Corporate and Business Legal Forms
Appointment of a Compliance Office is a critical element in compliance program effectiveness. Failing to appoint a compliance officer is almost an automatic indication that a compliance program is not effective. Below is an example of a compliance officer appointment resolution.
The Board of Directors of _____________ (the “Provider”) as constituted on _____________, 2016, hereby take the following actions and resolutions at a meeting of the Board of Directors that was duly noticed, called, and at which a quorum was present to conduct business and which was held on the _____________ 2016.
The Board of Directors of the Corporation hereby take the following actions and resolutions regarding the establishment of a compliance program (hereinafter “Compliance Program”) and appointment of a compliance officer for the Corporation:
WHEREAS, it is the policy of the Provider to appoint senior-level personnel to oversee and implement the Compliance Program for the Provider. The Compliance Program is a critical program for the continued well-being and viability of our organization that contributes significantly to maintaining the trusted relations we strive for with those we serve.
WHEREAS, successful integration of the compliance principles and standards into the daily activities of every position within the organization requires sustained efforts and vocal senior management support. Appointment of appropriate high-level staff underscores the importance assigned to this effort by senior management staff.
WHEREAS, the Provider wishes to ensure that the Provider Board of Directors adopts a corporate responsibility policy that underscores the need for governance oversight of the implementation and effectiveness of the Compliance Program and senior-level management responsibility for implementation and management of compliance efforts.
NOW THEREFORE, BE IT RESOLVED, that the Provider shall appoint a high-level member of the administrative staff to administer the Compliance Program and provide the support, staff, and resources required to implement and maintain an effective Compliance Program. The Compliance Officer may report administratively to the President of the Provider and shall have direct access to the Board of Directors for matters related to the implementation and effectiveness of the Compliance Program.
RESOLVED, that the Provider hereby appoints __________________ as Compliance Officer to serve until removed or replaced by the Board of Directors.
RESOLVED, that the Board of Directors has received from ______________ a summary of the recommendations of legal counsel regarding certain gaps that exist in the Provider’s Compliance Program and the Board of Directors wishes to direct the Compliance Officer to work in conjunction with legal counsel to develop a specific work plan to correct policy gaps that currently exist in the Compliance Program (“Work Plan”) and the Compliance Officer shall present the Work Plan to the Board of Directors for further consideration.
RESOLVED, the Compliance Officer shall work with legal counsel to further refine the structure of the Compliance Program to leverage existing Provider resources to the greatest extent possible and develop the policies necessary to implement the Compliance Structure for consideration and approval by the Board of Directors.
RESOLVED, that the Compliance Officer shall include a report on the progress being made with respect to the Work Plan at each meeting of the Board of Directors until such time as the Board of Directors is satisfied that the basic elements of an effective Compliance Program are in place.
Setting Up Your Internal Reporting Mechanism
One of the primary elements in a Compliance Program is the creation of a system that permits employees and others to provide information regarding potential compliance issues without fear of retaliation. In larger organizations, multiple pathways permitting employees to make anonymous complaints should be maintained. Oftentimes providers use 24 hour compliance “hotlines.” Online reporting systems or “drop boxes” are also commonly used. Whatever system is used, it is crucial that employee understand that they are encouraged to provide information and that there is a clear prohibition against others in the organization retaliating against them for providing information. It should also be made clear to employees that wherever possible the identity of the person providing the information will be kept confidential.
Establish Compliance Reporting Process
The establishment of the compliance reporting process and communication to employees that retaliation will not be tolerated is a central element to an effective compliance program. Such a system will help the practice obtain valuable information, hopefully early on, before the issue becomes a big problem. Additionally, the openness of the program will send a strong signal to the outside world, such as government regulators, that the organization takes compliance seriously.
If information is obtained through the hotline system it must be taken seriously. Certainly not every piece of information will be reflective of a serious compliance problem, and an employee could potentially have other motives for making a compliant. Regardless, it is crucial that the information be acted upon and that the action be documented. If the compliance officer concludes that there were alternative motivations for the complaint, that fact should be substantiated and documented. If an objective investigation indicates that there could be a compliance issue, the matter needs to be pursued through an appropriate outcome. Depending on the circumstances and the result of a thorough investigation, the outcome could range anywhere from additional training through a self disclosure to the government.
