AHLA's Speaking of Health Law

Best Practices for Operationalizing Risk Assessment and Identifying and Mitigating Stark and Anti-Kickback Risk

August 04, 2023 AHLA Podcasts
Best Practices for Operationalizing Risk Assessment and Identifying and Mitigating Stark and Anti-Kickback Risk
AHLA's Speaking of Health Law
More Info
AHLA's Speaking of Health Law
Best Practices for Operationalizing Risk Assessment and Identifying and Mitigating Stark and Anti-Kickback Risk
Aug 04, 2023
AHLA Podcasts

Stephanie Haywood, Senior Vice President, Sales and Client Engagement, Ntracts, speaks with Jerry Lear, Chief Internal Audit/ERM Officer, Bon Secours Mercy Health, and Ken Zeko, Principal Advisor, Hall Render Advisory Services, about steps health care organizations can take to conduct a thorough risk assessment in relation to Stark and Anti-Kickback compliance. They discuss how to use DOJ compliance guidance, focus arrangements CIAs, and organizational contract data, and they offer advice to legal and compliance leaders on how to ensure that stakeholders in their organizations are aware of risks. Sponsored by Ntracts.

To learn more about AHLA and the educational resources available to the health law community, visit americanhealthlaw.org.

Show Notes Transcript

Stephanie Haywood, Senior Vice President, Sales and Client Engagement, Ntracts, speaks with Jerry Lear, Chief Internal Audit/ERM Officer, Bon Secours Mercy Health, and Ken Zeko, Principal Advisor, Hall Render Advisory Services, about steps health care organizations can take to conduct a thorough risk assessment in relation to Stark and Anti-Kickback compliance. They discuss how to use DOJ compliance guidance, focus arrangements CIAs, and organizational contract data, and they offer advice to legal and compliance leaders on how to ensure that stakeholders in their organizations are aware of risks. Sponsored by Ntracts.

To learn more about AHLA and the educational resources available to the health law community, visit americanhealthlaw.org.

Speaker 1:

Support for A H L A comes from nras , the leading contract lifecycle management solution for healthcare organizations across the country. Driven by the expertise of dedicated contract compliance professionals, empowered by the nation's largest healthcare law firm, while render Ntra X has provided best in class healthcare focused contract lifecycle solutions to healthcare organizations for more than 30 years . For more information, visit ntrk.com.

Speaker 2:

Welcome to today's episode of Speaking of Health Law Podcast. I'm Stephanie Haywood, senior Vice President of Sales and Client Engagement at Ntra cs . And today I'm excited to be moderating our topic of discussion, how to use D O J compliance, guidance focused arrangement CIAs and your organization's contract data to identify and mitigate stark and kickback risk. The experts I've asked to share their knowledge and expertise on this topic are Jerry Lear and Ken Zko . Jerry serves as Chief Internal Audit, e r m, officer for Bond , Secor Mercy Health, located in Cincinnati, Ohio. Prior to Bond Seco Mercy Health, he was a partner principal for Crow, L l p, dedicated to health law risk, healthcare risk consulting. He is implemented e R M and internal audit functions for many organizations across the country. From risk assessment to staffing, design and onboarding and internal audit operations, he holds several certifications, including certified internal auditor and certified Information systems auditor. His professional affiliations include Institute of Internal Auditors, the Healthcare Financial Management Association, healthcare Compliance Association, and Health, American Health Law Association, An attorney consultant with more than 25 years of regulatory compliance experience. Ken zko is a principal advisor at Hall Render Advisory Services, leading their coding compliance service line, assisting clients with compliance program assessments, risk assessments, investigations, coding and compliance engagements, self-disclosure, physician arrangement reviews, independent review organization engagements, and corporate integrity agreement related c I A engagements. Ken has performed over 70 compliance program assessments and has managed hundreds of coding compliance engagements for a myriad of healthcare organizations. He is certified in healthcare compliance, is an active member of health of the Healthcare Compliance Association, as well as the American Health Law Association. Ken, Jerry , thank you both for joining me today. I'm really looking forward to this discussion. Jerry , I had the pleasure of spending some time with you in person recently at the A H L A annual meeting and really enjoyed it. And Ken , we've known each other for a very long time. You two have worked together on projects on and off over many years , um, and you seem to have similar mindsets on how to address compliance and risk management. Ken, I was hoping that you could start by hearing a little bit about how you and Jerry connected originally and why you enjoy working together.

