Compliance Perspectives

By Adam Turteltaub Chart auditing may not be the sexiest part of healthcare compliance, but it plays an important role in discouraging Medicare fraud and catching problems early. Madhavi Perumpalath, Director-Physician Practice Compliance at Northeast Georgia Health System and Alka Kumar, Compliance Director and Privacy Officer at Resolve Pain Solutions, explain that CMS provides good guidance to healthcare providers, such as diagnosis and procedure codes that are appropriate to bill for. Take advantage of it. Embrace proactive auditing, they advise, to help identify issues and ensure the quality of the claim before it goes out the door.  It can also prevent both over and under billing. How frequently should you audit? It depends on several factors, including the size of your organization, regulatory requirements, resources available and the overall risk environment. And, remember, you can’t audit everything. Instead, they recommend developing an annual audit plan focusing on the high-risk areas, but also doing some random samples of other areas as well. This dual approach maximizes efficiency and minimizes overlooked issues. Listen in to learn more about how to conduct the audits and what to look for. Listen now

By Adam Turteltaub With value-based care growing, what role does compliance play?  To find out we spoke with Carolyn Barton, Vice President, West Regional Compliance Officer at Kaiser Permanente. She explains that at Kaiser they define value-based care as a healthcare delivery and financing model that improves health outcome and increases access to affordable care in the community through evidence-based care, a commitment to equity and simplicity and aligned incentives. Doctors and health plans, she reports, work in an integrated system focused on the patient and delivering the right care at the right time and place. To make that work their electronic health record (EHR) system is the foundation not just for collecting patient data but also for sharing protocols for treating patients. By implementing systematic, evidence-based approaches through these protocols, they help mitigate racial and ethnic inequities. The results she shares are impressive. Kaiser patients are 20% less likely to die prematurely from cancer compared with others in their community, and they are 33% less likely to have a premature death from heart disease. The compliance team plays a key role by helping, for example, physicians identify the scope of their practice risk such as ensuring that, as patients are moved to a lower level of care, there is proper staffing in place to treat them. To ensure your compliance team succeeds in the values-based care world, she recommends being agile, supporting the organization’s efforts at risk mitigation, building trust, making yourself accessible when there are questions, and thinking creatively. Listen in to learn more about how your compliance team can thrive in this environment, and also what mistakes to avoid. Listen now

By Adam Turteltaub No one would dispute that stress and compliance go hand in hand, but Scot Eibel (LinkedIn), a former chief compliance officer and currently leading Eibel Coaching and Compliance Consulting, warns that doesn’t mean it has to get out of control. There are steps we can all take to manage our stress levels. One stressor to watch for is over vigilance.  While we all need to be vigilant, assessing risk and watching out for threats, it needs to be tempered. Resist the temptation, he warns, to engage in worst case scenario thinking, which increases stress and makes it difficult to focus on any positives. Catastrophic thinking isn’t healthy for you or for the organization. Another stressor for compliance professionals can be feelings of isolation. In some ways it is inherent to the job, but that doesn’t mean it needs to be absolute. Look to others in the compliance community for connections and build cohesiveness on your compliance team. Stress is much more manageable when you have support. When it comes to those problems that seem too difficult to solve, take a breath, he recommends, and focus on what you can do. Don’t seek perfection but seek progress and remember that excellence doesn’t happen overnight. Finally, don’t be afraid to set limits.  Compliance professionals can be, as he put it, “sacrificial people” who are willing to put others and the organization first. It’s noble, but sometimes you need to to say “no” or “no” and offer some advice. Listen in to learn more about how better to manage your stress. Listen now

