MD - Health Care Compliance Association

Volume Eight
Number One
January 2006
Published Monthly
Meet
Greg Jones
Law Enforcement Liaison,
Prescription Drug Benefit,
CMS’s Program Integrity Group

At the end of January,
the Health Care
Compliance Association
will move to its new
headquarters located at:
6500 Barrie Road,
Suite 250
Minneapolis, MN 55435
While our address
will change, our telephone
and fax numbers will
remain the same:
Toll-free phone:
888/580-8373
Local phone:
952/988-0141
Fax:
952/988-0146
And you can always
reach us via e-mail at
info@hcca-info.org
or on our Web site at
www.hcca-info.org

ASK
ON
THE
LEADERSHIP
ONCALENDAR
JOHN ASKS THE HCCA
LEADERSHIP YOUR QUESTIONS
JOHN FALCETANO
Editor’s note: Beginning with this issue
of Compliance Today, HCCA will
feature this column—John Asks the
HCCA Leadership Your Questions.
John Falcetano, Chief Audit/Compliance Officer for University
Health Systems of Eastern Carolina and a long-time member of
HCCA, knows that members frequently have good questions that they
would like to ask leadership, but for some reason or another, they are
never afforded the opportunity. This column has been created to
afford them that opportunity. Members may submit their questions to
John and and he will publish the HCCA leadership response in a subsequent
issue of Compliance Today. If you would like to ask a question
of leadership, please submit your question via e-mail to
Jfalcetano@cox.net
Question: What is the best way for a member to study for the CHC
examination Is there some type of training offered to prepare a
candidate and if so, what types of topics are covered in the training
sessions
Leadership’s Response from Debbie Troklus: The best prep for
the CHC certification exam is to attend one of the HCCA’s Academies
(basic and advanced), although the Academies are not required to sit for
the exam. The Academies, which are offered five times a year, cover all
topics that are on the exam.
The exam is based on the seven elements of an effective compliance
program, as outlined by the Federal Sentencing Commission. The
HCCB Candidate Handbook actually reviews in great detail the content
outline for each of the elements. It is a good idea to review the
content and determine in what areas an individual feels weak, and then
study those particular areas.
I would advise reading the Health Care Compliance Professional’s
Manual and Compliance 101. The HCCA also has a practice test on
its Web site as well as a practice test in the HCCB Candidate
Handbook.
HCCA • 888-580-8373 • www.hcca-info.org
2006 CONFERENCES (BY STATE):
Anchorage, AK
■ Alaska Area Meeting
July 13-14
Scottsdale, AZ
■ Compliance Academy
June 5-9
Los Angeles, CA
■ Compliance Academy
February 6-10
San Francisco, CA
■ Advanced Academy
June 19-23
San Diego, CA
■ West Coast Area Meeting
July 28
Denver, CO
■ Mountain Area Meeting
August 25
Orlando, FL
■ South Atlantic Area Meeting
January 27
Atlanta, GA
■ Southeast Area Meeting
February 10
Honolulu, HI
■ Hawaii Area Meeting
October 19-20
Chicago, IL
■ North Central Area Meeting
October 6
Baltimore, MD
■ Northeast Area Meeting
March 3
Boston, MA
■ New England Area Meeting
September 8
Detroit, MI
■ Upper North Central Area Meeting
June 16
Minneapolis, MN
■ Upper Midwest Area Meeting
September 15
Kansas City, MO
■ Midwest Area Meeting
August 4
Las Vegas, NV
■ 10th Anniversary Compliance
Institute, Caesars Palace
April 23-26
■ 3rd Annual Research Conference
September 17-19
Pittsburgh, PA
■ Mid Atlantic Area Meeting
September 29
Nashville, TN
■ South Central Area Meeting
November 10
Dallas, TX
■ Southwest Area Meeting
February 17
Seattle, WA
■ Pacific Northwest Area Meeting
June 2
NATIONAL CORPORATE
COMPLIANCE AND ETHICS WEEK
■ May 21-27
INSIDE
2 HCCA New
Headquarters
3 Ask Leadership
4 OIG 2006 Work Plan
5 HCCA Audio
Conferences
9 Improving revenue
15 Meet Greg Jones
17 OIG issues draft
compliance
guidance
20 Letter from the CEO
23 HCCA seeks your
contributions
24 Nonprofit, tax-exempt
organizations
29 NDC numbers, drug
claims, and FCA
31 A new value
proposition
32 Introducing Alan
Pierce
34 HIPAA EDI 835
37 CHC Certification
38 OIG roadmap for
effective compliance
45 New HCCA Members
3
January 2006

defendants. Further, during this same period, a
total of 459 defendants were convicted for
health care fraud related crimes. In 2004, the
DOJ also pursued 868 new civil health care
fraud investigations and filed complaints or
intervened in 269 civil health care cases.
