The document discusses how healthcare compliance and regulation has changed over time. It notes that from 1997-2009, the healthcare fraud and abuse control program recovered $6.7 billion, increasing to $19.2 billion from 2009-2013. Enforcement of regulations and budgets for investigations have also increased substantially. This has made regulatory violations easier to detect with penalties becoming more intense. As a result, a new professional service model is needed to help healthcare providers navigate the increasing complex regulations and compliance requirements.
11. Fines and
Penalties
Became
More
Intense…
AVERAGE SENTENCING FOR
HEALTHCARE-RELATED CRIMES
52 Months In Prison
FOR EVERY DOLLAR SPENT ON
HEALTHCARE-RELATED FRAUD AND ABUSE
INVESTIGATIONS BY THE FEDERAL
GOVERNMENT IN THE LAST THREE YEARS
Government Recovered $8.10
22. …So They Can Focus On What They Do Best
– Delivering The World’s Best Healthcare…
23. Nick Merkin
11845 W Olympic Blvd., Suite 1250
Los Angeles, CA 90064
nmerkin@compliagent.com
310.996.8950
www.compliagent.com
Thank You For
Your Time…
Questions?
Editor's Notes
Hi. My name is Nick Merkin and I’m the CEO of Compliagent.
And I’m going to tell you our story.
And I’m also going to tell you about innovation.
And how our work improves healthcare delivery and lowers costs.
I’m also supposed to talk about some of the healthcare industry problems that we solve – and I will.
But I’d rather talk about opportunities.
Specifically, the opportunities afforded to us by robust healthcare compliance programming.
And I know that sounds cliché. And it is.
But I think that, sometimes, we are focused so much on solving problems that we miss the opportunities they create.
So the story of Compliagent doesn’t really start with Compliagent.
And like all good stories… It starts with “Once Upon a Time.”
Once upon a time, healthcare compliance was pretty easy.
I’m a data guy – despite being a lawyer -- actually I think I was the only law student ever who took statistics as an elective during law school – it was a mistake – but let me give you just a few numbers…
Do you know the amount of money the federal government’s Health Care Fraud and Abuse Control Program recovered in the last five years – 2009 through 2013?
$19.2 billion (By the way, $8.5 billion of that was just over the last two years.)
Since the inception of the program in 1997, do you know how much was recovered until 2009? Just $6.7 billion combined.
(http://www.hhs.gov/news/press/2014pres/02/20140226a.html)
I didn’t make a slide with a year by year graph, but if I did, it would look like when they scare you by slowly taking you up the roller coaster at Six Flags…
So things were pretty easy because – although there were a lot of laws and regulations on the books – healthcare just wasn’t an enforcement priority.
The bottom line is that enforcement takes money. And there wasn’t much there.
So the results were predictable.
Let me lay some more numbers on you… This time about government spending on healthcare compliance enforcement:
Do you know what the delta between the OIG’s 2012 enforcement budget is to its proposed 2014 budget? $101 Million. Up to a total of $389 Million.. An increase of over a third in just two years.
(https://oig.hhs.gov/reports-and-publications/archives/budget/files/FY2014_HHSOIG_Congressional_Justification.pdf0
And back in the mid-90’s, the OIG’s enforcement budget was a rounding error.
So as a result, healthcare providers didn’t spend much on regulatory compliance.
The concept really didn’t exist.
Yeah. A large healthcare provider usually had a General Counsel. That General Counsel had an outside law firm to turn to if a question came up…
But these were reactive moves, not proactive.
The medical equivalent to showing up to the ER when you feel chest pains, rather than getting a physical the year before and making a proactive plan for better health.
In 1997, the commencement of the federal government’s Health Care Fraud and Abuse Control Program, the OIG hadn’t even yet published its Compliance Program Guidance for Hospitals that “recommended voluntary compliance programming
It doesn’t do this for hospitals until 1998; And for Skilled Nursing Facilities not until 2000. (https://oig.hhs.gov/authorities/docs/cpghosp.pdf.)
So if there were few formal compliance programs, what were there…
There were CIA’s – Corporate Integrity Agreements – its what you implement when you get caught. It’s a cross between a plea bargain and a consent decree.
Corporate Integrity Agreements are sort-of de facto compliance plans. They lay out what you’re required to do to atone for your sins.