Speaker 3:

Well, thanks for having us. Um, uh, we, we love this topic of physician arrangements or risk. We are , um, pretty nerdy regarding how passionate we are about it and the way we met. We were at a healthcare compliance association conference. Um, Jerry had heard of me and came up and , uh, started a conversation. And next thing you know, we were , uh, talking about the potential of working together someday and , um, how we viewed , uh, compliance risk. And one of the things that we shared, a, like I said, nerdy passion about was , um, physician arrangements risk. We thought, I, I was surprised to see there was somebody else like Jerry , who thought like I did that physician arrangements risk , um, was often overlooked at organizations. And he seemed to think the same way. Um, if you're familiar with MD Anderson down in Texas, they , um, have a view of abolishing , uh, cancer. And , uh, Jerry had that same thought of abolishing physician arrangements risk, and , um, we set out , um, to do that for our clients. And I think Jerry has a very unique way of doing that at Bosco Mercy Health.

Speaker 2:

This is why I am so excited that we're here and having this conversation , um, and allowing the two of you to share your approach to risk management, because I know that your views on abolishing physician arrangement risk is a bit of, or maybe I should say, a totally different approach to perhaps some other schools of thought around risk , risk management and compliance. And later we're going to get into some of the reasons that others , um, may not have the same approach as the two of you. But perhaps to start , um, Jerry , can you give us a high level overview of what's different about your approach to other approaches out there?

Speaker 4:

Uh, thanks Stephanie. Uh, and Ken for the flattering comments. Uh , mm-hmm . <affirmative> , because I'm nerdy about this stuff and you know it , uh, but I think to start with, we, we take a view of , um, physician auditing as , uh, it being a good thing. Uh, imagine the auditor saying that , uh, everyone loves auditing, right? So , um, and especially auditors. But , um, this , it, it, it really comes from looking at auditing and monitoring as something that you should do. Now, don't get me wrong. There is a large contingent of folks out there that have the view that , um, if you do look at physician arrangements, do it at a surface or a control level , um, versus getting in very deep. Uh , because if you look, you're gonna find something and then you're gonna have to deal with that . Um , and I understand that , um, I respect that because frankly, no administrator , uh, wants to go to a given position and ask for money back. Um, it's not, not a good position to, to be in. Um, however, as we know, the guidance says otherwise, it says we should be looking. Um, and so we do take that approach, take it with my current client and and past clients as it, it is good to look and , and look looking beyond controls and depth to find out , um, what's going on , uh, in the actual arrangement , uh, post inking the deal. So after it's in operations, what does it look like? Um, especially those arrangements that are more complex in nature.

Speaker 2:

I think you , um, mentioned to me on one of our prior discussions, you know, we really can't stick our head in the sand and avoid situations on some of those more complex agreements. Um, and with your and Ken's approach, your approach to risk management is the exact opposite of sticking your head in the sand , um, or waiting for the shoe to the other shoe to drop, so to speak. You're actually looking under every rock and into every corner. Um, it seems like that is a huge task , um, and significant , um, across the organization. So I'm interested if you could share with me, Jerry , and of course Ken would, would love for you to weigh in. What tools or resources do you use , um, and how do you make it more streamlined or easier?

Speaker 4:

So our starting point is, is analytics, and it makes us more efficient. Um, so we have an analytics team that helps us to root out , um, what would be the universe of physician arrangements for our , for the organization. Um, and so that is looking in AP systems, it's, it's looking , uh, in payroll to see where payments are made. Uh, and then it is going back to one of the primary sources for hopefully all of the information, which is contract management systems . So we're, we're utilizing data analytics, we're rooting out , uh, the contracts and then , um, through our risk assessment process , um, segregating those in by type of arrangement. Um, but it's, we, we need to make sure that we have that universe. So we're linked very closely to the administrator over contract management , um, so that we know every arrangement that is out there. Uh, and so that , that is, that is a really important starting point, is understanding the, the totality and the , the aggregate universe of your arrangements.