By Sidney Summers Welch and Sara Kay Wheeler
Editor’s note: Ms. Sidney Summers
Welch and Ms. Sara Kay Wheeler are
partners in the Atlanta office of Powell
Goldstein LLP where they focus their
practices exclusively in the area of health
law. Ms. Welch may be reached by telephone
at 404/572-6754 or by e-mail at
swelch@pogolaw.com. Ms. Wheeler may
be reached a by telephone at 404/572-
6905 or by e-mail at swheeler@pogolaw.com.
The authors would like to
thank Kinshasa K. Williams for her
assistance in preparing this article. Ms.
Williams is an associate in the office of
Powell Goldstein LLP, where she practices
in the firm’s Health Care Group.
On November 16, 2005, the United
States Department of Health and
Human Services (HHS), Office of
Inspector General (OIG), published its Fiscal
Year 2006 Work Plan. 1 The primary purpose
of the Work Plan is to articulate to the
provider and supplier community the areas of
highest risk in the programs and activities
administered by HHS and to provide a road
map of areas in which providers can expect
the OIG to pursue enforcement activities.
With the staggering financial recoveries
achieved by the U.S. Department of Justice
(DOJ) and HHS in recent years, health care
organizations transacting business with the
federal health care programs should review
this publication to identify any vulnerabilities
that may pertain to their operations. In combination
with the OIG’s series of Compliance
Program Guidance (CPGs) for various industry
sectors, such as hospitals, physicians, and
pharmaceutical companies, 2 compliance officers
should view the Work Plan as an annual
guide for updating and for effectively focusing
to update and their organization’s internal
compliance efforts, particularly auditing projects
designed to measure risk. Since the Work
Plan covers a wide variety of issues and
provider categories, the purpose of this article
is to highlight those issues that may be most
relevant to hospitals and physicians.
The enforcement environment
is intense
To put the usefulness of the Work Plan in context,
it is first helpful to consider the ongoing
efforts and successes of HHS and the DOJ to
combat health care fraud and abuse. In 2004
alone, HHS and the DOJ won or negotiated
more than $1.5 billion in enforcement
actions. 3 Also in 2004, the U.S. Attorneys’
Offices opened 1,002 new criminal health care
fraud investigations involving 1,685 potential
defendants; federal prosecutors handled more
than 1,625 criminal health care fraud investigations
involving 2,361 defendants; and filed
criminal charges in 395 cases involving 646
With the increase in enforcement and criminal
actions for health care fraud and abuse, it
has become increasingly important for organizations
to pay close attention to issues
proactively raised by either HHS or DOJ,
such as those listed in the OIG’s Work Plan.
It is also important for providers to recognize
that many of the target areas articulated in
the Work Plan are often initially identified in
OIG and DOJ enforcement actions. For
example, by the end of fiscal year 2004, several
False Claims Act settlements were
reached in cases involving the submission of
dialysis claims. Correspondingly, the 2006
Work Plan identifies a “new area” of interest
as payment for “observation services” versus
“inpatient admissions” for dialysis services. 4
Work Plan—a critical compliance tool
As a general matter, a well-designed effective
compliance program will identify and reduce
risk, improve internal controls, and measure its
own effectiveness. First, an organization must
identify those risks deriving from its relationship
with federal and state health care programs.
This process will involve a proactive
and prospective examination of the risk for
abuse that exists within the organization.
Second, as an organization identifies and
assesses its risk it must take action to fortify
internal controls and processes to minimize
those risks. Third, the organization must evaluate
on an ongoing basis whether it has been
successful in addressing those risks. The Work
Plan serves as an excellent resource on which
compliance officers may review their organizations’
compliance objectives to align or realign
Continued on page 6
January 2006
4
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org

Join us for the following
HCCA Audio
Conferences
Get the latest “how-to” information—tools and advice you
can use daily without even leaving your office! Register on
the HCCA Web site—www.hcca-info.org. You will receive an
e-mail a few days before the conference with any conference
handouts, and dial-in information and instructions.