Due Diligence of Compliance Issues in Acquisitions
Successor liability issues are a central factor to consider when assessing the scope of compliance due diligence. The acquiring organization must assess the degree to which it will assume liability for the past obligations of the target company. If there is no risk that past obligations for compliance issues will be assumed, compliance efforts can at least conceptually be focused on integrative activities rather than assessive activities. In effect, if there is no risk of successor liabilities, the acquiring organization can focus on the future, at least when it comes to compliance issues. Of course there is never a perfect world and likewise, there is never a perfectly “clean” deal when it comes to successor liability. This is particularly true in the health care industry, which has some counteractive rules regarding successor liability.
Normally, if an asset acquisition takes place, the acquiring entity will only assume the liabilities that it expressly assumes or which attach to the assets that it is acquiring. Normally, the closing process will result in satisfaction of liabilities that might attach to the acquired assets. Past Medicare liabilities can be an exception to this general rule. Under Medicare rules, even if the transaction is structured as an asset purchase, all of the past provider’s Medicare liabilities will be passed forward to the acquiring provider. This is because the Medicare change of ownership rules (sometimes referred to as CHOW rules) provide for the automatic assignment of the past provider’s Medicare provider agreement. By virtue of the automatic assignment of the provider agreement, the acquiring party is deemed to assume virtually all past Medicare obligations of the target company.
Federal courts have consistently upheld these rules and have held the acquiring organization liable for past obligations. Federal cases have specifically held acquiring parties for overpayments that were previously paid to the seller and civil penalties arising out of the actions of the seller that occurred before the acquisition.
The outside parameters of successor liability are yet to be tested in the context of recently expanded health care fraud and abuse laws. Medicare regulations specifically state that the acquiring party does not assume past obligations based on personal fraud. However, questions still remain whether corporate fraud can be assumed under successor liability theories. Issues regarding the extent to which liability based on “knowledge-based” statutes, such as the False Claims Act, can be passed on to the acquirer. Our initial reaction may be that it is not possible to assume responsibility for a knowledge-based violation. But what about violations that are invoked based on the “reckless disregard” for the truth? Is it possible that failure to perform reasonable due diligence could be construed as “reckless disregard?”
Medicare rules permit the acquiring organization to specifically reject the provider agreement of the previous entity. However, there are very specific, time sensitive requirements for effectively rejecting past obligations. Additionally, rejection will require the acquiring party to obtain independent certification and enter into a new provider agreement. This process will inevitably result in interruption of revenues to the acquiring party. This will in turn affect purchase price and other business factors.
Skilled Nursing Facility and Nursing Home Annual Work Plan
The OIG’s 2017 Annual Work Plan identified a few new areas of focus relating to nursing homes and skilled nursing facilities. Nursing home compliance officers should consider these newly identified issues when developing their annual compliance work plan.
Investigation of Serious Nursing Home Conditions
The Work Plan references a 2006 OIG report which found that state agencies failed to investigate in a timely manner some of the most serious complaints regarding nursing home conditions. The report referenced nursing home complaints involving immediate jeopardy and/or actual harm to residents. Complaints that rise to this level of severity are to be investigated by applicable state agencies within a 2 and 10 day timeframe. The Work Plan states that OIG will determine the extent to which State agencies investigate serious nuring home complaints within the required timeframes. Nursing homes can expect this to put more pressure on states that are responsible for these investigations to meet these timeframes on a more regular basis.
Unreported Incidents of Potential Abuse and Neglect
This newly identified topic relates to skilled nursing facilities. The OIG states that is plans to “assess” the incidence of abuse and neglect that occurs in skilled nursing facilities. It then plans to make a determination whether these incidents were properly reported and investigated as required under applicable Federal and state law. It appears that the OIG will be taking a sampled representation of cases to investigate. This conclusion can be garnered from reference in the Work Plan to “sampled” incident reports. The OIG plans to interview state officials to assure that incident reports that are examined under its sampling system were reported as required under law. The OIG plans to go even further and determine whether each reportable incident was investigated and subsequently prosecuted by the state.
This area could create some immediate risk exposure to facilities who are sampled as part of the OIG’s investigation. Facilities who are found to have failed to appropriately report potential abuse and neglect incidents could be subject to sanctions.
