AHLA's Speaking of Health Law

Fraud and Abuse Investigations: Tips from the Trenches

AHLA Podcasts

Ritu Cooper, Shareholder, Hall Render Killian Heath & Lyman PC, Greg Demske, Partner, Goodwin Procter LLP, and Melissa Wong, Partner, Holland & Knight, discuss strategies that health care organizations can employ when dealing with fraud and abuse investigations. They cover the full life cycle of an investigation, sharing their own insights and experiences. Ritu, Greg, and Melissa were presenters on AHLA’s new course, Fraud and Abuse Investigations 101.

New Health Law Daily Podcast Coming in January 2025

Coming in January 2025, AHLA’s popular Health Law Daily email newsletter will also be available as a daily podcast, exclusively for AHLA Premium members. Listen to all the current health law news from the major media outlets on this new podcast! Subscribe Now

Speaker 1:

<silence>

Speaker 2:

This episode of A HLA speaking of health law is brought to you by A HLA members and donors like you. For more information, visit american health law.org.

Speaker 3:

Welcome to this a, a podcast. My name is Ritu Cooper, and I am a shareholder at Hall Render Killing Heath and Lyman in our DC office. I am here with two of my very good friends, Greg Demsky and Melissa Wong. Um, we are here to talk a little bit about some of the things that we do in the investigation world. Um, as many of you probably know, a HLA started a fraud and abuse 1 0 1 course a couple of months ago. Um, and the three of us have the pleasure of being able to be a part of that , uh, course. So, with that, let me , uh, tell you a little bit about what I do, and then I will introduce or have my, my friends here introduce themselves. Uh , my area of practice is mainly in the broad and abuse space. Uh, I work anywhere from the beginning of doing an internal investigation all the way through , uh, corrective actions, which could include voluntary disclosures. I also work with a number of clients , um, helping them with their compliance program, some who have corporate integrity agreements and help with, with those types of compliance issues. Uh , but most of my day-to-Day work is providing guidance on Stark and anti-Kickback. And then occasionally we have clients that have corporate, I mean CID , uh, so then responding to a civil investigative demand, which also could lend itself to doing an internal investigation kind of side by side , so that you're being completely compliant with all of the requests from the CID , uh, Greg.

Speaker 4:

Thanks Tu . Uh, I'm Greg Demsky, and I'm at , uh, Goodwin Proctor in Washington DC , and I've been here at this firm for , uh, about a year and a half after spending 32 years in the federal government at the H-H-S-O-I-G Council's office , uh, where I worked on the full range of administrative and civil enforcement and guidance to the industry. So my practice here at Goodwin is sort of the mirror image of what I did in the government, and very similar to what Ritu does , um, as far as advising on compliance, both with management and also with boards of companies on how to set up and maximize the return on investment for compliance programs , um, counseling on arrangements and how to try to keep them compliant and reduce or eliminate legal risk , particularly under the anti-kickback statute. And then , uh, how to deal with issues as they arise, either identified through a compliance program , uh, or some competitor or , uh, by the government. Um, and that also, as Ritu just said, that often involves , uh, internal investigations, whether sparked from outside or due to internal reviews . So that's , uh, a range of things that I do and the things that come up for our clients in this industry.

Speaker 3:

Melissa,

Speaker 5:

Great. Thanks Ritu , and good to be with you and Greg. Um , my name is Melissa Wong. I'm a partner at Holland Knight in the healthcare and life sciences practice , uh, based in Boston. Um, I do mostly regulatory compliance and transactional work for my clients , um, who mainly consist of managed care companies , um, a lot of pharma and life sciences companies, and more of the non-traditional service providers, whether they be , um, management services organizations, pharmacy benefit managers, and any other service providers in the , uh, healthcare spectrum. Um, I work on pretty much anything related to regulatory compliance, whether it's implementing programs or assisting with that implementation, helping when things go wrong, to be quite frank. Um , 'cause even the best compliance programs won't prevent every single instance of non-compliance, and in fact, you would want them to detect those , uh, situations. And of course , um, working with colleagues and with clients on anything else that may happen down the line.

