bilking the

Medicaid program and Medicare partici-

pants out of hundreds of millions of

dollars. The companies are accused of

intentionally misreporting and inflating

the figures that are used to calculate

Medicaid reimbursement rates," reported

the Chicago Tribune." For more:

http://www.ag.state.il.us/press-

room/2005_02/20050208.html

Norton Healthcare to Publish

Report CardsThe Courier-Journal reported on

February 5, that "Norton Healthcare

soon will start publishing what may be

one of the most extensive "report cards"

on how its hospitals measure up to

national standards for good care." For

more:

http://www.nortonhealthcare.com/ab

out/media/quality_indicators.aspx

Scrushy On TrialAccording to a report from Reuters on

January 25 "The trial of former

HealthSouth Corp. CEO Richard Scrushy

began on Tuesday, with prosecutors

accusing the flamboyant mogul of

directing a $2.7 billion accounting fraud

at the health care company he founded.

“Defense lawyers said Scrushy had been

deceived by lower-level executives.

Lead prosecutor Alice Martin described

Scrushy as a "very demanding, very

cunning" executive who told subordi-

nates to inflate HealthSouth's profits but

warned they would be on their own if

they were caught.”

For more: http://www.reuters.com/

newsArticle.jhtml?type=reutersEdge&

storyID=7427206

Patient Helps Uncover FraudAccording to the January 27 Pittsburgh

Tribune Review "James DeVage want-

ed relief from back pain when he went

to a HealthSouth Corp. physical therapy

center in San Antonio in 1996. He came

out convinced that HealthSouth over-

charged the U.S. government. Now, at

83, he stands to collect $8.1 million for

helping uncover a much larger fraud. ■

31March 2005


FORFOR Y O U R I N F O

32March 2005


The Health Care Compliance

Association welcomes the following

new members and organizations (States

Kentucky - New Jersey). Member con-

tact information is available on the

HCCA website in the Members Only

section - http://www.hcca-info.org.

Please update any contact information

using the HCCA Website or email April

Kiel ([email protected]) with

changes or correction to your member-

ship information.

Kentucky■ Jeremy E. Clark, Appalachian

Regional Healthcare

■ Andrew G. Conkovich, BS, RT, Univ

of Louisville Hosp

■ Dawn Diehl, Univ of Louisville

■ David Lee, SHPS, Inc.

