Blog Post

DOJ and OIG Cited High-Risk Areas Are Not Compliance Officer’s Highest Priorities for 2018

SAI Global and Strategic Management Services recently completed their ninth annual Healthcare Compliance Benchmark Survey. The Survey identified healthcare organizations’ compliance priorities for 2018. Based on the Survey results, Compliance Officers identified the ongoing monitoring and auditing of high-risk areas as their greatest challenge. Overwhelmingly, respondents reported data breach concerns as their highest-ranked compliance priority, a significant change from last year’s Survey results. Specifically, two-thirds of the respondents cited Health Insurance Portability and Accountability Act (HIPAA) Security/Cyber-security concerns, and over one half cited HIPAA Privacy concerns. Nearly three-quarters of respondents reported that their Compliance Office held responsibility for HIPAA Privacy. Further, nearly one-third of respondents reported that HIPAA Security responsibilities were under their Compliance Office’s purview. Given the current enforcement environment, these Survey results are concerning. The results highlight that high-risk areas identified by enforcement agencies did not coincide with the respondents’ reported high priority areas.

The Office of Inspector General (OIG) and the Department of Justice (DOJ) have identified inappropriate arrangements with referral sources as their main regulatory and enforcement priority. A close second in the OIG’s list of priorities is the submission of false claims. Inappropriate referral arrangements and false claims have led to most of the major OIG and DOJ enforcement actions and penalties. These risk areas present a far greater exposure to liability than security breaches. Yet, not only did arrangements with referral sources fail to constitute the top high-risk area for Compliance Officers, such arrangements were ranked fifth in compliance priority. Moreover, the Survey respondents also placed claims accuracy in the third-place ranking for compliance priority.

Inconsistencies in Top Compliance Priorities for 2018

Given the OIG and DOJ’s clear identification of enforcement priorities, one may question why corporate Compliance Officers are ranking these areas as lower compliance priorities. As the former Inspector General, I believe that part of the reason why Compliance Officers are failing to devote adequate attention to arrangements with physician referral sources is that many defer to their legal counsel for the ongoing monitoring and auditing of such arrangements. However, the problem with this setup is that legal counsel was probably involved in the development of these very arrangements in the first place. By definition, those involved in such tasks cannot independently audit their work. Further, virtually all Anti-Kickback and Stark Law enforcement actions deal with physician arrangements that involve legal counsel. Although the contractual analysis is important, enforcement authorities consider the physician arrangement contract as only one piece of the picture. As such, Compliance Officers need not rely on legal counsel for these arrangements related audits and reviews. For example, enforcement authorities also consider the following:

  • Evidence that establishes medical need for a part-time physician;
  • The selection process for the physician candidate;
  • Determination of the fair market value and commercial reasonableness for the physician’s services;
  • Assurance that all of the areas of the contract have been properly filled out; and
  • Verification of the performance of the physician arrangement before payments are made.

Many Compliance Officers are also concerned about their qualifications to review the claims processing system. However, Compliance Officers should not be the reviewers in the first place.  The Compliance Officer only needs to ensure that program managers are conducting the ongoing monitoring and auditing. Ongoing monitoring includes actions such as keeping current with payment rules, translating the payment rules into written guidance, training the staff on following that guidance, and monitoring that the guidance is being followed. Auditing tasks can be performed by the internal audit department, external auditors or consultants, or any combination thereof. While the Compliance Office staff can participate in the effort, auditing should mainly be carried out by those that are independent of the claims processing function. For those encountering resistance to Compliance Office oversight of the physician arrangements or claims processing functions, a viable option may be to engage auditing experts to carry out these auditing tasks.

Interested In Survey Results and Further Insights?

For more insights into the results of the 2018 Healthcare Compliance Benchmark Survey, register for the complimentary webinar on May 9th at 2 p.m. EDT. Key Survey findings will be discussed and analyzed. To further your understanding of the discussion, you may download your complimentary copy of the Survey report here, ahead of the webinar.

Subscribe to blog