Speaker 3:

Great. Well, Melissa and Greg, I really look forward to chatting with you today during our podcast and learning from you , um, with your varied experience. Uh, so why don't we start with you, Melissa. Um, if you can talk to us, since you're revealing that compliance and regulatory space, could you talk to us a little bit about what does an organization do when they find a compliance issue after the fact?

Speaker 5:

Of course. And you know, it , the , between the three of us, we were trying to figure out how do we narrow down the topic of this podcast to something that's really incisive and impactful for any listeners out there. Um, like the fraud, waste, and abuse spectrum is just so large. And , um, what we wanted to do was approach it more from a tactical perspective. So, ritu to your question, like, what happens when things go wrong and what do we do when we find out , um, kind of too late to prevent that instance from occurring? So this could include a myriad of different , um, situations. It could be, oh, we did not perform OIG exclusion checks, or we've been offshoring PHI and didn't realize mm-hmm , through a third party vendor, or we've been , um, not really complying with , uh, guidance that's out there on billing and coding or reimbursement. So what's really the next step when you detect an issue like that? Now, as you can tell from our , um, programming and any of our, your daily course of work, the first thing is to really investigate. Uh, you don't wanna stick your head in the sand and pretend nothing's going on, but really being mindful of your obligation to fully evaluate the situation. So what does this entail? Um, whether it's internally or if you kind of bring in external counsel or advisors or consultants, the first step is to really understand the situation, gather facts in a way that's , um, careful and that protects privilege to the extent that you can leverage that kind of protection and really deeply examine the technical requirements. For instance, for offshoring , um, there are some exclusions. There might be some arguments that you could make that , um, you're not actually offshoring PHI or that certain services are out of scope or that , um, you know, your upstream entity , uh, agreed to offshoring. So anything that you can raise that would , um, you know, potentially bring a colorable argument that it was not compliance, I think this is the right course of action to evaluate fully all of the different options. At that point, you want to think about remediation. If this did indeed happen and you want to think about how you address it, I would really get your ducks in a row first and figure out what do you do to address the situation and to make sure that the, the situation is not likely to recur. So , um, again, you don't want to necessarily bring it up without having this backup , um, talking points or plan , um, to kind of do some damage control. Um, I think sometimes I've seen companies, their first instance instinct is to go out there and fully disclose that this happened, but not really proffer a solution. I think it's important to do that and think about that before you approach anything externally. Um, we can talk a little bit about remediation steps, but from there, I feel like the third stage is really to the disclosure. Do you disclose, how do you do it? Do you do it formally or informally? And there's different components that I think inform that decision. So for example, do you have to file some type of compliance attestation with your upstream entity, whether it's with , um, a managed care plan, a Medicare advantage plan , um, kind of an upstream entity where they're kind of contracted with the planner with CMS and what exactly is required in that attestation that you have to disclose? So if that attestation says specifically, you don't do any offshoring and you promised to do OIG exclusion checks once a month, there's really not that much wiggle room. Others will say to the extent applicable , um, you know, to the extent that it's required. And that gives you a little bit of mobility to come up with your arguments and see if there's room for interpretation. Um, ultimately I feel like , um, a lot of these relationships are built on , um, the ability to conduct business and to continue with business. So there is, I think, a right approach that I've seen people do successfully to say, you know, maybe this thing happened, let's talk about how we address it, corrective actions and so forth. Um, I rarely see a kind of scorched earth, oh my gosh, forget it, we're leaving unless it's like really a, a very serious situation. So I would lean into that and really , um, approach these issues from a , um, kind of a baseline of partnership and ability to move forward. So , um, just some initial food for thought Greg and Rita would love to hear. Any additional thoughts that you might have?

Speaker 3:

Uh , I think most of you laid that out really well. Um, I think that the, one of the things that you also need to look at is who's going to be involved in that investigation, right? Who's that team and how did the investigation come about? So for example, let's say it was an issue that came in through the hotline , um, you might treat that a little bit differently of who's in the know versus if the organization was delivered a CID, right? If it's a CID, you might think that there is a relator that relator that whistleblower might be someone who is internal to the organization currently, that , uh, relator may be someone who is a former employee. We've also seen relators as competitors , um, or consultants or someone external. Um, so I think that that investigation team at the outset is probably something really important to consider. Um, if it's , uh, someone that , uh, made a was still , I mean, a , a hotline complaint, I would think that the compliance officer then would be involved in the investigation and would be in the know, since the investigation kind of stemmed from, from the compliance officer's shop. But Greg, I'd be curious to, to hear what you might say about if it's not through the hotline, and let's say it is a CID you involve the compliance officer, or do you not involve the compliance officer?