■ Brett Short, Univ of KY

■ Ellen M. Wells, Univ OB/GYN

Associates

Louisana■ Violet M. Anderson, BA, JD, ACS, Inc

■ Susan Franklin, Memorial Medical Ctr

■ James M. Frantz, Health Plus of LA, Inc

■ David D. Hall, Meadowcrest Hosp

■ Jamie Hohlt, RHIA, Lincoln Hlth

System, Inc

■ Patty Mason, Tenet, Santa Barbara

Office

■ Roslyn Pruitt, Lindy Boggs Medical Ctr

■ Melanie Roberts, Kenner Regional

Med Cntr

■ Connie Sweeney, Northshore

Regional Med Cntr

■ Henry Yennie, Capital Area Human

Svcs District

Massachusettes■ Beth Belt, Danu Farber Cancer

Insititute

■ Lee Chamberlain, MA Society for

Prevent of Cruelty

■ Mary Copithorne, Johnson &

Johnson

■ Sarah Curi, Winchester Hospital

■ Karen DelRosso, Fresenius Med Care

■ Ruth Dolby, Dolby Healthcare

Consultants

■ Kia Earp, CCS, CCS-P, Tufts-New

England Medical Ctr

■ Sandy Friedman, MediRegs

■ Ernie Fusaro, Caritas St Elizabeth's

Medical Ctr

■ Stephen J. Gillis,

PricewaterhouseCoopers, LLP

■ Michael Kendall, JD, McDermott,

Will & Emory

■ David Lakness, BS, Aegis Metrics, Inc

■ Paul Levenson, JD, LLD

■ Karen Lopes, Fresenius Med Care

North America

■ William Marshall, MedAptus

■ Stephen A. Morreale, HHS/OIG-

Investigations

■ Mark E. Schreiber, JD, Palmer &

Dodge, LLP

■ William Wyman, IV, Lowell General

Hospital

Maryland■ Alisa Chestler, JD, APS Healthcare

■ Joyce Edmondson, RN, JD, VA

Maryland Health Care System

■ Christopher Eisenberg, CMS/Cntr for

Beneficiary Choices

■ Sharon Garner, Kaiser Permanente

■ Michelle Giovanni, CMS

■ Kathy Heinz, Capital Women's Care

■ Darlene Helmer, Physicians

Anesthesia Associates

■ Judith Humphries, Department of

Veterans Affairs

■ Maggie D. Lovelace, Kaiser

Permanente

■ Herbert F. Spencer, MA, Dept of

Health & Mental Hygiene

■ Barry Steeley, Cntrs for Medicare &

Medicaid Svcs

■ Donald Tannenbaum, Fidelity

Insurance Company

■ Darin Wipperman, CMS

Maine■ India Broyles, University of New

England

■ Mary T. Drake, RN, Franklin

Memorial Hosp

■ Marc M. Fournier, Southern Maine

Medical Ctr

■ Susanne Heeschen, Sandy River Hlth

System

■ Jennifer McAleer, Martin's Point

■ Susan Mellady, University of New

England

■ H Rebecca Ness, Mercy Health

System of Maine

■ Heidi Russell, RHIT, CPC, Univ of

New England

■ Karen Theriault, Down East

Community Hospital

■ John Tumiel, Univ of New England

Michigan■ Karen D. Bolton, BA, JD, LLM,

Garden City Hospital

■ Beth Casady, MPA, Upper Peninsula

Health Plan

■ Jim Divine, Marquette Gen Hlth Sys

■ Linda Drobish, Spectrum Health

United Memorial

■ Michele Ekblad, Battle Creek Health

System

■ Mike Gusho, Saint Mary Livonia

■ Janet Hall, Univ of Michigan Health

System

■ Robert Hopper, Blue Care Network

of Michigan

■ William P. Howe, Ingham Regional

Med Ctr

■ Dan Keeling, MBA, CPA, Priority

Health

■ Reina Navarra, Blue Cross Blue

Shield of Michigan

■ Ms. Terri J. Perkins, BA, MHA,

Chelsea Community Hosp

■ Betty R. Shelton, The Wellness Plan

■ Barbara Stamm, CPA, Sparrow

Health System

■ Bethany Stanisiewski, Spectrum

Health

33March 2005


■ Jeanne Strickland, University of

Michigan Health System

■ Laurie Westfall, Trinity Health Plans

■ Matthew Wolocko, Henry Ford

Wyandotte Hosp

■ Heather Wurster, MPH, Univ of MI

Health System

Minneasota■ Imad Ahmed, Specialized Care Svcs

■ Hilary Alvino, RN,

Ingeni/UnitedHealth Group

■ Mary Cade, Medtronic, Inc

■ Cathleen Cather, Chronimed Inc

■ Mary Jo Flynn, Allina Hosps &

Clinics

■ Anna Herrmann, Queen of Peace

Hosp

■ Ross Janssen, Univ of Minnesota

■ Randolph Just, Allina Hosp & Clinics

■ Allison Miller, UnitedHealth Group

■ Paula Nelson, MBA, Queen of Peace

Hospital

■ Doris Parenteau, RHIA, Virginia

Regional Med Ctr

■ Patricia Rosvold, BS of Nursing/JD,

Medtronic, Inc

■ Mary Schrupp, UnitedHealth Group

■ Thomas Schumacher, JD, Univ of MN

■ Nancy Stanczak-Sheehan,

UnitedHealthcare

■ Linda L. Stratton, UnitedHealth Group

Missouri■ Sharon E. Bertalott, St John's Reg

Hlth Ctr

■ Kimberly Brown, CPA, BS, MBA,

The Children's Mercy Hosp

■ Kate Dunn, St Louis University

Hospital