➤
➤ Medicare Coverage Review
Speakers: Lisa Murtha and Ryan Meade
January 12 and 19
➤
➤ Medicare Part D
Speakers: James G. Sheehan and David Bloch
January 23
HCCA Audio Conferences are a fast
and easy way to aquire HCCB CEUs!
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
5

OIG 2006 Work Plan ...continued from page 4
their compliance goals with those issues important
to HHS for the upcoming fiscal year.
Compliance officers should use the Work Plan
to identify and focus their compliance efforts
on those areas of potential concern or risk that
are most relevant to their specific organization.
Such risk areas will naturally differ across
provider categories and operations such that
the compliance strategies that will need to be
pursued will also differ. However, because the
OIG’s efforts to address program vulnerabilities
is an evolving, on-going, year-round
process, compliance officers efforts should not
be limited to the areas addressed by the Work
Plan in their effort to assess risk.
OIG 2006 Work Plan
The fiscal year 2006 Work Plan is divided
into four sections. The first three sections
consist of ongoing and proposed work relating
to each of the major program operating
divisions of HHS, including CMS, the public
health agencies, and the Administration
for Children, Families, and Aging. The
fourth section contains projects that cut
across HHS programs, including state and
local government use of federal funds, and
the functional areas of HHS.
Risk areas for hospitals—The 2006 Work
Plan contains many areas that have been of
interest to the OIG in previous years. Of the
twenty-five focus areas listed for Medicare
and Medicaid Hospitals in the 2006 Work
Plan, only seven of these areas are new issues
that were not previously identified in other
Work Plans.
New focus areas
The OIG has added the following new focus
areas to the 2006 Work Plan:
■ Adjustments for Graduate Medical
Education Payments—The OIG will
determine if audit adjustments for direct
and indirect graduate medical education
that fiscal intermediaries make while settling
Medicare cost reports were properly reflected
in revised Medicare reimbursement.
■ Payments for Observation Services
versus Inpatient Admissions for
Dialysis Services—As noted previously,
the OIG will evaluate whether payments
made for inpatient admissions in connection
with dialysis services were consistent
with the level of care needed as documented
in physicians’ orders.
■ Inpatient Hospital Payments for New
Technologies—The OIG will examine
the costs associated with new devices and
technologies to determine if reimbursement
to hospitals is appropriate.
■ Inpatient Psychiatric Hospitals—The
OIG is interested in whether payments to
psychiatric hospitals under the prospective
payment system have been made in accordance
with the Medicare laws and regulations.
Specifically, the OIG will examine
outlier payments and payments made for
interrupted stays.
■ Outpatient Department Payments—
The OIG will also review the appropriateness
of payments made to hospital outpatient
departments, especially those made
for multiple procedures, repeat procedures,
and global surgeries.
■ Unbundling of Hospital Outpatient
Services—The 2006 Work Plan indicates
that the OIG intends to determine the
extent to which hospitals and other
providers are submitting claims for services
that should be bundled into outpatient
services. Medicare prohibits the unbundling
of hospital services to include outpatient as
well as inpatient services since the practice
could lead to unnecessary Medicare
expenditures.
■ “Inpatient Only” Services Performed in
an Outpatient Setting—The OIG will
further determine if Medicare payments
for certain services provided in an outpatient
setting are appropriately being
denied when Medicare covers the service
as “inpatient only.” The OIG is also concerned
about the extent to which
Medicare beneficiaries are held liable for
denied inpatient claims for these services.
Recurring focus areas in the
2006 Work Plan
The following are recurring focus areas contained
in the 2006 Work Plan that may be of
importance to hospitals in the upcoming year:
■ Inpatient Prospective Payment System
Wage Indices—Continuing its pursuit of
a concern first identified in 2005 Work
Plan, the OIG in 2006 will examine
whether hospital and Medicare controls
are adequate to ensure the accuracy of the
hospital wage data used for calculating
wage indices for the inpatient prospective
payment system. The thrust of this project
is to determine the effect on the
Medicare program in terms of potentially
incorrect DRG reimbursement.
■ Rebates Paid to Hospitals—This year, the
OIG will continue efforts to determine
whether hospitals are properly identifying
purchase credits as a separate line item in
their Medicare cost reports. Rebates paid
to hospitals were also a concern cited in
the Fiscal Year 2006 Work Plan.