Speaker 4:

Yeah, I think that's a great question and one that really , uh, every organization needs to figure out how they're dividing responsibility and the expectations for communication between the legal side and the compliance side. Uh, and there's no, I think one right way to do it. Um, Melissa pointed out, you wanna retain attorney-client privilege over as much as you can. Um, and so there's advantages to engaging with your legal office , uh, internally and externally. Um , at the same time, you've got that compliance capability and there are a lot of things that can be handled, I think, more efficiently , uh, perhaps , um, through that route. But there's, you know , uh, and these things can change over the course , uh, when facts are gathered, but I think it's something that , um, organizations need to think about, and outside counsel and inside counsel should be guiding and thinking about having ground rules. I mean, in general, compliance and legal have to interact and communicate and be an effective team , uh, because their , their functions while distinct are , uh, have some real parallels. So , um, I think that the basic , um, dichotomy that you laid out, ritu makes a lot of sense. You know, you can receive a CID you get lawyers involved in general, you get a hotline complaint. In general, the compliance , uh, department's gonna handle that, but , uh, they , there's gotta be that coordination and sort of triage , uh, and discussion throughout that process.

Speaker 3:

No, I agree with you, Greg, and I don't know, Melissa, if you have any other thoughts on that in terms of, right, you talked about maintaining that attorney-client privilege, and when you're doing that investigation, if it is something that falls out of the compliance space , right? We know that, that compliance officers are conducting investigations all the time, and Greg, who used to be in the OIG, wants there to be transparency through the compliance department. Um, so when is it that you then bring in legal counsel, whether internal or external, in order to maintain that privilege for that investigation? So any thoughts on that, Melissa?

Speaker 5:

Yeah, it's always a struggle. And I think to both of your points, it's really a case by case basis. What is the nature of the investigation? How did it come in? Who would be involved? Is your compliance officer someone very steeped in how these types of investigations are run? Are they practicing or former non-practicing lawyers? So all that is part of that determination. One consideration that I didn't initially think of , um, when I first started doing this, but definitely saw the advantages of the immediate issue could be to respond to the complaint, prepare the documents for a document request list , um, going ahead and preparing interrogatories. But there is a larger picture that if something comes up and you're doing an investigation as part of a CID or something else , um, that it's important for the compliance officer to be aware of these issues and to denote where there are opportunities for further trainings, coaching , um, process improvements that you wouldn't necessarily have insight to, if the , um, scope , uh, of knowledge for that or awareness is extremely limited. So I do think there is a time and place to bring in that compliance officer and function, whether it's to be part of the updates, it's something that you could clue them in on later as a kind of , um, frequent update process , um, versus being in all in on all of the , uh, very privileged conversations that you may have with counsel .

Speaker 3:

Right. No, and I, I completely agree with both of you. I think that is, it's so important at the outset to figure that piece out. And, and I think that if it comes to the hotline, you probably no brainer that the compliance officer is involved. But if it is something that the compliance officer has raised up to legal, then legal is running it and compliance is part of the team so that you can protect that privilege and not the, the department that's running the investigation. Um, and then in the terms of A-A-C-I-D , uh, they're oftentimes that is because there has been a relator. Uh, so you may then need the compliance department to talk to you and, and explain to you whether you're in-house or whether you're , you're outside counsel of, have you had any compliance complaints about this similar topic come through the, the compliance department, whether through the hotline or just in the ordinary course of the compliance work that, that the organization has been doing? Um, not that I think that the organization needs to spend a ton of time figuring out who the relator is. I mean, that's, that can just be something that you're spinning your wheels. However, if there is a thought that the relator is someone who is on your investigation team, you may need to think about what you do. 'cause obviously, the organization should not retaliate against the individual who brought the issue forward. But at the same time, if we are trying to protect privilege and we are trying to protect the, the strategy of the organization of how to respond to the particular , um, issue, it may take a moment to just see if the investigation team that you have, that's that tight team that's protecting the privilege is the appropriate group. Um, I've also seen organizations wrestle over when to bring in the board and how involved the board should be. Um, you know, I've worked with a , a number of organizations where the board truly has a fiduciary responsibility to the organization, but truly is a governing board. And so the CID let's say we take the example of the CID. The CID comes in and the general counsel reports up to the board, Hey, board, just wanted to let you know we've received a CID We're in the process of responding and looking to , we will provide you updates. And I think that's totally appropriate. I have seen at times where there are boards that they're doing a great job being actively involved, but they wanna know the nitty gritty details and they wanna have weekly updates of what's going on. I , I think sometimes that makes me feel a little uncomfortable , uh, because then you're moving from the governance to the operations. And if board then board's actions then feel like they're really involved in the day-to-day of the investigation, I think that could open up , um, the government to maybe them looking into actually the actions of the board as well, if they were even involved, let's say, with the decision of, of whatever the subject is for , for the investigation. Um, so Greg, being a former OIG investigator, any thoughts on, on that in