Speaker 3:

And what I would say is, ever since I was an undergrad, I kind of believe in this concept of work smart, not hard. Um, we're all very, very busy, and if the answers to the test are out there, I think , uh, we have a responsibility to go find , uh, the questions and the answers to the test. And in this regard, the government has given extremely good guidance regarding what they expect to see. So the Department of Justice , uh, created several years ago, a document. The name isn't that great, but believe me, the guidance in it is incredible. The US Department of Justice, criminal Division, evaluation of corporate compliance programs, which they've updated now three times. And in that they say , um, they tell health systems exactly what they expect to see regarding oversight of , um, physician arrangements or arrangements with third parties like a medical director. Um, they spell it out. Um, for example, they say, pros , prosecutors should analyze the services to be performed. The third party is actually performing the work, and it's, the compensation is commensurate with the work being provided in the industry in the industry's geographical area. So they say you should be doing these types of , um, auditing and monitoring. And then the other thing that I look for, and Jerry and I have used over the years , um, are recent corporate integrity agreements that have a focus arrangement , um, been to them. So there's two , two types of focus. I mean, two types of corporate integrity agreements generally , uh, false claims, ones and anti-kickback and stark ones, the government calls, those focus arrangements. And in general, the focus arrangements. Um, you know, CIAs, they spell out that when you get one of those corporate integrity agreements, the independent review organization, the I R O has to do, has to review two things. The organization's , um, basically their contract management system, they call it a focus arrangement system. And then they spell out that the I r O needs to do a transaction review, a focus arrangement transaction review. So they spell out exactly how you should be tracking these agreements. Um, so the system, what type of contract management system are you using? Are you using an Excel spreadsheet , uh, that somebody updates, you know, once every six months if you're lucky, or do you have a full blown , uh, contract management system like nras , and they spell out what you're supposed to be doing in order to pass these corporate integrity agreements.

Speaker 2:

And you, you've talked a a lot about what needs to happen after a contract is first thing <laugh> . So , um, and I appreciate that, Ken . Um, if you could just speak a little more to that and perhaps, Gary, you can also add in some examples. Can you give us an example of when you've seen a contract fall flat or not get in or get into the pit pitfalls after they've been inked? And , um, just to add to that, there have to be critics of this process , um, and individuals who may be hesitant to utilize a contract management system or any sort of tracking , um, mechanism, although we know how incredibly important it is. Can you talk to us as well about how you get buy-in? How do you get those critics on board really to what you're trying to accomplish? Not just from a regulatory and compliance perspective, but the tools around what is necessary in order to help maintain that compliance? I ,

Speaker 3:

I think one of the keys to operationalizing physician arrangements or physician arrangement risk is to make sure that the end users of the agreement know what's in the agreement, and they're aware of stark and anti-kickback risks. They've been trained about it. Uh, for example, Barry and I have both seen organizations where, you know, they, they might have contracted with a physician to be a medical director. Um, well, sometimes the area where that medical directorship resides, they've never seen the actual contract. It's been lawyered by the general counsel's office or external counsel , and then the medical director resides in Department X. Well, the Department X leadership sometimes is never seen that actual contract. Those people need to be able to understand what's in the contract. They need to be able to understand what risks are posed by , uh, contracting with a physician , and then they need to be able to show that they're mitigating that risk. Jerry ,

Speaker 4:

Completely agree. Um, I think there is , uh, at, at some there, we know , we know it exists, that there's times where there's a unreasonable expectation that the department leads or the responsible managers overseeing a, a given arrangement , um, are fully aware of those. And we do need to do the training, and they do need to be aware of it. Um, and they need to be reviewing , uh, when a payment is made to those physicians or ser , you know, and services are provided, the need for the documentation to support those things . Um, but there needs to be an additional check, right? Um, and there needs to be a , a , some secondary monitoring of that , uh, because there's com complexity and frankly, because there's human interaction involved, right? Um, and that brings another level of complexity there. Um, and those department managers aren't looking at the terms on a consistent basis. Um, and so this, this, it becomes that much more important, especially when there's multiple terms and multiple service expectations involved, that they're all being considered, it's all being documented , um, and that's being checked prior to payment going out the door, hopefully.

