Compliance Perspectives

Post By: Adam Turteltaub With the increasing attention paid to Environmental Social and Governance (ESG), questions have arisen as to what should be the relationship between compliance and ESG efforts. Some have argued for compliance to oversee ESG, while others see them as distinctly different endeavors. Robert Smith [LinkedIn], Director, Business Compliance and Ethics for Serco Group plc provides his first-hand experience and insights in this podcast and will be sharing additional thoughts at the 2022 SCCE European Compliance & Ethics Institute. ESG is not new to Serco since it had long been tracking the Corporate Social Responsibility (CSR) movement, which was in many ways ESG’s predecessor. The more structure approach of ESG, he believes, is a natural progression. There are accounting standards and a growing body of laws and regulations. To meet the organization’s ESG goals, the company has developed a clear framework with individuals responsible for ownership of the various elements of the company’s ESG efforts.  Each of these owners has clear KPIs. There is a structured reporting process that pull together strands from across the organization. Robert, and compliance’s role, is to ensure the integrity of the reporting, as well as to connect the dots between the various reports. They are all assessed for materiality and eventually make their way into annual reporting. Compliance is well suited to this role, he believes, both at Serco and likely elsewhere.  Compliance professionals are adept at helping create transparent structures and turning external frameworks into internal processes. In addition, with increased regulation of ESG and more and more laws addressing ESG-related issues, involvement of compliance teams is more than inevitable. Listen in to learn more about the role of compliance in ESG efforts, including how to work with other stakeholders. Then be sure to join us at the 2022 SCCE European Compliance & Ethics Institute.

Post By: Adam Turteltaub The complexities of healthcare coding can be daunting, and they are all the more so now during the public health emergency. To help clear things up are Bryan Beaudoin, Associate Director – Health Information Solution Lead at Protiviti and Kathy DeVault, Manager, HIM Consulting at USAI. In this podcast they explain: * As the Public Health Emergency continues clinical documentation and coding audit functions face an evolving list of compliance risks and limited resources to address these risks going into 2022. * Although governmental enforcement agencies had briefly relented in enforcement activities during the onset of the pandemic, they have resumed enforcement activities moving into 2022. * Key audit topics include: COVID-19 clinical documentation coding and billing, telehealth coding and billing, Evaluation and Management (E/M) selection, and documentation and coding of conditions determined by clinical indicators, such as Sepsis, Acute Renal Failure and Malnutrition. * Prominent clinical documentation and coding audit risks in 2022 and tactics clinical documentation and coding audit functions can employ to more effectively audit target risk areas and collaborate with hospital stakeholders. They also provide some good news: leadership is paying more attention to coding and clinical documentation because now they are more focused on quality data. Listen in to learn more about how to manage coding in this fast-changing era.

Post By: Adam Turteltaub Amanda Cohen is Director of Product at Resolver. Despite her work at a technology company, or maybe because of it, she has a very humble idea about the power of tech. As she explains in this podcast people tend to enter the technology buying process thinking that software can solve all their problems. The reality is software doesn’t mean that automatically people will be behind compliance or that having a piece of software can make you compliant. You still need executive endorsement, leaders demonstrating that compliance matters and a compliance mindset in the organization. She also cautions that just because there is a software solution in place doesn’t mean that there aren’t gaps in your program. So what can good software do? It will help you, for example, track your regulatory requirements and provide a flow of usable information to you. And when it comes to regulations, it shouldn’t be a data dump, but instead extract the regulatory changes so you know what is happening and when changes go into effect. Technology also can help you with the time-consuming task of creating reports by consolidating the information and generating data for you. Other advice she provides: * Calibrate the software to your organization * Engage with other stakeholders * Be sure to pick technology that can grow with you and scale up * Look to use technology in areas that are repetitive * If pursuing AI, have a clear sense of what the objective is, and if it will bring in additional insights Listen in to learn more about the limits and opportunities in compliance tech.