Speaker 5:

The government's role in these investigations?

Speaker 4:

Yeah, well, I think , um, I, I totally agree. Um , in , on the issues that you raised and the sensitivities, I would say there are cases where, you know, if you're uncovering facts that point toward upper management , uh, leadership, that's a red flag. And that sort of changes the equation , um, in terms of timing and interaction with the board. But yes, I, I would generally say that , um, the board should be a , a step removed , um, and let the process play out with updates as appropriate. Um, and we know this, this is coming into play more and more. We see in the, in the context of private equity, where the government is looking for that link to show, if you've got board members that are representatives of the private equity investors and they are engaged in management decisions or getting , um, going down to a level that is not at the governance and oversight area , um, you are possibly giving facts or there are facts then out there for the government to be looking into, to try to make that argument. Um, that it's not just the entity , um, that may be liable for this conduct, but that there could be liable liability for the private equity investor or any other investor or any other board representative that's engaged in , um, the operations of the company. And, and this gets tricky. It, you know, plays into whether and how and when you disclose conduct, because there may not have been involvement at the front end at whatever was , uh, caused the problem. But we know there's an , uh, the government is very focused on self-disclosure. So then you , um, you have an issue of how are , are , is at the board level, are they shaping the investigation and making decisions about , um, whether and when to disclose that could lead to liability and the board should be involved ultimately in those decisions. But at what point? Um, and , um, so there's a, there's a balance to be drawn and there's a risk , um, of too much engagement or engagement that then opens the door to , um, the government arguing that there's a , um, a broader scope of liability up the chain

Speaker 5:

For sure. Um, and maybe the three of us can put in a, a golden rule, limit your scope as much as possible to accomplish the purpose that you need to convene the group for . Um, I'm sure we could say that more articulately <laugh> , but , um, maybe that's something to keep in mind. Um, and I was thinking too, it's not just kind of the escalations up and down executive board, but it's also external , well , maybe not externally but out. Mm-Hmm , <affirmative> , do you have to engage a billing coding specialist or hr? A a lot of the hotline complaints are my managers being mean to me, is that, you know, something that's more HR focused . So all different considerations.

Speaker 3:

I I think you're right, Melissa, right? I mean, if you're, if you're looking at the other individuals across the organization that might contribute to the internal investigation, they could just be in a silo, right? They may not be in that , um, circle of trust, <laugh>, we call it that, of , of talking about the litigation strategy, the response strategy, you know, what are we thinking? What are we looking at? And maybe that way you're able to ensure that you don't have so many people outside that are involved with the strategy process for the investigation, but they are involved with the investigation. So I think you're, I think you're exactly right there. And , and Greg, to your point about the board's involvement , um, in terms of the strategy for self-disclosure, right? Is it the board that's making the decision of whether you disclose or not, which I , I think is really an operations decision with slight caveat, meaning what if the organization reports back up to the board and says, yep , we looked at it, Nope , we're good. We're not gonna , you know, we're not gonna self disclose, and this obviously would be different than a CID, right? This would be some type of issue that came up internally and they say, yeah, we're good. We're not gonna self disclose , or, you know, we're not gonna claw back money, you know, in order to kind of stop a stark issue from continuing to occur , um, or a , a kickback issue from continuing to occur, we're fine. I think at that point, you definitely want the board to raise the flag and say, Hey, wait a minute. You know, I remember that compliance training that you told me about. This sounds like something that needs to be disclosed. And I don't think the board should shy away from questioning the organization if they feel that a disclosure is appropriate, and then make the, the management report up to them of why are we not going the route of a disclosure, right? I think that's totally appropriate, but the other part of the management coming up to the board and saying, Hey, board, should we disclose or should we not? That I think is outside the purview of the board. Would you agree?

