More and more, the government is holding individuals — not just the organizations they work for — responsible for fraud.
Traditionally, healthcare companies were only expected to provide information about the underlying factual situation in a fraud investigation. However, these investigations have become more complicated, as the Department of Justice has taken a strong stance on pursuing healthcare executives involved in fraud cases to hold them personally responsible.
Venson Wallin, managing director of BDO's Healthcare Advisory practice, recently spoke with Becker's Hospital Review about the shift in individual accountability standards and steps hospital and health system executives can take to protect themselves from liability.
Note: Responses have been lightly edited for length and clarity.
Question: What caused the government to shift its focus to individual liability in fraud cases?
Venson Wallin: In September 2015, Deputy Attorney General Sally Yates released what is commonly referred to as the Yates Memo, which outlined the Department of Justice's increased focus on individual accountability and steps organizations should take to hold individuals responsible for corporate wrongdoing. This sparked an increase in cases where individuals are held accountable by the government — not just in healthcare, but in other industries like financial services and pharma, too.
Another driver unique to healthcare is its changing reimbursement model. Healthcare clinical operations lack a system of protocols similar to that of Generally Accepted Accounting Principles that govern healthcare finances, making it difficult to streamline the measurements increasingly tied to reimbursement. This measurement validation challenge — paired with increased fraud prosecution from the DOJ, the potential to unintentionally commit fraud and complexity of data — contribute to an increase in individual accountability cases.
Q: How can hospital executives protect themselves from liability?
VW: The best way they can protect themselves is to ensure their entities' corporate compliance programs are operating effectively. This means performing and updating compliance risk assessments by mapping compliance requirements to relevant preventive and detective internal controls; making regular compliance training mandatory for all levels of employees; hiring counsel to monitor evolving regulatory risk; creating and maintaining an information governance system to facilitate timely responses when there are whistle-blower or external complaints and/or investigations; and, of course, self-disclosing violations. Another effective tool is to create a hotline for individuals to report issues of concern before immediately going in as a whistle-blower. In short, the key is instilling effective communication — and remediation — tools; then, tone of compliance begins at the top.
Q: With the shift in individual liability standards, who outside of the C-suite could be subject to liability in fraud cases?
VW: Time will tell, and it really depends on the type of alleged fraud. If it's concerning contracts with physicians, it will probably be a C-suite issue. If it's a billing and coding issue, it depends on how far down the line investigators can identify intent to defraud the government. Although it becomes more difficult to prove as investigators move further down the line, if there is proof of intent to defraud Medicare, I don't think there's a limit to how far outside of the C-suite they can go.
Q: What can those outside of the C-suite do to protect themselves from prosecution in a fraud case?
VW: In short, they can speak up when they notice something improper. That might mean first consulting with counsel to determine the appropriate course of action, or contacting a supervisor or calling a corporate hotline to discuss the issue. Ultimately, it may be determined that self-disclosure to the DOJ is the appropriate course of action, but entities should strive to control their own destiny.
Q: How do you expect the changes in individual accountability standards to influence fraud investigations?
VW: The change in individual accountability standards has made it such that, in fraud investigations, focus has shifted from whether an individual personally benefitted from the alleged fraudulent behavior — what matters first and foremost is whether he or she is in any way personally responsible. This means having oversight and being in any way part of the driving force behind the behavior in question.
The recent $1 million settlement between the DOJ and the former CEO of Tuomey Healthcare System in Sumter, S.C., sent a message that it's a new era for fraud investigations in healthcare. Pre-Yates Memo, when healthcare organizations would enter into settlements over alleged fraud, there was always somewhat of a buffer between the corporation and the individuals that worked for said corporation. Now, as the Tuomey settlement demonstrates, those protective walls around individuals have been removed, and individuals are just as liable for criminal and civil charges as the entities themselves. I do think post-Yates, we're likely to see an increase in the number of individuals coming forward as cooperating individuals and/or whistle-blowers. If they don't, they risk being held liable.
More articles on legal and regulatory issues:
Feds: Drug company falsely claimed patients had cancer to boost reimbursement
Methodist Health denies it improperly deducts pay from nurses for meal breaks
10 latest healthcare industry lawsuits, settlements