January 22, 2020

The U.S. Department of Justice (DOJ) has just announced that it has recovered $2.6 billion in judgments and settlements involving cases of alleged healthcare fraud during 2019.  This marks 10 consecutive years that the federal government has obtained more than $2 billion from actions involving such cases.  Last year’s recoveries reflect an upward trend in recent years in the dollar amounts garnered by the government in healthcare fraud actions, with $2.1 billion being collected in 2017 and $2.5 billion in 2018.  In addition to the $2.6 billion in recoveries for 2019, the DOJ said it obtained millions more in additional monies for state Medicaid programs.

Hard to Fight City Hall

Much of the money the government recovered last year was the result of settlements, not judgments.  It should be remembered that entering into a settlement is not an admission of guilt.  Often, organizations are forced into accepting this option because their resources for defending themselves are far exceeded by the government’s limitless budget to prosecute and/or force a settlement.  Even good actors are forced to settle sometimes because they cannot afford the astronomical costs of defense.

Prevention is the Best Protection

With the healthcare industry finding itself under increasing scrutiny, entities need to move with alacrity and determination to mitigate or eradicate any patterns that may raise red flags.  It makes long-term financial sense to ensure that every member of your organization knows and follows a corporate compliance plan.

The OIG, working under HHS, has published a model compliance plan for hospitals, which can be accessed here.  This is an instrument that all facilities should have in place.  As this is a model plan, it should be customized to meet the unique circumstances of each hospital.  Once it is in place and adopted by the board of directors, it should not be put on a shelf to gather dust.  Rather, its provisions must be thoroughly and consistently executed.  Here are some recommendations on how you can make your compliance plan a preventative measure that will help protect your organization from possible negative action:

• Hospital employees should be required to review the plan at least once a year.  Annual training is absolutely essential and must be taken seriously by leadership and staff alike. Some organizations institute a quiz following the training to ensure employees’ reading and understanding of the material.
• The plan must have a disciplinary section that the staff is made to take seriously.  That is, it must provide for specific corrective measures for certain levels of errant trends (discovered through internal audits) or other inappropriate activity.  Such measures might range from additional training, small monetary fine, official warning, to outright dismissal.  Discipline must be enforced if you are to have a strong chance of rooting out the kind of behavior for which the government is on the lookout.  It’s what puts “teeth” into any compliance plan.  It also demonstrates to the government your seriousness about staying compliant.
• Hospitals should regularly audit areas of vulnerability in their organizations to ensure they are complying with the relevant sections of the plan.  Those audit results should be used to further refine the plan, educate the workforce and remediate any areas of exposure.
• Leadership should show a commitment to the plan to demonstrate that the culture of the organization embraces compliance.
• Workforce members should have numerous methods by which to raise concerns, including anonymous channels, without fear of retaliation.
• The hospital’s compliance officer (HCO) must have sufficient authority to implement a compliance program that includes conducting reviews, analyzing results, implementing necessary training, reviewing concerns and making recommendations to the appropriate body.
• The HCO should be charged with overseeing the inclusion of specific policies and procedures (P&Ps) that facilitate compliance with federal and state rules within the institution.  The P&Ps should address specific risk areas that have been identified by the compliance team.  From time to time, the HCO should review, revise and/or replace P&Ps, as circumstances or rules change.
• An essential component of any compliance plan is to undertake a risk analysis of the organization’s processes and systems.  Where are the greatest potential areas of vulnerability?  This may require getting together with department heads, including IT, to discuss specific safeguards that can be put in place to limit or prevent non-compliance going forward.  Such risk analyses should be mandated in the compliance plan, and a complete record of each risk analysis, including recommendations implemented, should be kept on file.