Speaker 4:

Yeah, I agree. I think you've articulated it much more effectively than when I , that my mention of it. But I think that your example is a great one and also , um, of sort of , uh, you know, a decision not to, to , uh, disclose. Similarly, if the board is aware that something has been under review for a long period of time, particularly given there's a 60 day overpayment repayment rule , um, they should be getting updates on the stat , the general status. And that would also be an area where the board could jump in and make an inquiry. What is the status of this matter? Um, how are , if there's a potential overpayment, have we identified it? How far away are we, you know, the , the time doesn't, the clock doesn't start ticking under the rule until you've identified an overpayment, but the government is going to be very leery of very long periods leading up to , uh, the identification of an overpayment. And so again, that's, that is management's responsibility, but there are, at a certain point , um, that is something that the board should be inquiring into.

Speaker 5:

I agree , wasn't the rule of thumb six months for a reasonable investigation, unless the facts are , um, specifically indicate more time may be required. I'm wondering if it's a good time too, to talk about the factors for and against disclosure and considerations that come into play. I mean, this is the main struggle. We can set ground rules for how to conduct investigations and, and , um, what we do to evaluate the risk and who gets involved. I feel like this is the most fact specific determination , um, case by case risk tolerance. Um, other business considerations at play. I mean, the easiest course of action would just be to return, let's say, an overpayment in the normal course of business. They want you to do that. That's, that's specific in the guidance and there's mechanisms to do that. But I think there's so many thorny issues involved with how you disclose the level of formality all the way up to a formal self-disclosure.

Speaker 4:

Yeah, and I think that this, this plays into knowing who, what, what the scope of the remedies are and the agencies that could be involved in those remedies. Uh, you know, the, my old office, the OIG has a very robust self-disclosure protocol that's pretty transparent. The benefits of it, I think are substantial for certain types of cases. There's clarity there. Um, the department of the criminal division at the Department of Justice has done a lot, has provided a lot of guidance to promote self-disclosure. But what we don't, in my view, have fully, is something similar from the civil division that relates to the False Claims Act, which is the biggest , uh, risk factor for healthcare and life sciences companies , um, as opposed to other areas of , um, the economy where there maybe the criminal prosecution is a more realistic , um, and substantial risk. So there's a lot, you mentioned risk tolerance, Melissa. I think that's so key to be count talking to the client about where are you on these things ? Because ultimately it comes down to what, what protection do you want? And a lot of that's gonna be driven by the facts as you gather from the investigation, but a lot of it relates to what you're comfortable with among a range of options. And there's no clear path for a lot of these circumstances, and there's a judgment call to be made. Um, and what, you know, when we think about our clients, the best we can do is give them all of those factors and a recommendation to the extent that they want one.

Speaker 3:

