Compliance Perspectives

By Adam Turteltaub The words “works council” inspires fear and dread in the hearts and minds of many who have never worked with them. They need not, says Lisanne Winde, attorney at law at Wybenga advocaten and Alain Lambert, regional ethics and compliance officer for Central Europe at WSP. In this podcast, they share how the works council can actually help compliance teams. These entities are not unions but are specific to the company. They can be helpful for facilitating communication with employees and giving greater legitimacy to company policies. In practice they collaborate with management and can be more helpful than those unfamiliar with them may think. However, there are times when working with the works council is not just a nice to have but a requirement. Issues relating to whistleblowing and disciplinary policies are two examples. And there may be others, as well.  The laws vary by country. To make the most out of the relationship they recommend taking time to listen to what the works council says. Make sure they understand your role and the independence it has from management, and invite their participation early. It’s better to find out what issues are and benefit from their expertise early rather than too late. Listen in to learn more, then, take a deep breadth and relax next time you hear the words “works council.” Listen now Sponsored by Ethena - automated compliance training, an employee hotline, and case management, all in one tool.

By Adam Turteltaub An audit by a Unified Program Integrity Contractor auditor, better known as a UPIC audit, can be a very scary thing. Providers are often shocked and even indignant to receive a letter notifying them of the audit and alleging fraud. Jon Rawlson (LinkedIn), President & Founder of Armory Hill Advocates, reminds us that the audit was likely not triggered by an allegation but by an algorithm catching outlier events such as a provider processing claims outside of their normal daily work, utilizing a DME, a skin substitute or some other expensive item that is outside the norm. Once you have calmed down after reviewing the letter, he advises acting immediately but calmly. Begin reviewing the documents you have been providing the Medicare program and bring in whatever help you need. And, don’t forget you have a five step appeal process that enables you to prove  your innocence. But, be mindful of the timeline the government gives. The consequences can be grave if you miss a deadline. Listen in to learn more, and if you’re a member of SCCE or HCCA, be sure to read his article on the subject in Compliance Today magazine. Listen now Sponsored by Ethena - automated compliance training, an employee hotline, and case management, all in one tool.

By Adam Turteltaub As the sun set, the chief compliance officer stared out the window, wondering how she would communicate with her workforce in a way that they would understand. As much as she looked, the answer wasn’t outside in the skies turning from blue to black. She wasn’t finding it under the white LEDs in the ceiling above her desk, either. Feeling a bit desperate, and a little bit bored, she decided to walk the halls to see if perhaps the answers were there. She got all of ten feet before a colleague stopped her,  eyes open wide and voice a little breathless, to tell her about an incident discovered and resolved. As she listened to him speak, she realized the answer was right there in front of her in the power of storytelling. Janine Fadul, Compliance and Privacy officer at GW Medicine, learned long ago to focus on the story she was trying to tell people, not just the facts. By following the elements of storytelling, she explains, you can grab people’s interest, keep it, and help them understand what you are trying to communicate. That doesn’t just apply to training. It can also be useful for communicating with leadership. Listen in to learn more about the elements of good storytelling. Then, apply them, and your compliance program may live happily ever after. Listen now Sponsored by Ethena - automated compliance training, an employee hotline, and case management, all in one tool.