Post By: Adam Turteltaub Daniel Garen, Chief Ethics and Compliance Officer at Vivint, divides compliance officers into two types. One is more comfortable running established, stable programs. The other is more comfortable diving in to a crisis. A quick look at his LinkedIn profile and you can see he squarely sits in the latter camp, with a career being brought in to one company in the grips of a major compliance crisis and then another. In this podcast he shares what he has learned from working inside organizations facing the fallout of a major compliance incident. So how do you decide whether a similar path is right for you? Or how do you decide if the person you are about to hire in the midst of a major enforcement action is right for the role? Look for someone with a sense of both urgency and calm. You need (or need to be) someone who can work quickly without getting flustered. When entering an organization in the midst of a major issue he advises immediately taking inventory of where things are, paying attention to two key buckets. Culture is one. The other is governance and structure. Ask: did the issue come up because of cultural issues or because people were trying to do the right thing but didn’t have the right structure in place? Or, was it a combination of both? The answer will dictate how you proceed. And, if the answer is culture or both, start with culture. That’s the toughest challenge. To help the organization start digging out he argues it is important to have the support from top to bottom.  With so much pressure coming from the outside – regulators, enforcement, the press, shareholders – having alignment inside is critical. To get it both talk and listen. Communication will be key, as will be taking the time to hear and learn what the underlying problem is. To get everyone moving forward, and to help enforcement see that you are making progress, he recommends data visualization tools. Even something as simple as a Gantt Chart can show what the process is that needs to be followed, and how far you are along in it. As you work through the issues, pursue built-in rather than bolt on programs. It increases ownership and speed. It also has two other benefits. First, it helps the regulator see what you are doing and build confidence that the company gets it. Second, it helps the business team gain ownership of the issue and start seeing some benefits from the new processes that have been put into place. The changes become less about compliance mandates and more about process improvements. And isn’t that really compliance at its best? Listen in to learn more about how to embrace and survive a major compliance crisis.

Post By: Adam Turteltaub Most offices have art all around, generally of the not-so-special, bland, pre-printed poster kind. But many offices will have a few nicer pieces, whether it’s an oil painting, sculpture, mixed media work or perhaps some beautiful antiques to add a nice touch or spruce up the executive offices. When you look at them, chances are you aren’t thinking of compliance risks, but in some cases you should. In this podcast Katie Steiner, attorney at the law firm Hahn Loeser & Parks, explains that acquiring art can be problematic if handled the wrong way. No organization wants to find out that the art on its walls was stolen, made from an endangered species or is a looted relic. Yet, it does happen. To mitigate this risk she stresses that it is important to do your due diligence on the art. Take the time to make sure that someone is checking the provenance of the piece. An ownership history can provide reassurance that an ownership dispute is not likely to occur in the future, and that the piece is authentic and not a forgery. Also, be mindful of the age of the piece. Generally speaking, newer art has less questions of provenance than older pieces Ancient works of art, particular those made by traditional societies, often with religious meaning, may be subject to import restrictions in the United States. The 1970 UNESCO Convention on the Means of Prohibiting and Preventing the Illicit Import, Export and Transfer of Ownership of Cultural Property was adopted by the US. It limits import of objects from countries such as Cambodia and Syria. The State Department website lists several bilateral agreements that are in force. Finally, be mindful of materials from endangered species, such as ivory and tortoise shell. These may be crafted into individual pieces or incorporated into antiques. Either way, it’s important to avoid violating any of the rules. The bottom line is that corporate art doesn’t have to be limited to mass-produced posters. But, if your organization is investing in art, make sure that they are investing in a compliant manner.

Post By: Adam Turteltaub Every three years the United Kingdom’s Institute of Business Ethics (IBE) releases its Ethics at Work survey, an international assessment of ethics in the workplace. Much has changed since when the 2018 survey came out, and to learn more we sat down with Dr. Ian Peters MBE, Director of the IBE. In this podcast he reports that while there are some dark clouds, overall the picture is much brighter than it was in 2018. Just 11% of survey respondents reporting feeling pressure to compromise ethical standards (down from 15%), and only 18% were aware of ethical misconduct. Why the change for the better? He believes it is due to the efforts of compliance and ethics programs, which have grown more comprehensive. In addition, organizations have shifted their focus away from solely measuring success in terms of shareholder value to taking a broader stakeholder view. When it comes to employee reporting of issues, the data showed something of a mixed bag. Fifty percent reported that they had raised concerns with management or an appropriate party. Sixty seven percent were fairly or very satisfied with the response. But, 43% reported retaliation of some sort as a result. Clearly there is still room for improvement on this critical measure. The survey also asked if employees perceived their line managers as setting a good example of ethical business behavior, and 71% said yes, an increase from 64% just three years ago. However, 32% thought that managers reward employees who get good results, even if they had bent the rules in doing so. What impact has the pandemic had on the ethical climate? Their survey found that 37% reported ethical standards in the organization had improved, compared to just 8% who said that they had worsened. Listen in to learn more about the survey, including anxieties about the future.