Speaker 3:

Yeah. And that notion of like, how do we , um, convince leadership that this is something they should do? Again, I like to point to these , uh, guidance documents and the recent corporate integrity agreement documents. Often what I think Jerry and I find is leadership teams are unaware of how things would work if the organization were to be looked at from the outside. So if there were some sort of , um, inquiry , um, somebody blew, you know, a whistleblower says, Hey, this organization is , um, inappropriately contracting with physicians, you know, let these leaders know that there would be most likely depositions. There would most likely be , um, search warrants executed. They would, you know, look at your, the , the individual's emails , um, and you wanna be able to see that you are using, or you are doing things that look like what the government would expect to see. So again, if you took a recent focus arrangement, corporate integrity agreement, and you deconstruct that, and you use that as your agenda for your organization's compliance committee to say, Hey, are we doing the things that the government would expect to see? Usually that's enough to , for leadership to realize, oh boy, we better be doing what the government would expect to see it. Why, why not create your program, your focus arrangements, your position arrangements, program to mirror what the government would expect to see, which is easily found in the corporate corporate integrity agreement, focus arrangements , um, pieces.

Speaker 2:

We certainly know that there's a uniqueness to healthcare , to the healthcare industry that can make adherence to guidelines seem tricky in some cases. Um, you've talked a bit about some of the steps that an organization can take to, to conduct a thorough risk assessment, like looking at the guidance and, and looking at corporate integrity agreements. Um, can you give us a few other examples , um, of potential risk areas that are often identified and some additional steps that perhaps an organization can, can conduct , um, can use to conduct a thorough, a thorough risk assessment?

Speaker 4:

So we kind of take a , a unique approach , uh, and I have, you know, when I've done risk assessments at, at various clients , um, is that the physician , uh, assessment needs to be , uh, segregated, different and very robust. Um, need to understand, as I mentioned before, the the population of physician arrangements. Um, part of that is making sure that you have all your physician arrangements for any payment or service being provided out there. Um, and so doing searches of AP systems for physician payments , um, that's always a good thing. Make sure you have a contract. Um, but it's to identify first that population. There's, then there's a , uh, needs to be a big effort and categorizing or segregating , uh, that population by category , um, so that you understand which are more complex , uh, or more inherently risky. So segregating, you know, ar arrangements from like time leases or timeshares leases, et cetera, medical directorships, recruitment type arrangements , uh, from even , uh, more complex such as reverse MSOs, MSOs, sale leaseback type arrangements, things like that. Um, and it's important to understand those categories because it helps you to kind of put those into , um, uh, kind of parsed out sections to where you can great , gain an understanding of who is touching these types of arrangements and what is the monitoring procedure that is in place , um, or not touching them , and what level of attention does this , um, arrangement really require. And so, and then it allows you to, to say, you know, to what extent are these being monitored, monitored, audited , um, and where do we need to add additional effort? Um, and on some of those maybe lower complex arrangements, you can do a quick check , um, and monitor those , uh, prepayment as we do. Um, whereas the other more complex arrangements that require more work, more effort to dig in deep , uh, you could put those in an audit process or frankly, hand them off. They may require an additional check by finance , um, your , uh, physician enterprise or leadership, et cetera .

Speaker 2:

Ken , do you have anything to add?

Speaker 3:

Yeah , you know, it's one thing to be able to say , um, you know, Hey, government folks, trust us, you know, we're doing this. Um, it's another thing to be able to show and demonstrate. So, you know, I think one of the things that confounded Jerry and myself early on when we started to, you know, years and years ago, 10, 12 years ago when we started to talk about this, is organizations can often fairly easily demonstrate what they're doing to mitigate false claims risk . So they have somebody in the organization, a coder, or that that looks at medical records, or they hire somebody like my team and I to do a coding compliance review. But often organizations cannot show that they are , they have something in place, they can't demonstrate what they're doing per the seven elements of an effective compliance program as promulgated by the O I G . They can't show that they've been training their people about focus arrangements or stark and anti-kickback risk . They can't show that they've been auditing and monitoring them, that they have policies, written policies and procedures about stark and anti-kickback risks. And what we often see is they can demonstrate that they're doing lots of other monitoring and auditing, but they cannot demonstrate what they're doing regarding physician arrangements risk. And that's what I call the 90 10 , uh, perception or 90 10 deception, which it looks like the compliance function has the ability to go all throughout the organization and identify and mitigate risk. But if you look really, really closely, the 10%, the physician arrangements risk is handled, quote unquote , by the general counsel's office. And compliance doesn't have the ability to kick the tires there to look underneath the rocks. And I would say to organizations, make sure that you can clearly overtly demonstrate per the seven elements of an effective compliance program that you are identifying and mitigating physician arrangements risk. That it's not just something that's the purview of the general counsel's office.