Yeah, I agree, Greg. I mean, I, I think that is a struggle , um, that I have when I'm working with clients all the time. And we spend a , a significant amount of time of what avenue do we go through for the particular issue that's come forward. Um, obviously with the CID it's already in the government's hand, right? So I mean, there isn't, there isn't really a self-disclosure with that. It's mo mainly when something has come up internally , um, and it's, you know, what is the impact, obviously, like you said, with the OIGI mean, we know it's time and a half, right? So, you know, I mean, you, you determine that. So then you, you talk about, okay, is this something that is a, a small amount? And then obviously we know that we've got the different thresholds, right? It's not even appropriate to go to the OIG unless it's a certain amount of threshold, which means that you had to at least quantify the issue before you're having that discussion. Um, I , I think if you're going through like the A USA route, sometimes it's the reputation of the organization. Sometimes it's the relationship you have with the local A USA of whether you're going to go that route. I know there are times when I'm talking to clients and saying, well, if we have this public policy argument or discussion that we wanna have, or , um, if it will take us so long, way more than six months to unravel the why this happened and, and where the issue is, maybe it makes more sense to sit down and have a discussion with the A USA who might have the temperament to sit and talk through the investigation. Whereas, and Greg, tell me if I'm incorrect, but my impression of when we're going to the OIG is we really need to have our investigation pretty wrapped up, right? You're going to the OIG and saying, I've completed my investigation. I think our, our liability is $1.1 million, single damages, we know that's gonna turn into time and a half. This is what we've done and here's our corrective actions. And you kind of tie it up in a pretty bow and hand it to the OIG. Whereas with the AUSAs, I think there is a little bit of that unraveling. And if the unraveling is gonna take two years to figure out in , in the interest of policy, it may make sense to go to the, the A USA now to say, look, we've uncovered this issue. We wanna talk, you talk through it so that we can identify the source so we don't have the issue occur again. So any thoughts on that?

Speaker 4:

Yeah, I think, I think you're right. I mean , uh, there is, there's a sort of , um, a little bit of flexibility built into the OIG protocol to say, you can submit and then you've got some time to finalize. But OIG had tightened that up over the years because we had, you know, when I was in the agency situations where people would say, well, we think there's a problem, but we'll get back to you. And so OIG has said, no, you've come in, you better be ready to finalize it pretty quickly. And really, the OIG protocol is better for smaller, more limited issues, because ultimately, OIG is gonna check with the Department of Justice, and if you've got a $50 million case , um, DOJ is much more likely to get involved. Um, and so you, you think of that through ahead of time, whether you'd want to go to a US attorney's office, maybe main justice, you can still go through the OIG protocol. Um, and there's adv , you know , one , I'll just mention one area, and that is kickbacks, which we all know is a huge part of the government's healthcare fraud enforcement efforts. And one , uh, context , uh, to be aware of is that under the OIGs statute, the Civil Money Penalty statute, the measure of damages for under the kickback statute are much, well, it's the amount of the remuneration or the kickback as opposed to the Department of Justices view under the False Claims Act, that it's every claim that results from that kickback. So the 1.5 multiplier applied under the OIG Civil money penalty can be much, much lower than it is , um, under the False Claims Act. So that's something to definitely consider as you weigh those options, because if you go in with OIG, you might be able to settle particularly a smaller case with them, but even if DOJ gets involved, you've at least initiated those conversations with the government. And OIG has said they will advocate for a resolution that's consistent with their protocol,

Speaker 5:

Right? And I do think that the cases we see are self-selecting, they really are the most egregious or most , um, risky cases because we are brought in to handle those issues. I think a lot of the day-to-Day issues , um, compliance-wise that companies face are just, do we tell our client , you know, do we tell patients? Um, so a lot of it is just temperature readings of the relationship between the parties , um, you know, is it likely to be discovered anyway through some kind of audit or , um, you know, pre readiness review. Um, and, you know, at the end of the day, the biggest consideration is what is the risk to patients , um, patient harm issues , um, overpayments issues. A lot of times we focus on, you know, the money or what the government may have to shell out that they didn't have to. But , um, a lot of these day-to-Day compliance issues , um, could risk harm to patients. And I think in those situations, those are easier calls to make. Um , because everyone , um, is really well intentioned , I'd like to believe, and that we , uh, wanna approach

Speaker 3:

It in the right way and do the right thing. Melissa, that's a bit , oh, I'm sorry. Go ahead, Greg.

Speaker 4:

No, go ahead, Rita .