Post By: Adam Turteltaub Perhaps the most intriguing title for a session at the 2021 SCCE Compliance & Ethics Institute was “Re-Thinking Employee ‘Engagement’: What’s on Your Compliance Program’s Dating Profile.” Not often you see references to dating the compliance department. To learn more about the session and the ideas behind it we sat down with the speakers:  Asha Palmer, Chief Ethics and Compliance Officer, Convercent; Scheretta Wilson, Director, Ethics and Compliance, Endo1Partners; and Ronnie Kann, Head of Global Ethics & Compliance, Energizer. While the title is a bit fun and out there, the lessons are very practical and close to home. The central idea is that people are watching and listening to see what compliance does and how it acts. That means compliance teams need to focus on being approachable, engaging with their audience and, frankly, trying to be likable. Or, as they put it, and to borrow from the dating apps, you want them to swipe right, not left. So what does that mean in practice? For one, being a good listener. Just as someone who talks all the time is a bad date, while a good listener is usually a much better one, compliance needs to be a place where others feel comfortable speaking, raising concerns, and asking questions. Compliance also needs to adjust to who is on the other side of the table. For leadership the keys they see are securing buy in early, keeping it simple, and using their own language, such as demonstrating financial ramifications. For the rank-and-file workforce, success comes from helping them understand risk and what to look out for. It also means being approachable and present. And, when it comes to middle management, a group that is often overwhelmed with demands from above and below, be collaborative. Ask them how things are going both personally and for the business. Find out what’s keeping them up at night. Talk about data, metrics, business impact and financial outcomes. It’s the love language of business. Listen in to learn more, and then spend some time considering your own team’s dating profile.

Post By: Adam Turteltaub In this podcast Rob DeConti, Assistant Inspector General for Legal Affairs within the office of counsel to the Inspector General at HHS, was good enough to share a tremendous amount of insight into what the OIG is seeing, thinking and doing. As he explains, the public health emergency has had an enormous impact on the OIG, just like everyone else. It led to an opportunity to reassess, and also to handle things differently so as not to get in the way of the provision of care. Many corporate integrity agreements, for example, were paused, and discretion was used in investigations to reduce the impact on patients. In addition, the office affirmatively took several steps, such as the November 2020 special fraud alert on speaker programs. They flagged several factors that seemed suspect, such as little or no substantive information presented, alcohol being served, lavish meals, an event held at a restaurant or sports venue, or other venues not conducive to learning. Telehealth has also been an area of keen attention. As he notes, it has played a vital role during the current crisis and offers great promise. At the same time, though, fraudsters have stepped in with a number of schemes, including stealing patient information and billing for care that never was delivered. Rob also provides insight into some of the issues facing nursing homes, charities set up by pharmaceutical companies that were not as independent as claimed, and the persistent problem of kickbacks. Finally, and perhaps most importantly, he and the OIG’s office have reached out to the compliance community for feedback. As a part of their modernization efforts they are asking for the community’s comments on the efforts to improve the publicly available resource that the OIG provides. They are eager to hear from the compliance community about the best vehicles for delivering information, and the content and guidance that would be most meaningful. He strongly urges the compliance community to submit their thoughts. Listen in, learn what he has to say, and then feel free to share your thoughts with the OIG’s office.

Post By: Adam Turteltaub Dr. Jennifer Williams, Director of Market Development & Education, Credentialing for GHX’s Vendormate reports in this podcast that the pandemic has had a broad and bold impact on credentialing, much of it overdo. In the past not everyone walking around a healthcare facility was adequately checked to determine if he or she belonged. If your organization hasn’t done so already, she recommends tightening up procedures and examining the credentials of everyone who enters, even your own staff. To make sure there aren’t gaps she recommends the development of scorecards, which can help define, measure, analyze and improve controls. They also can increase visibility and accountability. And, as always, the activities of leaderships are important for success. Listen in to learn more about how to improve the effectiveness of credentialing in your healthcare setting.