Review of SNF Use of Minimum Data Set Tool
the OIG states that it will review documentation of selected Skilled Nursing Facilities to determine whether Minimum Data Set Tool have been properly used to determine the severity of the patient’s condition. SNF reimbursment is tied to the severity of the patient’s condition through application of this tool. Periodic assessments must be performed on each patient by applicable skilled nursing facility. Improper use of the tool results in higher reimbursment than may be justified by the patient’s condition.
This issue was called out by previous OIG studies that indicated higher levels of reimbursement were being paid due to improper use of the Minimum Data Set Tool. Again, this is an area of specific concern for facilities who are lucky enough to be selected for audit by the OIG. If the facility is found to have improperly assessed patient severity, overpayment and potential penalties may be imposed. A finding on a small sample could also lead to expansion past the initially reviewed cases.
COMPLIANCE COMMITTEE CHARTER – Introduction Example
The Compliance Committee (“Committee”) is an oversight group for clinical compliance issues related to ________________ (the “System”). The Committee is advisory to both the Compliance Officer of the System and the System Compliance Officer. The Committee also assists with the Clinical Compliance Program. The term “compliance” used in this charter refers to adhering to federal, state, and local laws and regulations; System policies; coding and billing rules for third party payors that impact or relate to System services. The Committee membership represents the hospital services of the Health Care System defined below.
Introduction Only – Remainder of Body of Charter Omitted
General Priorities in the Yates Memorandum
- The Yates Memo prioritizes the manner in which Government civil and criminal law enforcement investigations are conducted.
- It begins by proclaiming that “One of the most effective ways to combat corporate misconduct is by seeking accountability from the individuals who perpetrated the wrongdoing . . .
- [accountability] it deters future illegal activity, incentives to changes in corporate behavior . . . and it promotes the public’s confidence in our justice system.”
The Yates Memo identifies six “key steps” to enable DOJ attorneys “to most effectively pursue the individuals responsible for corporate wrongs.”
- Corporations will be eligible for cooperation credit only if they provide DOJ with “all relevant facts” relating to all individuals responsible for misconduct, regardless of the level of seniority.
- Criminal and civil DOJ investigations should focus on investigating individuals “from the inception of the investigation.”
- Criminal and civil DOJ attorneys should be in “routine communication” with each other, including by criminal attorneys notifying civil counterparts “as early as permissible” when conduct giving rise to potential individual civil liability is discovered (and vice versa).
- Absent extraordinary circumstances, DOJ should not agree to a corporate resolution that provides immunity to potentially culpable individuals.
- DOJ should have a “clear plan” to resolve open investigations of individuals when the case against the corporation is resolved.
- Civil attorneys should focus on individuals as well, taking into account issues such as accountability and deterrence in addition to the ability to pay.
Yates Memorandum and Progression of DOJ Pronouncement Memos
The Yates Memo is the latest in a line of similar pronouncements that began in 1999
- “Bringing Criminal Charges Against Corporations
- Thompson Memo(2003)
- McNulty Memo(2006)
- Filip Memo(2008)
- U.S. Attorney’s Manual (“USAM”) as the Principles of Federal Prosecution of Business Organizations(USAM § 9-28.000).
- The “Principles” have been revised to incorporate the Yates Memo’s dictates on individual accountability for corporate wrongdoing.
Federal False Claims Act – Lincoln’s Law Applied to Health Care
When Congress originally passed the False Claims Act (31 USC §§ 3729-3733), no one had the health care system in mind. The False Claims Act was also commonly referred to as the “Lincoln Law”. The original law was focused on unscrupulous vendors who provided overpriced and often faulty supplies to the military during the Civil War. In modern times, the False Claims Act has been commonly applied when claims are made under Federal health care programs. The application of the law that ware originally intended to penalize war profiteers leads to draconian results when applied to the health care industry where numerous smaller claims are made by a provider every day. However, because this law has become a significant source of revenue for the Federal government, we are not likely to see any politicians running to adjust the law to make it consistent with the realities of the modern health care system.
The Lincoln Law was unique in several ways. The law created “qui tam” rights that permit individuals to bring suit alleging false claims and to retain a portion of the award. The amount of potential award available to a qui tam claimant depends on whether the government chooses to take over the case after it is brought. With Federal remedies of nearly $22,000 per claim, potential claimants have a real chance for a payday. In fact, private litigants are often even more inflexible than the Federal government when it comes to settling a potential fraud claim.