By Adam Turteltaub In addition to releasing its General Compliance Program Guidance, the OIG at HHS announced plans to publish a series of Industry Segment-Specific Compliance Program Guidances (ICPG). The first of these, addressing nursing facilities, was released in November 2024. As CJ Wolf, Professor in healthcare Administration at BYU Idaho explains in this podcast, the first ICPG is instructive both for skilled nursing facilities (SNFs) and those looking to anticipate what will be coming in future ICPGs. Currently, three more are expected to be published in 2025: Medicare Advantage, hospital and clinical laboratories. Two additional ICPGs – pharmaceutical manufacturers and hospice – are also planned, but with a publication date as yet to be determined. There are several notable elements to the SNF ICPG. First, it interlinks compliance, quality of care and quality of life for patients. Second, there is an entire supplement focused on reimbursement, raising the scrutiny level of billing compliance. It addresses the prospective payment system, value-based payment models, Medicare Part D, Medicare Advantage, and Medicaid managed care, amongst other issues. When it comes to Anti-Kickback, the ICPG provides specific examples that are close to home for skilled nursing facilities. These hot points include free or below fair market value goods and services, discounts, arrangements for services and supplies, pharmacist relationships, care coordination, value-based care arrangements and join ventures. It is expected that future ICPGs will also have a focus on the Anti-Kickback statute. CJ also anticipates future guidances to continue to focus on greater accuracy and quality of care. Listen in, whether you are working at a SNF or looking to learn what likely comes next with ICPGs. Listen now Sponsored by Ethena - automated compliance training, an employee hotline, and case management, all in one tool.

By Adam Turteltaub Sevda Huseynova is the Ethics and Compliance Officer for SOCAR Midstream, a state-owned enterprise (SOE) in Azerbaijan. The company manages the oil and gas export pipelines of the country. If you think working for an SOE means you don’t have to worry about compliance, she warns you to think again. SOEs still faces risk in a wide range of areas including anticorruption, sanctions, third parties and more. Investors want to ensure that the company operates up to global standards, which isn’t always easy since compliance is relatively new in Azerbaijan. SOCAR midstream is up to the task, though, she reports. The company seeks to comply with local laws as well as international standards such as those of the OECD and the UN Convention on Corruption. To meet its goals, the compliance program is based on the seven elements approach found in most compliance programs and has three tiers addressing prevention, detection and corrective actions. She advises others working in SOEs to embrace five key strategies: Gain leadership buy-in and the corresponding tone at the top Customize the program to the SOE context Build a strong compliance infrastructure with adequate support Strengthen third party management Monitor, measure and improve on a continuous basis Listen in to learn more about the challenges and opportunities of compliance programs in an SOE. Listen now Sponsored by Ethena - automated compliance training, an employee hotline, and case management, all in one tool.

By Adam Turteltaub KISS takes on a new meaning in this podcast: Keep it Streamlined & Strategic. Keeping it streamlined and strategic is also the topic of a session at the 2025 HCCA Compliance Institute that will be led by Krista Muszak, Senior Manager, Process Optimization at Pfizer and Angela Smart, Senior Compliance and Ethics Partner, Intermountain Healthcare. Specifically. they’ll be applying this new take on KISS to the topic of program effectiveness. So how does it work? How do we keep our programs streamlined and strategic?  First, we avoid scope creep and remain focused. That, they explain, begins with having and continuously referring back to a program charter that keeps you and everyone else involved from pursuing all the tangential issues that could derail your efforts. Second, they advise following the PDCA formula: Plan, Do, Check and Act. Third is conducting a root cause analysis that helps you understand not what happened but why. It will keep  you thinking strategically and not just about the particular incident that called for the analysis to be done. Want to learn more about KISS? Listen to this podcast and then join them in Las Vegas for the 2025 HCCA Compliance Institute. Listen now Sponsored by Bluesight, providing industry-leading privacy monitoring with fast, reliable patient data violation detection.

By Adam Turteltaub Business people are given all kinds of goals for revenues, profitability, efficiency and more. For compliance, though, not so often. Many organizations struggle with how to set compliance goals, or even if they should set them. Madrid-based, Juan Ignacio Paillás, Head of Global Compliance Business Sectors for Merck KGaA, Darmstadt, Germany, explains how it should be done. First, he advises, understand the context in which you are working, particularly about how your organizations manages objectives. For example, some organizations embrace very rigid goals, while others take a more flexible approach. When approaching management and the business unit about setting objectives, he cautions that you should expect pushback. To counter it, remind them this is about taking the company’s values and turning them into concrete, measurable behaviors. It is also an exercise in setting priorities within compliance efforts to have the greatest impact on the organization and its performance. As you go to set the goals, determine which levels of the organization you will cover and what is important for each of them. Start with leadership and then enlist them in the efforts Also, he advises being open to business people setting their own goals. Listen in to the interesting goal one person set, and what impact it had. Listen now Sponsored by Bluesight, providing industry-leading privacy monitoring with fast, reliable patient data violation detection.