Post By: Adam Turteltaub Bankruptcy doesn’t come up a lot at compliance conferences, but it did at the SCCE 2021 Compliance & Ethics Institute. Kasey Ingram, General Counsel & Chief Compliance Officer at ISK Americas and Rocco Debitetto, Partner at Hahn Loesser addressed the topic, which is one worth considering. There’s no guarantee that any company won’t end up in Chapter 11 or won’t acquire another company going through it. As they explain in this podcast, while the importance of compliance doesn’t change during a bankruptcy, the environment in which it operates transforms dramatically. Chapter 11 is designed to help the company breathe, reorganize, redeploy its assets and hopefully continue to operate. But while for rank and file employees it is likely business as usual (with a good amount of stress added) for management it’s a frantic time. More, who and where compliance reports may be very different. The debtor in possessions appoints officers and managers to run the company, and these individuals may be different than the people the compliance team had reported to. They also are focused on, as quickly as possible, saving the company and getting it back on its feet.  Compliance is not a priority. As a result, it’s important for compliance to do two things quickly. First, make sure the new management knows who the compliance team is and what it does. Second, let them know that you are not there to get in the way but to help avoid potential problems that will add greater complexity to the reorganization efforts. On a tactical level there’s a need to ensure that leadership, when reviewing contracts, knows which ones are essential to running the compliance programs. Canceling the helpline contract, for example, may save money but should not be on the table. Compliance also needs to be on the lookout for empty chairs. Chapter 11 is typically a time when there is substantial turnover. Keep a vigilant eye out for departures by people who have compliance responsibilities, and be prepared to backfill the positions. What happens if your company is healthy and acquiring a company out of Chapter 11? Expect insufficient time to do the standard due diligence. The good news is that the US Department of Justice generally understands that post-acquisition due diligence may be necessary, but don’t wait too long to do it. Then if you find issues, be sure they are addressed promptly. In sum, even if bankruptcy seems far away, it’s worth taking the time to listen to this podcast. Even seemingly healthy companies can take a sudden downturn, or acquire another entity that is in Chapter 11.

Post By: Adam Turteltaub False Claims Act cases often begin with a whistleblower, and worse, one who had reported the issue to management and nothing was done about it, at least not that the whistleblower knew. David Schumacher (LinkedIn), a partner at the law firm Hooper, Lundy & Bookman and author of the Chapter “Government Investigations” in the new HCCA book False Claims in Healthcare is not surprised. As he explains in this podcast, compliance teams are often completely overwhelmed, making it difficult to determine what call is routine and what possibly raises a real and substantial issue. Another complicating factor:  many calls get triaged and sent to teams outside of compliance. These teams may not follow up adequately, or at all. To reduce these risks he recommends remembering that whistleblowers very much want to be heard. As a result, it’s important to respond, document responses to them and ensure that the issues that they raised are followed up on. Once the investigation begins it’s important, he points out, that compliance stay deeply involved, even if legal is running point. The compliance team can assist the investigation, likely has a strong grip on the facts and will play a driving role in any subsequent remedial actions. Once the government gets involved it’s important to realize the potential for disruption, and even paralysis, within then organization. As a result, an aura of calm needs to be projected. Also essential: gathering the documentation and data to demonstrate to the government the effectiveness of the compliance program. That includes information such as the size of the compliance program, its scope of responsibilities, how many audits have been completed, what is on the workplan for next year, how many complaints have been fielded in the last several months (or years), and the number of educational events conducts, just to name a few. And don’t wait to pull these documents together only once an investigation starts.  Documenting as you go is much more advisable. Listen in to learn more about how to manage False Claims Act investigations, including what the current focus of the government is.

Post By: Adam Turteltaub Healthcare risk doesn’t stop at the facility’s door. Covered entities have countless business associates (BA), each of which poses risks of its own. That, in and of itself, is a challenge, but Gerry Blass, President and CEO of ComplyAssistant observes in this podcast that many covered entities aren’t even sure of their complete list of vendors, let alone the risks that can reside in them. To get a handle on this situation he recommends creating an inventory of your BAs and then dividing them into high, medium and low inherent risk. That involves looking at what each vendor does and the relative risks involved on a granular level. For example, an electronic medical record (EMR) vendor with a cloud-based solution is going to be inherently high risk. A vendor that transfers but does not store data may be just a medium-level risk. With reports indicating that approximately 60% of breaches occurred at the vendor level in 2021, getting a handle on this risk is critical. Of course, preliminary scoring of the risk level is only the first step. From there the organization needs to get more detailed information to ensure that there are adequate mitigation measures. He recommends putting together a detailed list of questions both to ask during the onboarding process and later as a part of ongoing auditing and monitoring of the BA. Checking in periodically is essential because situations do change. The work being done by the vendor may have evolved, and so may the vendor’s internal risk management efforts. He also advises looking at the BA’s own business associates. A given vendor may rely on 10 others.  As a result, it’s important to understand how the risk of the BA’s own BA’s are being managed. Finally, he also addresses the need to reassess risk as organizations return to the workplace, including how remote access is handled. Listened in to learn more about how to improve your healthcare vendor risk management processes.