■ Outpatient Outlier and Other Charge-
Related Issues—Consistent with the
agency’s long time concern listed in 2003,
2004, and 2005 Work Plans, the OIG will
again in 2006 continue its efforts to determine
whether outlier payments to hospital
outpatient departments were made in
accordance with applicable Medicare rules
and whether current Medicare reimbursement
mechanisms appropriately reimburse
providers as intended.
■ Hospital Reporting of Restraint Related
Deaths—Also an issue in 2005, the OIG
January 2006
6
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org

in 2006 will assess hospital compliance
with the Medicare conditions of participation,
which require hospitals to report all
patient deaths that may have been caused
by restraints or seclusions.
■ Medicaid Diagnosis-Related Group
Payment Window—A long-time issue
since 2003, Medicaid diagnosis-related
group payment window was an issue previously
reviewed by the OIG in the
Medicare program. The OIG found that
hospitals had improperly submitted separate
Medicare billings for inpatient-stayrelated
laboratory and other services performed
within three days of admission.
The OIG will determine whether prospective
payment system hospitals submitted
Medicaid claims for inpatient-stay-related
laboratory and other services within three
days of the hospital admission and the
potential cost savings that would result
from State prohibition of this practice.
While this effort may have a more immediate
effect on state Medicaid agencies, the
notification is important for hospitals participating
in state Medicaid programs.
■ Hospital Eligibility for Disproportionate
Share Hospital (DSH) Payments—As in
fiscal year 2005, the OIG will continue to
determine whether States are appropriately
determining hospitals’ eligibility for
Medicaid DSH payments.
Risk areas for physicians and
physician practices
The 2006 Work Plan’s focus areas for physicians
and other health professionals reflect
some recurring themes from last year’s Work
Plan. With the exception of two new focus
areas—”Payment to Providers for Initial
Preventive Physical Examinations” and
“Potential Duplicate Physical Therapy
Claims”—all of the focus areas identified in
this section of the 2006 Work Plan were
identified in the 2005 Work Plan.
The Medicare Modernization Act added coverage
under Part B for an initial preventive physical
examination, including a screening EKG for
new Medicare beneficiaries effective January 1,
2005. Medicare is interested in evaluating the
impact of these exams on payments and physician
billing practices since physicians have the
opportunity to claim higher payment under
code G0244 for services that already may have
been performed in a past evaluation and management
visit. Furthermore, these exams must
include certain documented components,
including height and weight measurements,
blood pressure, medical and social history
review, an assessment for the potential for
depression, and an evaluation of functioning
ability. For potential duplicate physical therapy
claims, Medicare is interested in determining
whether audits are adequately identifying potential
duplicate physical therapy claims submitted
to Part A and Part B contractors, in follow-up
to a fraud alert issued in May 2004 by CMS.
The issue of “Long Distance” Physician Claims,
specifically regarding the provision of services
for an ongoing illness at a practice well outside
of the beneficiary’s location, appears to be a persistent
area of concern, dating back to 2003.
The recurring physician-specific focus areas
identified by the 2006 Work Plan include
the following:
■ Propriety of contractual relationships
between billing companies and physicians
and their impact on physicians’ billings
■ Improper Medicare payments for physicians
employed by the VA while those
physicians also billed for services rendered
at other hospitals during the time the same
physicians were on duty at a VA hospital
■ Compliance of care plan oversight in the
hospice setting with Medicare regulations
■ Inappropriate orders or performance of
services by physicians excluded from federal
health care programs
■ Compliance of in-office pathology services
with Medicare Part B requirements and
relationships between physicians providing
in-office pathology services and outside
pathology companies
■ Appropriateness of professional and technical
component billing for cardiography
and echocardiography services, including
using the 26 modifier where the physician
performs the professional interpretation
separately from the technical component
■ Medical necessity, adequate documentation,
and physician certification statements for
physical and occupation therapy services
that improve or restore functions, prevent
further disability and relieve symptoms
■ Evaluating medical necessity and billing
compliance for Part B mental health services
provided in physicians’ offices
■ Assessing medical necessity and billing
compliance for wound care services billed
by physicians
A number of focus areas identified outside of
the “Medicare Physicians and Other Health
Professionals” section of the 2006 Work Plan
are applicable to physicians and their practices.
Physicians should be aware of these
“hot spots,” and, to the extent they are applicable
or common to their practice, these
issues should be addressed by and incorporated
into their compliance efforts for 2006.