Speaker 2:

You've, you've spoken , um, to me in conversation before around the 90 10 perception or deception as you call it , um, and it's, it's really stuck with me. Um , it's important in relation to having compliance departments have a insight into the various types of physician arrangements. You've both talked a bit about utilizing , um, various systems including contract management , um, applications to , um, to support , uh, mitigation of , of stark and anti-kickback risk as it as it relates. Um, can you both talk about Mary, maybe Jerry , if you don't mind, you can start , um, how do you leverage contract data and other relevant information as you're , um, working to operationalize risk management?

Speaker 4:

Uh, well, it's extremely important to us , um, and it helps to drive our, our efficiencies in having a , a fully populated contract management system. Um, so we have a set group of individuals that review , uh, physician payments , um, prior to them being cut. Uh, and in order to do that and drive efficiencies in that process , um, we need one a , a nice workflow built into our AP system , uh, which we have designed , uh, but also we need quick and easy , uh, and , uh, access to contract management as well as complete information in there , um, because we need to be able to do a quick check of those terms against the , that payment to make sure that everything's there. Um, we're not exceeding any caps calculations accurate, as well as the documentation there to support it , um, so that we can get those payments reviewed and out the door , um, because frankly, physicians like to get paid on time. Um, and so it becomes very important. It's also going back to the risk assessment discussion, is we need that information to effectively do that assessment, to understand those terms to, and within that , um, contract management system, those categories need to be accurate , um, and they need to be established , uh, because we're gonna go by that in determining what needs to be touched , uh, in a, a more depth fashion by audit versus those ongoing payment reviews. Um, and it's gonna make a difference what we catch , uh, if there is an issue , uh, by categorizing them different ways so that it's an important element in our process.

Speaker 3:

Yeah, and you know, one thing that Jerry , and , and I think Jerry does probably one of the best jobs across the country , uh, identifying and mitigating or abolishing position arrangements risk , but one of the things he and I used to talk about , um, that I'm super, super, super passionate about is when you're looking at regulatory compliance risk at an organization, often there are numerous data points that you can , um, check to see to what extent these physician arrangements are called , or these physicians are causing risk to your organization. So, for example, if you have a lot of hotline calls where , um, operational folks are saying, boy, physician X threw a telephone at a nurse today , um, well, that's a data point. You might wanna look and see, hey, what kind of contract do we have with physician X? And if you see that you're paying physician X, you know, more than fair market value, you might wanna see , oh boy is Physician X is doing what he or she said, if they're a medical director, for example, or employed physician. Uh, if you're doing coding compliance audits and physician X is performing terribly and they're causing all kinds of false claims risk for you, well, they might be also causing physician arrangements risk for you as well. Look at their contract and make sure that you're paying them what , um, you contracted with them to, to do. Like if you say, oh, boy, we're gonna pay physician X, you know, y amount of dollars per year, well look at that contract and then talk to accounts payable to see if you are indeed paying them per the contract, or God forbid if you're paying them more than the contract. So look at those other areas to see if certain physicians are popping up as risk items, and then make sure that they're not creating physician arrangements risk as well.

Speaker 2:

And just to, to add to that, do you see, or maybe I should ask, how do you see , um, the organizations that you're working with , um, use data either in a similar fashion or in a different fashion , um, to help mitigate that risk?

Speaker 3:

You know, like I said earlier, most organizations look at, they'll look at false claims risk, and they'll be able to demonstrate that they're doing some sort of , um, risk mitigation activity. I say to folks all the time, something is better than nothing getting started, you know, perfection is the enemy of, you know, getting started. So , uh, just sit down with those. Uh, I would say create a , um, subcommittee of your compliance committee that looks at , uh, the data that you all have. You know, for example, look at the contracts , uh, see what it says. You're supposed to be paying these physicians, see what it says they're supposed to be doing. And then have, I mean, at least start and have conversations about what is it that accounts payable is paying these position . Who knows? You know, some organizations that I speak to, they're not even aware how many medical director ships they have very easily, they can't put their fingers on that. So I would start with the basics. How many medical director ships do you have? What does your contracts look like for employed physicians? Are you leasing space like Jerry kind of , uh, indicated earlier,

Speaker 4:

And I, I wouldn't , uh, ignore . So you can't ignore your employed population. You also, and you know, we kind of get into this , um, thought process, especially the lawyers that , uh, you know, the independent arrangements are where the risk is once you employ them, there's, there's no race risk there or significantly reduce it. There is that piece , but you can't avoid looking at those. Um, so running analytics around compensation, outliers of compensation , um, coding outliers , um, and Ken's, you know, very much into that become important to help , uh, identify potentially more riskier arrangements and doing reviews of those compensation outliers as well as coding outliers. And I'm not talking just straight e and m getting in more complexities and modifiers and, and multiple procedure type stuff. Um, so beyond just e and m bell curve analysis , uh, in addition accounts receivable, so timeshares , um, leased space, any kinds of arrangements for , um, services like , uh, com , you know , um, computers , uh, sharing E H R and making sure that that's being collected , um, and that they're only using , uh, what would be expected. Timeshares are a big area for risk. Uh, and they're subtle and they're generally not centrally maintained. So , um, and so the control is dispersed , uh, and there can be a lack of control. So the , these are areas , uh, um, that to look at. And sometimes those error arrangements can be managed by third parties. So the thought is there's no risk there 'cause they're being managed well, are they really? So these are things that , uh, should be considered outside of a normal independent arrangement.

Speaker 2:

I feel confident that both of you have, shed light on a lot of additional areas that organizations, if they're not already doing so, should look at , um, to help mitigate that risk. At NTT Tracks , we're always talking about building and fostering a culture of compliance, and it's clear that both of you are incredibly passionate about that , um, and really have made it have, have taken significant steps in looking at things a little bit differently. Um, what strategies or programs , um, do you recommend organizations implement if they're interested in addressing , um, risk mitigation in a similar way that the two of you do? And, and Ken, I appreciated your comment earlier around, just start somewhere. Um, we talk with organizations constantly around, you know, how do we just get line of sight into our contracts and they feel like they have this big mountain to climb , but really it's, we'll just start somewhere. So I appreciate that comment and would love to, you know, hear from you about some other strategies or programs again that you might recommend , um, an organization take if they wanna start , um, addressing it similarly to how to, to you and Gary . And then , um, beyond that, what are some things that legal and compliance leaders can do in their organizations to ensure that stakeholders and employees are aware of the risks that there may be , um, beyond the contracts that they know about, or to Jerry your point, other areas that you need, they need to be looking at , and how can those leaders stress and demonstrate really a responsibility to report those , um, identified if hopefully not, but if identified violations. Ken , maybe you could start or Go

Speaker 3:

Ahead, Ken . So one of the things that Jerry and I haven't mentioned about , um, but when I say these following words, Jerry's going to twinkle , um, and he's gonna get so excited, is the , um, a concept called the three lines , um, risk kind of matrix. It's brought to us by the association of , uh, in , uh, internal auditors. I might have gotten that wrong, Gary , but , um, basically the three lines risk model says that , um, operational folks, the first line should be able to identify and mitigate risk compliance should help , um, organizations or should help the operational folks , um, identify and mitigate that, facilitate the mitigation of risk. And then internal audit should audit , um, to make sure that everybody's doing what they're supposed to be doing. And with that said , um, the, the compliance folks, like I alluded to earlier, they should have a compliance committee. That compliance committee should perhaps have a subcommittee , um, who's, you know , uh, empaneled to , uh, identify and mitigate , um, or to acy what the organization's doing regarding its physician arrangements risk, and then , uh, employ that three lines model to make sure that the operational folks have been trained, that they know what the risks are and that they're doing things in their department to make sure that the risk is being mitigated. They can review the contract, they can make sure that they're looking at , um, sign-in sheets to , to make sure that the physicians show up and do what they're supposed to be doing. They can make sure that , um, attest attestations are being signed and collected. There are things that operational people should be empowered to do and should be doing to mitigate this physician arrangements risk as, as well as other regulatory compliance risks . Gary,

Speaker 4:

Great comments. Um, I think it goes back to, and Ken , you mentioned some of the training and how important that is, especially those that are involved in physician arrangements. And I think part of building that culture , um, within that training is to actually applaud surfacing physician risk. Yeah . Um , so if , if an administrator, if a nurse brings forward a concern about a given arrangement or something like that, they should be applauded for that. Um, 'cause it gives us an opportunity to do some investigation check. Hopefully in the end it's nothing. But it gives us an opportunity to, to surface a potential risk, potential issue and mitigate that hopefully. Um, so folks need to be applauded for that and , and that need , that kind of , um, behavior needs to be encouraged. Um,