The False Claims Act was strengthened in 1986 in response to some of the much publicized $1,000 toilet seats and other abuses with respect to companies supplying the United States military. The 1986 amendments to the False Claims Act provided for treble damages plus civil penalties of between $5,000 and $11,000 per claim. These legislative changes were intended to add real incentive for “qui tam” litigants to bring fraud claims. Just a few months ago the per claim penalty under the False Claims Act was increased to a minimum of $11,000 and a maximum of nearly $22,000.
The health care industry was never the real target of the False Claims Act. In fact, when the original “Lincoln Law” was passed in the 1860’s, there was no federal health care program in existence. From the inception of the False Claims Act through the 1986 amendments, the primary target had been the suppliers to the defense industry. The defense industry generally makes claims on a monthly or other periodic basis for large amounts of supplies. Although the 1986 amendments added substantial penalties for making false claims, the impact on the defense industry does not come close to matching the impact on health care providers.
In health care, a single hospital may make hundreds of claims to the federal government per day. False claim allegations can cover a number of years, greatly increasing the number and value of claims that may be at issue. When treble damages plus $11,000 to $22,000 per claim are applied on top of the actual amount of a “fraudulent” claim, the obligation amount can become staggering.
When coupled with new regulations that impute False Claims Act liability based on the failure to repay an overpayment, the result can be really quite absurd and greatly disproportionate to the level of culpability involved. For example, a simple overpayment created by a routine billing error that is not properly identified can result in potential False Claims Act liability in the millions of dollars. Under new Federal law, failure to repay a known overpayment within 60 days creates a False Claim. However, actual knowledge is not required. Identification of the overpayment can be imputed if the provider should have discovered the overpayment.
Even though the False Claims Act was not originally designed to target the health care industry, there does not seem to be any momentum toward mitigating these extreme results. To the contrary, the government is quite content to leave these disproportionate penalties in place as part of its effort to reduce cost of health care (and to generate additional revenues) by assessing astronomical fines against health care providers and to hold these penalties over their heads to force health care providers to take extreme actions to prevent compliance problems. The government is taking a “return on investment” approach to health care fraud enforcement. The False Claims Act allows the government to put its thumb on the scale in the “return on investment” game. The qui tam provisions provide the government with “quasi agents” who may be disgruntled employees or others who can scout out potential claims, bring them to the governments attention, and take a piece of the financial reward.
Providers have only one real way to reduce the disproportionate impact of the False Claims Act on their operations. This is to create an effective compliance program that proactively detects problems so they can be addressed and corrected before they create excessive risk. Compliance programs are an outgrowth of the federal sentencing guidelines that permit reduced corporate penalties for fraud if an “effective” compliance program will actually reduce the risk of a violation occurring or depending because it forces the organization to proactively look for compliance problems and correct them before they become insurmountable. An effective compliance program will also include regular training to staff which also reduces the risk of compliance problems.