These areas include focus on the following:
■ Medical necessity and simultaneous
implantation of coronary artery stents
■ Medical necessity, adequate support, and
actual provision of rehabilitation and
infusion therapy services in the skilled
nursing facility setting
■ Medical necessity and excessive billing of
imaging and laboratory services in nursing
homes
■ Oversight of hospice providers
■ Documented medical necessity of therapeutic
footwear
Continued on page 8
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
7
January 2006

OIG 2006 Work Plan ...continued from page 7
■ Documented medical necessity and actual
receipt of durable medical equipment
■ Medicare drug reimbursement generally,
including focus on acquisition and reimbursement
under the average sales price,
oral antiemetic medications, and duplicate
payments for Part B drugs
■ Prior approval for services provided, physician
supervision, and licensure of personnel
performing tests in Independent
Diagnostic Testing Facilities (IDTFs)
■ Documented medical necessity for appropriate
services provided in Comprehensive
Outpatient Rehabilitation Facilities
(CORFs)
■ Part B payments for inpatient radiology
services
■ Pricing of laboratory services provided to
Medicare patients vs. patients covered by
other payors
■ Controls for identifying inappropriate
payments for or utilization of covered preventive
care services
■ Physicians’ roles in over prescribing
OxyContin and other prescription drugs
Finally, in addition to these focus areas, in
light of the recent advisory opinions, fraud
alerts, corporate integrity agreements, and
ongoing investigations, physicians should take
the opportunity in 2006 to catalogue their
current relationships with other providers and
suppliers in the health care industry and consult
qualified counsel to determine whether
those relationships are compliant with federal
and state laws, particularly the federal Anti-
Kickback Statute and Stark II. ■
1. The OIG Fiscal Year 2006 Work Plan is available at
http://www.oig.hhs.gov/publications/docs/workplan/2006/
WorkPlanFY2006.pdf
2. The OIG first issued a CPG for hospitals in 1998 (“1998
CPG”). See OIG Compliance Program Guidance for
Hospitals, 63 Fed. Reg. 8987 (February 23, 1998). The 1998
CPG was primarily intended to encourage hospitals to design
and implement corporate compliance plans and programs. As a
supplement to this early guidance, the OIG issued the
“Supplemental Compliance Program Guidance for Hospitals”
on January 31, 2005 (“Supplemental CPG”). See OIG
Supplemental Compliance program Guidance for Hospitals, 70
Fed. Reg. 4858 (January 31, 2005). The Supplemental CPG is
focused on measuring and improving the effectiveness of existing
compliance efforts, identifies specific fraud and abuse risk
areas that hospitals should actively monitor, and describes the
OIG’s expectations regarding compliance program design and
guidelines for monitoring existing compliance programs.
3. See HHS and DOJ, Health Care Fraud and Abuse Control
Program (HCFAC) Annual Report For FY 2004 available at
http://www.oig.hhs.gov/publications/docs/hcfac/hcfacreport2004.htm.
During 2004, the federal government won or
negotiated approximately $605 million in judgments and settlements,
and it attained additional administrative impositions in
health care fraud cases and proceedings. The Medicare Trust
Fund received transfers of more than $1.51 billion during this
period as a result of these efforts, as well as those of preceding
years, and an additional $99 million in federal Medicaid money
was similarly transferred to the Centers for Medicare and
Medicaid Services (CMS) as a result of these efforts. The
HCFAC account has returned over $7.3 billion to the Medicare
Trust Fund since the inception of the program in 1997.
4. Specifically, in the 2006 Work Plan, the OIG noted that during
a recent audit it found that hospitals admitted patients for
dialysis treatment, which lasted from 24 to 48 hours in which
medical reviewers indicated that the stays were for the purpose
of observation rather than treatment. The CMS Intermediary
Manual requires the physician’s order to clearly state that the
level of care the patient requires; e.g., “admission to inpatient
status” or “admission to observation status.” Accordingly, the
OIG intends in 2006 to examine whether payments made for
“inpatient admissions” related to dialysis services were appropriate
given the physicians’ orders in the case.