By Adam Turteltaub Benjamin Christenson, Trial Attorney and Special Assistant to the Director for Criminal Enforcement at the US Department of Justice Antitrust Division, joins us for this podcast in which he sheds light on the their document, Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations (ECCP). First issued in 2019, the ECCP was updated in 2024 to reflect changes in business, the law and technology, as well as what the Antitrust Division had learned over the last five years. He shares that there are three significant areas of focus in the ECCP worth particular study: AI and Emerging Technology. As companies deploy AI, it’s essential that compliance teams have visibility into what is being done, understand it and monitor antitrust issues such as using the technology to fix prices. NDAs and Whistleblowers. Like others in enforcement, the DOJ is concerned when a non-disclosure agreement may have a chilling effect on potential whistleblowers who are considering reporting an issue to the US government. In addition, whistleblowers need to know that they are protected by Federal law. Third party communication platforms. As employees increasingly move out of email and use texts or tools such as WhatsApp, organizations need to train their workers of the need to preserve the documents Overall the ECCP is very similar to the Criminal Division’s document on evaluating compliance programs, but the latest Antitrust Division ECCP is worth spending time with on its own right, especially if you have risk in this area. Listen in to learn more. Listen now

By Adam Turteltaub Want to improve your code of conduct? Don’t miss the session: Cornering the Code: A Multi-Disciplinary Approach Toward a Better Code of Ethics at the 2025 SCCE European Compliance &  Ethics Institute. In this podcast Matej Drascek, Head of Internal Audit at LON d.d. and Ursula Schmidt of Schmidt Advisory recommend starting with the right language. Research has shown, they explain, that people react more strongly to words like “we” and “our”, which can convey a stronger sense of shared responsibility  than words like “you”, “I” or “it”. Also, words like “must” or “have to” carry more weight than “may” or “should”. Of course, just using “we” and “must” won’t do it all. The code, they tell us, should have a service character that gives guidance to people and gives employees a sense of purpose. It should also be dynamic and work as a bit of a safety valve. It should provide reassurance that it protects them from making mistakes and helps them feel safer when addressing issues. For the code of conduct to be valuable in a crisis, it must have first been written clearly and avoid ambiguity. It should fit the organization’s culture, be practical, and able to be applied in a reasonable manner. Listen in to learn more. Then don’t miss their session at the 2025 SCCE European Compliance & Ethics Institute. Listen now

By Adam Turteltaub I want to write enough about this podcast to get you to listen to it, but not too much because then you might decide that reading this was enough. I’m conflicted, and conflicts of interest are the topic of this podcast with Kasturi Venkatesh, who spoke on the topic “Ethics in Action: A Fun Guide to Tackling Personal Conflicts of Interest” at the 2024 SCCE Compliance & Ethics Institute. When it comes to managing the issue, she explains, the primary goal for compliance teams is to help the workforce identify and bring forward potential conflicts. The challenge is that they often hesitate to bring these issues to management or the compliance team out of fear and a lack of understanding. Training is helpful, but it can’t demonstrate all the potential issues, nor can it always overcome the anxiety. That takes a personal touch of reassurance. In this podcast, Kasturi makes the case for a gentle hand a nuanced eye. The compliance team needs to be aware of the sensitivities of workers and also that, in some geographies, for example, with limited talent pools, there are likely to be many potential conflicts of interest. The nuanced eye needs to understand that challenge as well as see subtle issues, such as two connected workers who are “safely” in different departments, but there may still be some interaction between the two that could prove problematic. Listen in to learn more. Listen now

By Adam Turteltaub On November 6, 2024, the U.K.'s Home Office issued Economic Crime and Corporate Transparency Act 2023: Guidance to organisations on the offence of failure to prevent fraud (the Guidance). It comes out of the  Economic Crime and Corporate Transparency Act (ECCTA), which establishes that a corporation can be held criminally liable for failing to prevent fraud committed by any “associated person” for the benefit of the company. This “associated person” can be an employee or even a third party. There is a defense, explains James Tillen, member at Miller & Chevalier, for organizations that had reasonable prevention procedures at the time of the offence. What constitutes reasonable? There are six principles: Top level commitment A risk assessment Proportionate risk-based prevention procedures Due diligence Communication and training Monitoring and review Sound familiar? It is, since it builds off the guidance for the UK Bribery Act and is very similar to the US approach. It’s not identical, though, since, unlike the US criteria for evaluating compliance programs, this guidance is fraud-specific, with details designed to address the risks posed by the fraud triangle of motive, opportunity and rationalization. Listen in to learn more about the guidance and the particular attention it pays to monitoring the mental well-being of employees. Listen now