And, hopefully, they mitigate fines and penalties, and keep you out of jail.
But, again, very little formality, planning, or organization. Reactive rather than proactive.
So for all these reasons, organizational level healthcare violations didn’t come up – unless they were really egregious busts – on the fed’s radar, on the State of California’s radar, or on the agendas of managers of healthcare providers.
You either didn’t get caught, or if you did get caught you got a slap on the wrist.
You wanna know what the FBI’s pending caseload of healthcare fraud investigation cases was in 1992? 591 cases – agency wide.
You want to know what it was it is in 2013 – 3,542. By the way, 1,023 indictments.
112 FBI agents devoted to healthcare fraud in 1992. in 2013, 480 agents and 321 support positions.
(http://oig.hhs.gov/publications/docs/hcfac/FY2013-hcfac.pdf.)
So in that world, the old world, you could get guidance on healthcare compliance and regulatory issues from “traditional sources…”
You had your GC, he had his golfing buddy who did medical malpractice cases, so he was a “healthcare expert,” right?
You probably even had an HR administrator that you could ask some employee handbook questions to… Or maybe a nurse for clinical problems..
Your organization had a bookkeeper, right, so her or she probably could make sure your billing and revenue cycle issues were in order, right?
And for the most part, that worked. And if you had a problem – an enforcement action, maybe --- well, you could call Saul. His sign says he knows about “fraud” and that he sues people, so he can handle it, right?
Proactive regulatory infrastructure, a compliance plan???
Who needed all that?
If I’ve got a problem, the emergency room will fix it, right?
But our story is about to get a little more interesting… The world is going to start to change.
And then, one day, things changed! This is the $500 toilet seat slide – made famous by the news media, but really made famous by late night talk show hosts…
So, some of you may remember this. In the 80’s the Department of Defense was exposed for paying exorbitant prices to federal contractors for supplies. It was egregious and it was for a lot of items, but the toilet seats are what everyone remembers.
Well American taxpayers made themselves heard and this whole episode produced a sea change in the government’s attitude towards where federal money was being spent. And, as you know, healthcare is a big beneficiary of government money.
So, as a result of this, the Office of Inspector General of the Defense Department commenced a policy that looks a lot like the compliance programming requirements in place today in the healthcare industry --- in fact, our 7 elements of compliance are a lot like the Defense Industry Initiative Program enacted back then.
So all this started a trickle down effect to the healthcare industry, the effects of which we are living through today.
So what’s happening now…
So over the years from the golden toilet seat days there’s been an explosion of regulations and rulemaking in the healthcare industry. HIPAA and HITECH and Self-Disclosure Protocols, and a dozen other acronyms. Guidance statements by the OIG and an alphabet soup of other federal and state agencies.
Way too much to go through in our time today… But I’ll focus on one item:
The Affordable Care Act is passed a few years back. It mandates compliance and ethics programs for a wide range of providers, suppliers, and facilities as a condition of enrollment in Medicare, Medicaid, and Children’s Health Insurance Program.
It’s probably the only bipartisan provision of the ACA. The 7 elements of compliance are loosely based on the federal sentencing guidelines.
Again, way too much to discuss today, but:
(1) written policies and procedures and standards of conduct; (2) compliance officers and compliance committees; (3) training and education; (4) effective lines of communication; (5) internal standards and disciplinary guidelines; (6) monitoring and auditing; and (7) detecting, responding to, and correcting offenses.
Fines and penalties are now much more intense.
Like we talked about before, $4.3 billion just in 2013. (And that’s only federal, not state…)
In 2013, defendants who were charged and sentenced for healthcare related crimes (and there were hundreds) are facing significant time in prison – an average of 52 months in prison for those sentenced in FY 2013.
If you want to remember one number today – remember the number eight dollars and ten cents.
For every dollar spent on health care-related fraud and abuse investigations by the federal government in the last three years, the government recovered $8.10.
That’s their ROI – better than my 401K. Now you know why compliance is only bipartisan provision of ACA.
One other thing beyond the regulatory and legal realm – Big Data. Big data now creates what a former A.U.S. Attorney who I had lunch with a few months back called a “slam dunk.”