Helpful Hints
Eight steps to take in using the OIG
Work Plan in your compliance program
■ Review the table of contents. It lists
the specific topics of concern of the
OIG by the type of organization
■ Highlight those areas that are potential
applicable concerns and high priorities
for your organization
■ Review, in detail, the OIG’s concerns
with the specific risk area
■ Analyze your organization’s
compliance program based on
those stated concerns
■ Determine whether your organization’s
compliance program is meeting its
established objectives and addressing
these particular risk areas for your
organization
■ Discuss this analysis with key individuals
of the organization’s compliance
team to focus your compliance program
on the specific areas of interest
of the OIG for the coming year
■ Educate the organization’s staff about
these identified risk areas
■ Ensure that an effective monitoring
system is established and put in place
To order Compliance Today (CT) complete this coupon
Full Name:
Title:
Organization:
Address:
City/State/Zip:
Telephone:
Fax:
E-mail:
HCCA individual membership costs $295; corporate membership
(includes 4 individual memberships, and more) costs $2,500.
CT subscription is complimentary with membership.
HCCA non-member subscription rate is $357/year.
❑ Payment enclosed
❑ Pay by charge: ❑ AmEx ❑ MasterCard ❑ Visa
Card #:
Exp. Date:
Signature:
❑ Please bill my organization: PO#
Please make checks payable to HCCA and return subscription coupon to:
HCCA, 5780 Lincoln Drive, Suite 120, Minneapolis, MN 55436.
January 2006
8
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org

By Susan C. L. Theuns
Editor’s note: Susan C. L. Theuns, It is at this point where many providers have
PA-C, CPC, CHC, is Operations difficulty understanding how they personally
Administrator & Compliance Director expect that medical necessity has been met
with MedStar Physician Partners. She and yet Medicare does not agree with them.
may be reached by telephone at
That’s because the determination of “medical
443/725-8713.
necessity” is not provider driven. Medical
necessity is established by Congress, the U.S.
There are a variety of ways that a Department of Health and Human Services
compliance program can improve (DHHS) and the Centers for Medicare and
the bottom line. One way is to Medicaid Services (CMS). Keeping this point
avoid expenses, such as being proactive with in perspective will help you follow the general
schematic of the process when dealing
coding audits to save you from fines and
penalties. Identifying high-level coders can with ABNs in the office practice setting.
also save you unwanted payer audits and possible
refunding. But one way to actually Additionally, an ABN must be completed
improve revenue is through the proper use of before the service has been provided. That
Advance Beneficiary Notices (ABNs). means that the office must be organized and
know their providers’ protocols and paradigms
when seeing scheduled patients.
Proper completion and use of ABNs can
■ reduce write-offs
■ improve cash flow
The ABN form
■ recoup potential or real lost revenue ABN forms have actually been around for
more than 20 years. The federal government
What is an ABN
has since developed the official ABN form,
An ABN is actually a waiver of liability that which is available at www.cms.hhs.gov
shifts the financial responsibility directly to the /medicare/bni/. CMS makes them available
patient. Most providers are contracted with in both English and Spanish as well as a general
use form and laboratory services form.
Medicare and are required to “accept assignment.”
The ABN allows a provider to bill the For simplicity, this article will be focusing on
patient if the service provided is not covered by the general use form. The version on this
Medicare (in other words, coverage is denied). Web site, June 2002, is the only version that
In situations where Medicare does not cover a providers should be using currently. Note that
service for lack of “medical necessity” or due to there are requirements when reproducing this
frequency guidelines, the ABN form notifies form—chiefly that the content remains the
the patient in advance of receiving the service same and that the font is a minimum of 12
that non-coverage is likely. Note that ABNs are point so that it is more readily readable. The
not needed for covered services or “sick visits.” form number is CMS-R-131-G.
Performing an ABN audit
Initially, the easiest way to audit your ABN
use is to run a billing report for the use of
the –GA modifier. The –GA modifier signifies
that a signed ABN has been obtained
and tells the payor (Medicare), that you have
an ABN and will be balance-billing the
patient if Medicare denies payment for the
service. Once you have the report (I would
suggest limiting the time to a six-month period),
you can randomly select five or 10 uses
of the –GA modifier per provider. In theory,
the medical office should be able to produce
a copy of the ABN for the corresponding use
of the ABN.
If the office is able to produce the corresponding
ABN, that’s a positive step. If they cannot—that
is indicative of a key problem that
needs to be addressed immediately. Of the
ABNs that they are able to produce, look at
the fields that are required to be completed,
see if they chose option 1 or option 2, and
whether or not the form has been signed and
dated. Having the ABN is only the first step;
many problems arise from there. In order for
it to be a legal document, all the necessary
fields need to be completed, an option must
be checked off, and it must be both dated
and signed.