By Adam Turteltaub Healthcare is often rife with fraud, and organizations struggle to prevent it. To gain a different perspective on how to prevent wrongdoing, we spoke with Alec Burlakoff, a convicted fraudster from Insys Pharmaceuticals who now leads Limitless! Consulting. To prevent fraud, he recommends seriously looking at the incentives program in your organization, especially if there are individuals whose commissions may make up  more than half of their compensation. Such high rates of reward, he warns, provide serious temptation to skirt, or outright disregard, the rules. Look also at the messages that lucrative incentive programs send to others in the organization. Individuals who are inclined to do the right thing may find themselves envying those they see breaking the rules and getting rewarded. It can cause them to emulate the bad behavior that they see. Better, he advises, is to seek ways to reward people who do things the right way and build sales for the long term. When it comes to discipline, he takes a very hard line. Many companies, he finds, have zero tolerance policies, but they may not apply them. That, he believes, has to stop. The only way to get the attention of the workforce is to swiftly punish, including terminating, employees who break the rules. Finally, he advises compliance teams to understand the thinking of businesspeople. Know what motivates them, understand their thinking, and get inside their heads. Only then will you be able to effectively reach them. Listen now Sponsored by Bluesight, providing industry-leading privacy monitoring with fast, reliable patient data violation detection.

By Adam Turteltaub Are your helpline calls being responded to properly? Are the investigations proceeding expeditiously and properly? To find out, it’s good to do an audit periodically. Before you can begin, though, you need to determine if there is enough available data for an audit, cautions Juliette Gust, President of Ethics Suite, and author of the chapter “Auditing the Confidential Reporting Hotline and Case Management Program Effectives” in the new edition of The Complete Compliance and Ethics Manual. Many compliance programs still do not have formal processes in place, and for them, it’s best to start with a gap analysis. If you do have data, look at how you are tracking both the allegations and the work being doing as a result. How quickly are allegations being reviewed? Is someone letting the reporter know that their allegation has been received and is being acted on? How are you safeguarding the data, including being sensitive to the potential need for attorney-client privilege? Spend time, too, on auditing what is being done to encourage whistleblowing. What is the tone at the top? Are managers doing their compliance training and how quickly? How often does the compliance and ethics committee meet? Does it have a charter? Do the meetings have an agenda, and are they being followed? Another area for potential audit is the investigator. Are your investigators properly trained?  Is there enough staff to do the investigation? Is the investigation appropriately scoped? Curious to learn more about how to audit your helpline and responses to allegations? Listen in now and check out The Complete Compliance and Ethics Manual. Listen now Sponsored by Bluesight, providing industry-leading privacy monitoring with fast, reliable patient data violation detection.

By Adam Turteltaub Think you don’t have to worry about the SEC because you’re at a private company or a non-profit? Think again says, Kevin Muhlendorf, attorney at Wiley Rein. You may still end up in the Commission’s crosshairs. He warns that the SEC’s power of investigations expands far and wide, and just being a supplier to a publicly-traded company may lead them to focus on your business. If a private company is acquired by a public one or makes even a non-public offering, there is risk of fraud and SEC action. Lie to an accounting firm and the SEC may become involved. And don’t forget about the risk of parallel investigations involving multiple enforcement authorities. Another risk area is shadow trading. Let’s say your hospital is a part of a clinical trial, and an employee sees it is going well. If that employee decides to short the stock of the drug’s competitor, that could be an issue that falls under the SEC. So what should you do? Keep an eye out for these risks and pay attention to recent enforcement activity and dispositions. Oh, and listen to this podcast. Listen now Sponsored by Bluesight, providing industry-leading privacy monitoring with fast, reliable patient data violation detection.