■ C.B. Eastman, St. John's Regional

Medical Center

■ Brian Elsbernd, JD, Mallinckrodt

Group

■ Kay Fitzgerald, State of Missouri

Attorney General's Office

■ Chris Flanagan

■ Dana Elizabeth Gaines, Saint Lukes

Health System

■ Diana Gier, Tenet Central Northeast

■ Elena Givens, RHIA, St Louis

Connect Care

■ Sondra Hornsey, Washington

University School of Medicine

■ Monica Lubeck, Univ of Kansas

Hospital

■ Thomas O'Donnell, Polsinelli

Shalton Welte Suelthaus PC

■ Joan Podleski, Washington University

in St. Louis

■ Ellen Samuels, St John's Mercy

Health Care

■ Rosemary Thomas, Des Peres Hosp

Mississippi■ Tommy G. Thornton, MBA,

Hattiesburg Clinic

Montana■ Sherrie Sorenson, CRT, Praxair

Hlthcare Services

North Carolina■ Tiana G. Ayotte, JD, LabCorp

■ Jody Carmichael, Mediregs, Inc

■ Gregory Gertz, UnitedHealthcare

■ Carolyn F. Hill, Granville Medical Ctr

■ Emily H. Hill, Hill & Associates

■ Laurie Howard, Laboratory

Corporation of America

■ Rhett Johnson, Wake Forest Univ

■ Larry Keeley, OptiCare

■ G Raymond Leggett, III, Craven

Regional Medical Ctr

■ Alice E. Mazarick, NC State Hlth

Plan

■ Natividad Murphy, Onslow

Memorial Hospital

■ Mary Phelps, BS, RHIT, Dixon

Hughes, PLLC

■ Sandra Smith, Frye Regional Med Cntr

■ David G. Webb, CPA, Southern

Regional AHEC

North Dakota■ Gerald Finken, BS, MS/RPh, CMS Inc

■ Leigh Bertholf, Good Samaritan

Hosp NE

■ Sarah Campbell, Tenet Healthcare

■ Patrick H. Connell, Boys Town

National Research Hosp

■ August Neuhaus, ALN Medical

Management

New Hampshire■ Ginger Emerson, Concord Hospital

■ Suzanne Foster, Elliot Hospital

■ Kevin J. O'Leary, Exeter Health

Resources, Inc

New Jersey■ Karen Arnott, Chartwell Diversified

Svcs, Inc

■ Andy Bender, MBA, MSC, Polaris

Management Partners

■ Joanne Cheung, UMDNJ-Univ

Hospital

■ Michael R. Clarke, JD, Medco

Health Solutions, Inc

■ Peter P. Connelly, BS, Spectra

Laboratories

■ Marsha Faden, Warren Hosp

■ Elise Fellner, JD,

PricewaterhouseCoopers

■ Darcy Gilson, J & J - Ortho Biotech

■ Susan Hatch, CPA, Virtua Health

■ Joseph Henahan, MBA, Warren Hosp

■ Michael Johns, BBA, Electric

Mobility Corporation

■ Brigitte D. Johnson, Esq, Care Plus

NJ, Inc

■ Thomas Leonard, Standard & Poor's

■ Angela Melillo, MBA, CHCO, Saint

Peters Univ Hosp

■ William Segal, MBA, CFE, CIA,

CFSA, St Joseph's Med Ctr

■ Lorne B. Sheren, MD, JD, UMDNJ

New Jersey Med School

■ Daniel C. Walden, JD, Medco Health

Solutions, Inc

■ Robert Zierold, Christian Health

Care Center

34 Health Care Compliance Association • 888-580-8373 • www.hcca-info.org

Publisher:Health Care Compliance Association, 888/580-8373

Executive Editor: Roy Snell, CEO, HCCA, [email protected]

Contributing Editor: Al Josephs, President, HCCA, 254/202-8620

Layout:Gary DeVaan, HCCA, 888/580-8373, [email protected]

Story Editor:Margaret R. Dragon, HCCA, 781/593-4924, [email protected]

Advertising:Margaret R. Dragon, HCCA, 888/580-8373, [email protected]

HCCA Officers and Board of Directors:

Compliance Today (CT) (ISSN 1523-8466) is published by the Health Care ComplianceAssociation (HCCA), 5780 Lincoln Drive, Suite 120, Minneapolis, MN 55436. Subscriptionrate is $357 a year for non-members. Periodicals postage-paid at Minneapolis, MN 55436.Postmaster: Send address changes to Compliance Today, 5780 Lincoln Drive, Suite 120,Minneapolis, MN 55436. Copyright 2004 the Health Care Compliance Association. All rightsreserved. Printed in the USA. Except where specifically encouraged, no part of this publica-tion may be reproduced, in any form or by any means without prior written consent of theHCCA. For subscription information and advertising rates, call HCCA at 888/580-8373. Sendpress releases to M. Dragon, PO Box 197, Nahant, MA 01908. Opinions expressed are notthose of this publication or the HCCA. Mention of products and services does not consti-tute endorsement. Neither the HCCA nor CT is engaged in rendering legal or other profes-sional services. If such assistance is needed, readers should consult professional counsel orother professional advisors for specific legal or ethical questions.