According to her, information gathering that used to take regulators 6 months to collect – let’s say for example your healthcare facility’s deviation from the norm for usage of psychotropic medication in light of your geography, patient population, facility acuity level – now takes 60 seconds. It’s all in the cloud, as they say.
As she explained it to me, as a prosecutor, she had a big stack of files on her desk every morning with potential subjects of investigation. She only wanted to take the slam dunks. Slam dunks get you promotions, raises, authority, whatever. Now slam dunks can be identified through a few key strokes and a 30 second call to the IT guy. Those hundreds and hundreds of “support staff” the FBI uses to assist their agents – they’re IT people. They’re big data people.
Compliance violators have gone from playing out in courtrooms to playing out on Excel spreadsheets.
And now, the guy on the billboard… Remember “Just call Saul”? He’s not enough.
Reactive compliance programming for your healthcare organization won’t cut it. It actually may cost you your business.
As we talked about, there are now proactive compliance requirements – no waiting until you get caught.
Compliance is now something that has to be actively managed by healthcare providers and those who run their organizations.
The consequences of failure to plan are simply too dire – they could mean business-ending fines and penalties. Disgorgement of revenues already received. They can even mean that average of over four years in jail.
So now, let’s talk about solutions, but also about opportunities.
Making the wrong choice in this content may cut deeply into profit margins. Even worse, a poor decision may result in an unacceptable level of regulatory risk and expose a healthcare provider to financial liability, criminal prosecution, and reputational harm.
So how do we address all these problems…
Here’s our basic structure…
And I think in here lies much of our innovation…
We’ve distilled compliance into a system and an infrastructure by studying hundeds of past and current CIAs, statutes, regulations, and guidance statements, and hundreds of conversations with healthcare managers.
We’ve also looked at it thorough the lens of our own years of collective experience in the healthcare regulatory industry.
And that includes 7 JDs, a former healthcare facility administrator with over a decade of experience, three really knowledgeable former directors of nursing, a physician, and people with certifications with HIPAA and HITrust data security, as well as human resources specialists, a former hospital executive, and MBAs. And that includes, not joking, the former starting guard for Providence’s women’s basketball team and a former NCAA Division One triple jumper and long jumper. We’re tall people in our office.
Outsourcing Facilitates Access to Multiple Qualified Compliance Professionals With Varied Specializations Through a Single Point of Contact.
Another related advantage to an outsourced compliance model is the ability to access a network of qualified compliance professionals with different specializations through a “one-stop shop” approach.
By necessity, even larger healthcare organizations may only have a handful of experienced compliance professionals with a narrow range of expertise on staff.
After all, there is only enough room and resources for so many senior compliance personnel within one entity.
We bring to bear a higher level of professional firepower to a compliance matter at a lower cost.
Outsourcing Requires a Lower Initial Investment.
The initial investment in hiring qualified and experienced healthcare compliance professionals is high.
At bottom, when incorporating all the expenses involved in building compliance infrastructure on your own, the hiring of even a single compliance specialist and assistant may cost a healthcare organization hundreds of thousands of dollars a year.
In contrast, the upfront expenditures involved in outsourcing an entity’s compliance function is much lower and involves a much smaller commitment to a scope of work that is narrowly defined and leanly priced in a detailed retention agreement.
Even for organizations that are committed to building out their own more extensive internal compliance departments in the future, it usually makes financial sense to begin with a combination of insourced and outsourced expertise.
Outsourcing Promotes Quicker Adaptation to Regulatory Changes
Like we’ve discussed, the last few years have seen exponential expansion in the regulatory requirements governing healthcare providers.
It’s gonna get worse.
Implementing organizational change internally can be cumbersome and a drain on resources.
We focus specifically on the nuances of legal change and interpretation, are better suited than an internal corporate compliance department to monitor and react swiftly to changing laws and regulations.
In addition, we have a unique vantage point to watch how regulatory change manifests in a variety of organizations and to use that perspective to develop “best practices” with an eye towards your business goals.
An Outsourced Model Promotes a More Flexible Use of Compliance Resources
In contrast to the “all or nothing” approach of building out internal compliance infrastructure, we give you the ability to pick and choose from a menu of compliance options at any given time.