Post By: Adam Turteltaub Kerry Klewer (LinkedIn) is Director, Global Compliance Program for Tala, a Fintech firm providing financial services to the underserved in Kenya, the Philippines, Mexico, and india. These individuals, she explained, don’t have access to traditional credit sources, typically because they lack a credit score. With Tala, individuals can apply for credit through an Android app. The company also offers card and account products. In addition, the company has recently partnered with Visa to offer crypto services to its customers. The compliance challenges for Tala are substantial, she explains, with key risk areas such as consumer protection, tax, privacy and anti-corruption. Adding to the complexity: with many bad actors in this market, the number of laws have increased, and so, too has scrutiny. The company has responded by launching a global compliance program. It conducted its first global risk assessment, and each country has its own risk assessment, as well. The common themes that emerged included data privacy and working with third parties in emerging markets. Another challenging area is artificial intelligence. It raises a host of issues about how to handle data ethically and the need for a data ethics policy. To mitigate that risk, the data science team regularly checks for algorithm biases. The company also recently launched a data governance committee to define what data is being collected, why and if it is accurate. It’s not just data that is a risk, of course. People issues are also a factor and require the team to train and provide the proper tools for the workforce to do the right thing. These include ethics workshops to help individuals understand what can make or break a compliance culture, especially in a purpose-driven company. That’s a challenge when the corporate culture is spread among so many global cultures. Listen in to learn more about Tala, and perhaps find lessons that can help improve your own compliance program.

Post By: Adam Turteltaub As diversity, equity and inclusion efforts proliferate, Stephen Paskoff, President and CEO of ELI, warns in this podcast that organizations need to be mindful of existing equal employment laws. Allowing for differential treatment, no matter how well intended, can lead to claims of discrimination. The intentions of DE&I programs are not, in and of themselves an issue, he explains. The issue arises from how these initiatives are pursued. Some employers have permitted conduct that can be seen as disparate treatment, even bordering on fostering a form of systemic discrimination. He notes that it can be highly problematic if systems of advancement give an advantage to one group without sufficient grounding in legal principles. He recommends keeping the law clearly in mind since it is both supportive of DE&I initiatives and can help avoid problems. He also advises looking to the organization’s value. Respect, inclusion and fairness are typically included and provide an opportunity to put the DE&I initiative in context, including that these values helps build a stronger, more successful enterprise. He also argues passionately for an emphasis on civility. Setting standards of what one can can’t say, and how people act, is essential not just in this area but in others as well. It promotes proper communication, including helping people raise issues and speak up freely.  That, in turn, can help diffuse issues and enable the organization to deal with problems before they grow too large. Civility, according to Stephen, also provides a platform of consistency that everyone can sign onto as citizens of their organizations. Listen in to learn more about civility and how to ensure that your DE&I initiative doesn’t run afoul of labor laws.

Post By: Adam Turteltaub Kim Brandt, partner at Tarplin, Downs & Young has long provided the healthcare community with her expertise in all things Washington, having spent substantial time at CMS, the OIG at HHS and on Capitol Hill. She’ll be leading a general session at the Health Care Compliance Association Healthcare Enforcement Compliance Conference, which takes place November 8-10. In this podcast she provides a preview f her talk with insights into all that’s coming and likely to happen both from the Biden Administration and Congress. Starting with CMS, which is in its regulatory cycle once again, expect big changes in physician fee payments. There is a 3.75% reduction across the board in the offing, with the goal of giving a bump up to primary care physicians. That means, she explains, reduction in payments to specialty care providers by as much as 8-10%. This will be on top of a delayed 2% sequester. Telehealth, which became a standard part of care during the pandemic, will also see changes with proposals to make permanent rules permitting it for mental and behavior health, including audio-only treatment. Video will not be required. Up on Capitol Hill she reports that Congress is considering expanding Medicare Part B to include hearing, dental, and vision. These had never been covered by Medicare before and come with a large $300 billion price tag over 10 years. Also under consideration is increased support for home and community-based services, along with increased funding for them. Another area of focus is likely to be the Medicaid gap. Thirteen states have not implemented a Medicaid expansion.  Under consideration are measures which would allow local governments in those states to contract with CMS to expand Medicaid. Finally, she discusses the personnel changes at CMS and the OIG at HHS. The new administration has brought changes in people, but they are not exactly new, having served in the government before. Listen in to learn more about what’s going on in healthcare in Washington, DC. Then be sure to be a part of the 2021 Healthcare Enforcement Compliance Conference.