LIST OF COMPLIANCE-RELATED POLICIES AND PROCEDURES
PROCESS POLICIES AND PROCEDURES
- Compliance Program Resolutions
- Appointment Of Compliance Officer
- Compliance Plan Document – General
- Code Of Conduct
- Statement Of CEO On Compliance
- Statement Of Board Of Directors
- Compliance Committee Charter
- Uniform Compliance Definitions
- Compliance Plan Elements
- Compliance Oversight Committee Policy
- Compliance Office Staff
- Yearly Compliance Program Review
- Recommendation Of Additional Policies And Procedures
- Amendments To Compliance Policies
- Non-Retaliation And Non-Retribution Policy
- Excluded Individuals And Entities
- Compliance Reporting System
- Compliance Hotline
- Compliance Training Policy
- Compliance Reporting To The Board
- Discipline For Compliance Infractions
- Compliance As A Performance Factor
- External Compliance Investigations
- Execution Of Search Warrants
- Self-Disclosure And Self-Reporting
- Compliance Audits, Monitoring And Self-Assessment
RISK AREA POLICIES AND PROCEDURES
Tax – Nonprofit Status
- Conflict of Interest Policy
- Whistleblower Policy
- Board Review of 990 Policy
- Joint Venture Policy
- Community Need Assessments
- Physician Recruitment
- Contract Review and Execution Policy
- Contract Control System Policy
- Document Retention Policy
- Record Management Policy
- Offsite Storage of Records
- Destruction of Records
- Definition of Medical Records
Discharge and Transfer
- Discharge Planning
- Transfer to Skilled Nursing Facility
- Transfer to Hospice
- Admission and Continued Stay Review
- Readmission Policy
- Admissions Through Emergency Room
- Plans of Care
Billing and Coding
- General Billing and Coding Policy
- Requests for Coding Changes and Rebilling
- Changes to Patient Records
- New and Adjusted Billing Codes
- E&M Coding
- Specific Area Coding
- Professional Courtesy
Patient Billing and Collections
- Patient Billing and Collection Policies/Guidelines
- Billing Inquiries and Audits
- Reducing a Patient’s Bill
- Waiver of Co-Insurance and Deductibles
- Determination of Need and Hardship
- Referrals to Collections
- Advance Beneficiary Notices
- Customer Complaints
- Medical Necessity
- Professional Behavior
- Disruptive Practitioners
- Incident Reporting
- Alleged Caregiver Misconduct
- Caregiver Background Checks
- Never Events
- Physician Compensation
- Physician Contracting
- Medical Directorships
- Leases to Referral Sources
- Anti-Kickback Policies
- Stark Law Policies
- Relationship with Pharmaceutical Representatives
- Acceptance of Gifts
- Confidentiality of Information
- Interfacility Transfers
- EMTALA Triaging
- EMTALA – Financial Information
- Refusal of Delay of Medical Services
- Emergency Room Coverage
- Delineation of Roles in Emergency Department
- Emergency Room Trauma Diversion
- Make Consistent with Compliance
Medical Information, HIPAA, Etc.
- Protection of Patient Health Information
- Joint Notice of Privacy Practices
- De-Identification of Protected Health Information
- Protected Health Information Defined
- Proposal and Destruction of Protected Health Information
- Breach Reporting Policies
- Minimum Necessary Use Policy
- Permitted and Required Use of Protected Health Information
- Use and Disclosure of Protected Health Information for Treatment, Payment, Operations
- Use and Disclosure of Protected Health Information to Family and Others Involved in Care
- Authorizations for Use and Disclosure with Forms
- Uses and Disclosures Not Requiring Authorization
- Uses and Disclosures for Fundraising
- Uses and Disclosures for Marketing
- Uses and Disclosures for Research Purposes
- Recognition of Patient Personal Representatives
- Business Associates
- Verifying Identity of Persons Requesting Protected Health Information
- Patient Right to Access Protected Health Information
- Denial of Patient Access to Protected Health Information
- Patient Right to Accounting of Protected Health Information Disclosures
- Patient Right to Request Designated Record Set
- Patient Right to Request Alternative Means of Communication
- Patient Right to Request Restrictions on Use of Protected Health Information
- Protection of Information Subject to FDA Regulation
- Protection of Information Subject to AIDS Related Information
- Protection of Mental Health Treatment Records
- Psychotherapy Notes
- Government Requests, Court Orders, Warrants Covering Protected Health Information
- Provider Licensure and Credentialing
- Remote Access Policies
- Security Policies
- Telehealth Policies and Procedures
- Telecommuting Application
- Telecommuting Agreement
- Telecommuting Equipment
- Scheduling Telemedicine Services
- Emergency Room Consults
- Billing Telemedicine Service
- Checklists for Providing Telehealth Services
- Passwords, Domains, Local Servers
- Individual Password Protection
- Information Security Policies
- Information Security Incident Process
- Encryption Policies
- Physician Access and Restriction Policies
- Technology Life Cycle Review Policies
- Technology Disposal Policies
- Wireless Communication Policy
- Technology Inventory System
- Acceptable Use of Computer Equipment
- Internet Usage Policies
- Workstation Security
- Use of Portable Devices
- E-mail Usage Policies
- Blogging Policies
- Social Media Policies
- Firewall Policy
- Virus Protection Policy
- Vendor Credentialing and Access
- Software Licensing Policies
- Providing Technology to Referral Sources