For example, based on an organization’s most recent compliance plan and risk assessment, an entity may decide that in a particular quarter or year, resources should be focused on HIPAA training or on more effective employee screening. We can then simply be tasked (on a strict budget) to facilitate those goals.
In contrast, a healthcare organization that has already invested significant internal resources in, for example, revamping its reimbursement control structure by hiring a dedicated compliance specialist with expertise solely in this function, may lack the flexibility to address these more pressing compliance needs as they arise and the organization grows.
We have specialists in all these areas, so we can more nimbly address your evolving compliance concerns.
Third-Party Objectivity
A final benefit to an outsourced compliance model is the objectivity brought to the compliance function when a third-party firm is retained. These benefits are twofold and have both an internal and external component.
Internally, it can be difficult for employees to be completely objective about the strengths and (especially the) weaknesses of their own organizations and departments. It is human nature to protect one’s “turf.” As a result, employees may be reticent to point out deficiencies in their own areas of responsibility or to acknowledge weaknesses to superiors. Even legitimate criticism of other departments or functions within an organization can be difficult because of the fear of reprisal or the concern that one’s feedback may be taken as political or self-serving in nature.
We can mitigate many of these concerns as the professionals involved have fewer such pressures to temper their analyses.
Moreover, externally, the work and conclusions reached by a third-party compliance specialist may be viewed as more independent and carry greater weight with enforcement agencies than those reached by internal employees. We’re more familiar with the governmental agencies and even the enforcement officials – we sit in meetings with them in Sacramento and all over CA all the time -- in their areas of expertise and we’ve earned more credibility and success in reaching agreements and compromises with the government on behalf of their own clients.
The point is to develop a Infrastructure with you … To make compliance a business function, part of your strategic planning process, and part of your quality assurance plan.
And here’s the real innovation. We don’t take the “memo only approach.”
When I was a lawyer, my healthcare provider clients asked me for help. I gave them CYA memos and effectively said, “here, do it yourself.”
That model is dead. Or at least it’s dead in our office and in our healthcare provider clients organizations.
We want to make your internal compliance programming self-perpetuating.
We want to empower you by working with you.
Our guidance is continuous, educational programming is continuous, our monitoring, our reporting, your strategic planning working hand in hand with you to fine tune and tailor your programs. Were always there.
So I promised I’d get to the “opportunities” part…
Healthcare compliance is a challenge. It’s a business challenge. It costs money. And it’s also a healthcare delivery challenge.
Here’s the secret though – flash the college health spreadsheet – that’s a compliance dashboard we use for one of our clients – it ties right into their business cycle financial programming. what I’ve learned doing compliance is that a rigorous and effective compliance program will ALWAYS lead to cost savings. Compliance RED FLAGS are always business RED FLAGS and profitability RED FLAGS. Compliance is the canary in the coal mine. Just to give you one example – when we look at a compliance data point like “Number of admissions from your top admitting physicians over the course of a year,” which is a self-referral issue and a compliance issue, that’s also a revenue issue. When we compare your organizations number of excluded individuals identified over the course of 36 months and the ratio of that to the national average, that a compliance issue, but it’s also a HR metric and it’s a recruiting and strategic planning issue for you. When present to your facility’s governing board about the number and composition by of your hotline grievance calls, that’s a compliance issue – but that’s also a revenue issue. And if you’re not paying attention to these metrics, you’re losing out on the bottom line.
I’m going to even go sar far as to issue you a challenge. I can guarantee you that solid compliance infrastructure will save you money – real money – not prevention money – I don’t mean “we avoided a potential enforcement action against you by training your Privacy Officer money…” I mean revenue cycle issues that you’re missing and that compliance analytics will spot for you. That’s a promise.
Because at the end of the day, your business is delivering the world’s best healthcare in a cost-effective way.
A former client of mine – really a mentor -- a healthcare business executive, in the context of a conversation where I was bemoaning the sorry state of the economy and wondering how the healthcare industry was going to survive taught me something important.
He taught me that we don’t have the highest quality healthcare system in the world in this country because we’re smarter or better. We’re not.
We have it because we know how to innovate. Because every time there is a challenge, there is not only a solution, but an opportunity.
And those profitability gains you can make by implementing an effective compliance infrastructure. That’s the opportunity.
That’s what Compliagent’s compliance solutions are all about.