Al W. Josephs, CHCHCCA PresidentDirector of Corporate ComplianceHillcrest Health System

Odell GuytonHCCA 1st Vice PresidentSenior Corporate Attorney,Director of Compliance,US Legal-Finance & OperationsMicrosoft Corporation

Daniel Roach, Esq.HCCA 2nd Vice PresidentVP & Corporate Compliance OfficerCatholic Healthcare West

Allison Maney, CPA, CHCHCCA TreasurerDirector of Claims Research andResolutionPacificare

Steven Ortquist, CHCHCCA SecretaryVP of Ethics & Compliance, Chief Compliance OfficerBanner Health System

Alan Yuspeh, JD, MBAHCCA Imme. Past PresidentSenior Vice PresidentEthics, Compliance & CorporateResponsibilityHCA, Inc.

Shawn Y. DeGroot, CHCVice President of CorporateComplianceRapid City Regional Hospital

CEO/Executive Director: Roy Snell, CHCHealth Care Compliance Association

Britt Crewse, MBA, MHS, CHCAssociate VP and Chief ComplianceOfficerDuke University Health System

Julene Brown, RN, BSN, CHC, CPCBilling Compliance ManagerMeritCare Health System

Suzie Draper, BSN, RNCorporate Compliance Officer andPrivacyOfficerIntermountain Health Care

Rory Jaffe, MD, MBA, CHCChief Compliance OfficerU.C. Davis Health System

F. Lisa Murtha, Esq., CHCPrincipalParente Randolph

John Steiner, Jr., JDChief Compliance OfficerThe Cleveland Clinic Health System

Debbie Troklus, CHCAssistant Vice President for HealthAffairs/Compliance University of Louisville, School ofMedicine

Sheryl Vacca, CHCDirector, National Health CareRegulatory Practice, Deloitte &Touche

Greg Warner, CHCDirector for ComplianceMayo Foundation

Counsel: Keith Halleland, Esq.Halleland Lewis Nilan Sipkins &Johnson

Charlie,

Pick up ad from page 32 of the January 05 issue

Auditoring & monitoring

Send me a PDF of this ad so I can place it next time.

35

Register NOW!for the

2005 Compliance Institute April 17 - 20 in New Orleans

Featuring: Patch Adams31.2 HCCB CEUs pending

Or visit www.hcca-info.org

PLEASE TYPE OR PRINT

First Name Last Name

Credentials

Title

Place of Employment

Address

City State Zip

Phone ( )

Fax ( )

E-mail

Cancellations/Substitutions No refunds will be given for “no-shows” or cancellations. You may send a substitute; please call the Conference Office at (888)580-8373.

* Registration must be postmarked by the deadline to recievethe discount rate.

**HCCA will charge your credit card for the correct amount should your total be miscalculated.

PO number_________________ CODE: CI05CT1204

Check/money order enclosed (checks payable to HCCA)

American Express Visa MasterCard

Account No.

Name of Cardholder

Signature Exp. Date /

Federal Tax ID: 23-2882664

Method of Payment for RegistrationMake payment by check to The Health Care ComplianceAssociation. American Express, Mastercard or Visa are alsoaccepted. A $20 fee will be charged on any returned checks.Purchase orders must be paid by the conference date or paymentswill be required by the individual on-site. If the incorrect amount ismarked HCCA will charge the correct amount.

Groups:$100 discount per person for more registrations from the sameorganization. All registrations must be submitted together.

Tax Deductibility All expenses incurred during training including tuition, travel,lodging and meals, to maintain or improve skills in your professionmay be tax deductible. Please consult your tax advisor.