Speaker 3:

I was gonna say, Melissa, your point there is, is so , um, timely for something that I'm working on right now where we, we do think that there could be a patient harm issue. Um, and so we've got parallel tracks running of, you know, disclosing to the government, making the repayment, but also making sure that patients are informed. And right now, the , the conversation has been, okay, we might be at the point of telling patients, but do we tell the patients before we make the repayment? Um, and so that is a , a big consideration that we're doing right now, because you're exactly right. I mean, all of the work that we're doing is really about the patient, yes, the money, but it's really about the patient and making sure that we're protecting patients and, and, and not furthering any additional harm that may have been caused by whatever the error was, right? If it was a billing error, if it, if it was a , an error of judgment, meaning, right? If it's a kickback or stark , I mean, most of our clients will argue that that's a technical issue, right? Whether we paid appropriately or had something memorialized, but we do believe that our physicians were doing the right thing for the patients. Uh , but oftentimes when you're on the side of medical necessity or documentation, there's a question of whether the services that were provided were appropriate to begin with. And so that is , um, definitely I think a consideration that that runs parallel and then beyond kind of what we are dealing with right now. But then on top of that, it's do we have disclosures to manage care organizations as well in addition to our obligations , um, to the government? So, so lots of considerations.

Speaker 4:

Yeah , and, and I just , uh, you know, the , the concern about patient care I think has to be paramount. And , uh, and obviously that's how the government looks at it too. So the more your facts , um, lead to those potential harms to patients, the more seriously are , you know, we're gonna take it, the client's gonna take it, but also the government is going to be much more concerned about it and more likely to bring , uh, more, a more serious enforcement action, particularly if it feels like the company has not responded appropriately , um, and dealt quickly to deal with it. And , um, you talked , Ritu was saying, you know, these are judgment calls. When do you notify patients? There's one example. Um , and there's no perfect answer playbook for that either. And I think that it's important as you , uh, think through and make these decisions to , um, figure out a way to make sure you've got a good , um, record or a way of being able to explain that to the government later. 'cause , um, at least from my perspective, when I was in the government, it's not like, I mean, we know issues arise , um, but how do you deal with it? Do you , are you making judgements that you , that are reasonable given what you know, and , um, knowing that there's multiple options. So that's also something that , something to think about throughout this process. You also have to factor in the privilege issue. How do you , uh, best , um, deal with that? But to me there's a way to , uh, for example, on the compliance side, for the compliance officer to keep at least a , a , um, a non-privileged explanation of what's being done to , uh, to best to improve operations or, or remediate , um, without getting into the scope of the investigation.

Speaker 3:

No, I think you're, I think that's a, a great point about documentation, right? And then that goes back to the compliance officer with the non-privileged recitation of what's going on. But then on your, your circle of trust group also a , a discussion or a documentation of the, the decisions that have been made and why , um, right. I mean, most of our clients are not making decisions of, oh, well let's do this so we don't pay money back, right? It's, let's do this because we think this is what's most appropriate and the timing of it, right? We feel that it's more appropriate for us to go to the patients first and then to go to the government or, you know, we need to make sure that our patients are taken care of. And so, okay, and Melissa, to your point, when you were talking about the six months, maybe then it might be longer than six months before you go to the government because you really felt strongly that you needed to handle the issues with the patients first before really thinking about the amount of money that's owed to the government. And, and I think I've seen that we've had some investigations that have taken much longer than the six months, but as long as we are showing that it's deliberate speed that we are moving with in the investigation process and not stalling , um, you recall the, the case from years ago where there was some bad evidence that it looked like they had stalled for a couple of years in order to not pay as much. I've even seen clients take the position of, look, we had no intention of stalling, so instead of going back six years, we'll go back to seven years, you know, had we completed the investigation in a timely and timely manner. And I think that's really what the government is looking, is looking at in terms of, you know , making your best efforts. Well, Greg and Melissa, unless you have any final thoughts, I think the three of us could probably talk about this for hours. Um, it's evident that, that we love what we do and we really are, are being mindful when we're working with our clients. Um , but if any, any parting thoughts, if not, we'll wrap up.

Speaker 4:

It's been a pleasure , uh, talking with both of you as always.

Speaker 5:

Same here. You both are in my circle of trust, so , um, that's always good.

Speaker 3:

Likewise for me. Well, you guys, thank you so much for your time and thank you to HLA for allowing us to , to talk this morning about the things that we are constantly considering with clients as we are conducting these internal investigations or responsive investigations to cis .

Speaker 1:

Thank you. Thanks.

Speaker 2:

Thank you for listening. If you enjoy this episode, be sure to subscribe to a HLA speaking of health law wherever you get your podcasts. To learn more about a HLA and the educational resources available to the health law community, visit American health law.org.