By Adam Turteltaub Auditing and monitoring of the compliance program is pretty standard these days.  Entain’s Karen Nightingale, Group Director of Ethics & Compliance and Jonathan Fox, Group Head of Ethics & Compliance Programmes, make the case in this podcast for going to the next level and actively testing your program. The two will also be addressing the topic at the 2025 SCCE European Compliance & Ethics Institute, which will take place in Lisbon, 10-12 March. Doing so, they suggest, can turn a reactive compliance program into a proactive one by actively searching for points of weakness, identifying red flags in advance and addressing them early. In practice, testing is more like an audit. It should be done periodically and provide an in-depth look at whether processes and controls are working as intended. By going deeper, it can uncover where there may be a weakness in what may appear to be a strong process as a whole. To determine what controls to test, there are several factors. First is recognizing that your organization likely has limited resources: don’t plan a test that you don’t have the resources to carry out. Second, identify the taxonomy of risks and which fall within the compliance team’s remit. Next, prioritize the risks: identify the highest risks and start there. As you do this work, ask for help from other parts of the organization. HR, legal, internal audit and others may all be great help. Listen in to learn more, and then plan on attending their session at the 2025 SCCE European Compliance & Ethics Institute. Listen now

By Adam Turteltaub Note:  This podcast was recorded on December 17, 2024.  Any changes made after this date will be addressed at the Compliance Institute. At the 2025 HCCA Compliance Institute in Las Vegas, Adam Greene (LinkedIn), partner at Davis Wright Tremaine LLP will be leading the session “New Developments in Health information Privacy.” In this podcast he provides an overview of what he sees as notable privacy compliance challenges and what compliance teams need to be doing. Starting with the HIPAA Privacy Rule, reproductive information is the top of the list. There was a December 23, 2024 deadline for covered entities and business associates to have implemented a prohibition of using any personal health information (PHI) for the purposes of imposing liability or investigating reproductive health care that is lawful under state or federal law. That information, per the rule, should not even be provided to law enforcement or courts that seek to punish an individual for providing or facilitating that care. Relatedly, there is an attestation requirement in instances of judicial or law enforcement information requests that the requester is not seeking the PHI for this prohibited purpose. That is causing a great deal of confusion and challenge for compliance officers. Adding to the confusion is the possibility that the new Administration may reverse the policy. For now, though, he shares, it’s prudent to follow the rule until such time that changes are made by the government. Listen in to learn more about the complexities of this issue, the Confidentiality of Substance use Disorder Patient Record Rule, his insights on website disclosures of user information, and more. Then plan to join his session at the 2025 HCCA Compliance Institute in Las Vegas, taking place April 28-May 1. Listen now

By Adam Turteltaub Well, it turns out that you can be in two places at once, if you are a surgeon. Even better, you can bill the government under the Medicare program for being at both of them. It’s not quite as strange as it sounds, explains Sara Brinkmann, Partner, and Lauren Gennett, Counsel, of King & Spalding, and, of course, there are rules. Overlapping surgeries occur when one attending surgeon is responsible for procedures that overlap in time. The attending may perform the critical part of the procedure in both, assuming they are not supposed to happen at the exact same time. Non-critical portions of the procedure, such as closing the patient, are left to a resident. There must also be a backup surgeon in case something goes awry. Payment for both surgeries is possible so long as there are the requisite safeguards in place and the various other CMS rules are followed. There may also be state requirements to be mindful of as well. If those rules aren’t followed, there is substantial risk. As they explain, overlapping surgeries have been the subject of intense scrutiny and enforcement actions. Listen in to learn more, and, for the record, overlapping podcast listening is not approved. Listen now