Register before 4/1/05* After 4/1/05 HCCA Members $849 $899 Non-Members $999 $1049 HCCA Membership & Registration $1049 $1099 Pre Conference Registration Morning $125 $125 Pre Conference Registration Afternoon $125 $125 Post Conference Registration $125 $125

WEB EMAILwww.hcca-info.org [email protected]

FAX MAIL(952) 988-0146 Send form with payment to:

5780 Lincoln Dr., Suite 120 Minneapolis, MN 55436

36

June 13-16, 2005 Hilton Scottsdale

Resort & VillasScottsdale, AZ

ACT NOW! - SPACE IS LIMITED!

YES! I'm interested in taking the Healthcare Compliance Certification (CHC) exam!

YES! Please sign me up for the Compliance Academy!

$ 2500 Members$ 3000 Non-Members$ 2795 HCCA Membership & RegistrationSave $205.00 by joining HCCA today!

PLEASE TYPE OR PRINT

First Name Last Name

Credentials

Title

Company

Address

City State Zip

Phone

Fax

E-mail

Federal Tax ID: 23-2882664

Payment TermsPlease enclose payment with your registration and return it to theconference office at the above address, or fax your credit card pay-ment to (952) 988-0146.

PO number_________________ CODE: CAM0605Check enclosed (checks payable to HCCA)American Express Visa MasterCard

Account No. Exp. Date

Name of Cardholder

Signature

WEBwww.hcca-info.org

MAILSend form with tuition fee to:Conference Office 5780 Lincoln Dr., Suite 120 Minneapolis., MN 55436

FAX(952) 988-0146

[email protected] 1-888-580-8373

CC

Health Care Compliance Association

37

3838

39

40

41

4242

43

4444

Charlie,Please insert the new CCH ad on the supplied disk

here.Please send me a PC compatable file for me to insertinto the next issue.

45

Pickup December ‘04 page 413M ad

was supplied on customer MAC disk

Charlie, Please send me a PC compatable file for me to insertinto the next issue.

4646

At MC Strategies, we can help you get there. Our consultants provide comprehen-sive assessments, such as Chargemaster reviews that help you identify billingissues and ensure HCPCS/CPT accuracy. And APC validations that include CPT and ICD-9 accuracy verification. But helping you get compliant is only part of what we do.

Our WebInservice® online training features the industry‘s most comprehensive set of compliance curricula. Our EduCode® Compliance curriculum is a practical yetextremely informative program that covers general compliance as well as the highly-technical and high-risk areas of billing and coding compliance. And because allWebInservice training is delivered online, you can rest assured that you‘re tapping into the most efficient and cost-effective training method available today.

Achieving compliance today is a complex task. And it takes more than knowing the basics, but rather, knowing it all from A to Z. To learn more, log ontowww.mcstrategies.com or call us at 800-999-6274.

HCPCS/CPT, APC, ICD-9. No wonder you have to be compliant to the letter.

MC Strategies – Consulting Facilitating performance and compliance.

WebInservice® – Training Improving efficiency through knowledge.

47Health Care Compliance Association • 888-580-8373 • www.hcca-info.org 47

C O R P O R A T E C O M P L I A N C E & E T H I C S :G U I D A N C E F O R E N G A G I N G Y O U R B O A R D

Name:

Title:

Company:

Address:

City:

State: Zip:

Phone:

Fax:

Email:

Format: DVD VHS

Mail to: SCCE5780 Lincoln Drive, Suite 120Minneapolis, MN 55436

Phone: (888) 277-4977

Total Payment $ ______________

Purchase Order # _____________Check/Money OrderVISA MasterCard

Number Exp. Date

Name of Card Holder

Signature of Card Holder

Code: CT1104Please make check payable to:

Society of Corporate Compliance and Ethics (SCCE)

FAX: (952) 988-0146

Online: www.corporatecompliance.org

Email: [email protected]

Order Today!Non-Members $395 SCCE/HCCA Members $345

www.corporatecompliance.org

Bringing the vision ofleadership together

with a compliant andethical culture

"This video provides anoverview of the Board’srole in compliance."

Odell GuytonSenior CorporateAttorney, Director ofComplianceMicrosoft Corporation

“It’s pretty clear thatthe best compliance program in the world ismeaningless even if it’sfunded with a good wellmeaning complianceofficer if the leadershipof the company is notbehind it and isn’t supportive…”

Honorable Michael E. Horowitz,Commissioner, UnitedStates SentencingCommission