Speaker 3:

And the federal sentencing guidelines in the most recent iteration says that compliance programs should not just make sure that as one of the seven elements of effective compliance program, they talk about , um, equitable , um, disciplinary measures. Um , they wanna make sure that you discipline folks equitably. They also want to make sure that you all are rewarding employees for positive compliance activity . So what Jerry just said there aligns perfectly with the guidance that's provided to the industry through the O I G guidance and the , uh, federal sentencing guidelines.

Speaker 4:

And the, the beauty of that is if you do it right, you are actually having people call up and say, Hey, come look at this, please. Um, the , the, the lawyers , um, counsel and , and clients that I've served , um, they're bringing issues , uh, you know, constantly. We have one attorney that I say , I just need an auditor dedicated to you. So , um, and that's a good thing. It, it really is. So when you get that kind of behavior, it's great feedback that, Hey, it's working. Yeah , we are advancing the culture of compliance

Speaker 3:

And like I've seen organizations that have compliance mascots, and when somebody brings something forward, they, they give the operational folk who, you know, came up with this or saw this and brought it forward, they'll give them like their compliance mascot, like navigator ned or , uh, a bulldog, a stuffy , uh, you know, a stuff , uh, animal. And those people put that on their desk, and then the compliance department gives them kind of a, you know, $10 gift card to , uh, Starbucks or something like that to recognize and leadership , uh, you know, makes a big deal of it and, you know, presents that to the, or to the , the person. So recognizing folks for bringing issues definitely sets a tone of compliance and ethical , um, business decisions at an organization.

Speaker 2:

It's an incredibly ipor important point. And, you know, CLI compliance really is everyone's responsibility across the organization. Yeah . So , um, I'm so glad that you've shed light to that. Um, we've talked a lot about a very important topic , um, an area of discussion, and I, I really appreciate it . I definitely gonna have to have , um, you back for another discussion , um, because I know that we've barely scratched the surface. There's a lot more to cover. I would just ask before we finish , um, maybe starting with you, Jerry , is there anything else you'd like to leave our listeners with?

Speaker 4:

I'd say , uh, the few points that'd be , um, first I go back to understanding your population of arrangements, right? Uh, and understanding which are more complex and inherently risky. Um, don't assume that an approval means review. Um, and so that's where you're monitoring and your detective , um, processes are important. Um, and last, just do the auditing start, if you haven't already. Um, do the monitoring , uh, it is important , uh, that you actually look , um, and so I'll leave you with that,

Speaker 2:

Ken .

Speaker 3:

Yeah . I would say , um, get used to having conversations about risk and understanding what leadership's , um, risk profile is. Um, if, you know, leadership has a very high risk threshold, you should understand where they're coming from and you should be able to put things in place that mitigate the risks, not only with associated with physician arrangements, but other regulatory compliance risk areas. Something like I said earlier, is better than nothing, and the government will expect to see a lot more of something at the bigger, more sophisticated organizations. If you are a, you know, small 15 doctor , um, physician practice, they might not expect to see much, but at a larger health system, they would expect to see all of the things that Jerry and I have been talking about.

Speaker 2:

Well, I wanna thank you both. Um, I wanna thank everyone for tuning in. Um, again, I wanna give an a a very special thanks to, to you Jerry and, and Ken to you , um, for joining me today on this discussion. Thanks for sharing your expertise. Thanks for sharing what you've, what you've seen and, and really what sounds like and, and what really is, is I've had an opportunity to get to know you both your passion for establishing and maintaining best practices around compliance, contracting, compliance, mitigation of Stark, and , and I kick back around phys physician arrangements , um, and maintaining compliance in the healthcare organizations that, that you support. I think for sure everyone's going to be listening , um, and leaving this discussion with several actionable takeaways for their compliance process, and I appreciate the conversation today. Thank you both so much. Welcome.

Speaker 5:

Thank you . Thanks.

Speaker 6:

Thank you for listening. If you enjoyed this episode, be sure to subscribe to a H L A speaking of health law wherever you get your podcasts. To learn more about a H L A and the educational resources available to the health law community, visit American Health law org .