What if they refuse to sign
Many patients, when faced with signing a
form that will make them financially responsible,
will simply refuse. If they are refusing
the service, then document their refusal.
However, most of the time, they want the
service but just don’t want to sign the form.
Patients think if they don’t sign the form but
get the service, it will be free. If they have
said that they want the service but refuse to
sign, simply fill out the ABN as you normally
would, check off option 1 (“yes, I want the
service”) and have a staff member who wit-
Continued on page 10
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
9
January 2006

Improving revenue through compliance ...continued from page 9
nessed the refusal to sign, sign the form. The
witness can write “pt. refused to sign” on the
form and then sign and date it themselves.
This makes the form as legally binding as if
the patient had signed the form.
Initial audit results
Our initial audit, which was run on both
medical sites and billing clients, yielded poor
results. All site/billing clients failed the audit.
Some of the problems encountered included:
■ Not using federal form CMS-R-131 G
■ Unable to produce the ABN
■ Essential field elements not completed
■ No options checked off
■ Estimated cost not filled in
■ Form not signed or not dated
As a corrective action plan, an aggressive
mandatory training program schedule was
made and all sites, along with numerous
clients, were trained on the proper use of
ABNs. A reference guide was developed as a
tool to help in the decision-making of when
to use an ABN and the corresponding modifiers.
Reminder stickers for the –GA and
–GY modifiers were given to data entry personnel
to place on their monitors.
Use of Modifiers –GA & –GY
One of the problems revealed by the audit
was that data entry staff did not know how
or when to append the appropriate modifiers.
Since most of the sites and many of the
clients perform this function at the medical
office, it was imperative to educate these staff
members on the modifiers.
The –GA modifier signifies that an ABN has
been signed. Any service provided where
medical necessity may be in question should
have an ABN signed and be billed with the
–GA (see Figure 1: ABN Reference
Guide on page 13). An example would be
an EKG performed as part of a preventive
care visit for a patient with hypertension.
The fact that the patient has hypertension as
a secondary diagnosis (with the primary diagnosis
as V70.0 routine PE) may be enough
for Medicare to reimburse for the EKG.
However, since it is being done as part of a
routine PE, it may not be covered. Another
example would be a patient receiving a pneumonia
vaccine. This particular vaccine is a
once-in-a-lifetime benefit under Medicare.
So, if the patient is 80 and had a pneumonia
vaccine when he or she was 65, or had one
previously from another provider and doesn’t
remember, the claim will be denied.
Therefore, this vaccine should also have an
ABN obtained and be billed with the –GA
modifier. In this case, it is more than the
service that would be given away should it
turn out that the patient already received the
once-in-a-lifetime—the initial outlay of cash
by the practice for purchasing the vaccine
would also be lost. For vaccines and injectables,
the administration for the vaccine
should also be billed with the –GA modifier.
Any exams, tests, or services that have frequency
requirements should also have an
ABN obtained to safeguard your ability to
balance bill if the claim is denied. An example
of such a situation would be a screening
pelvic/breast exam (G0101) and pap smear
(Q0091). This is a covered benefit only every
two years. If you are performing this annually
or the patient had it done elsewhere and
you don’t know about it, then you will lose
the revenue without a signed ABN and claim
billed with the –GA.
An ABN does not have to be completed for
services that are statutorily non-covered (see
Figure 1 on page 13). In the situations
where statutorily non-covered services are
performed, the data entry person needs to
append the –GY modifier, signifying that it
is excluded as a Medicare benefit. Using the
–GY will fulfill the “demand bill” requirement
and allow a medical office to collect
payment for the service(s) at the time of service
(just as you would collect a co-payment
on the same day as a visit). Claims billed
with the –GY will be denied by Medicare
and allow balance-billing the patient if payment
was not collected up-front. An example
would be for a routine or annual physical.
This service is statutorily non-covered by
Medicare, so you would bill the 99387 (new
patient) or 99397 (established) with the –GY
modifier and collect payment up-front. The
caveats here are (1) if the patient has additional
commercial insurance, the preventive
care visit may be covered, so wait for a denial
before balance-billing, and (2) although the
PE itself is non-covered, you will still need to
obtain an ABN for any screening tests that
are performed as part of the physical i.e.,
EKG, PPD, vaccines etc.
Re-audit in six months
After the staffs received their initial training,
a second audit was run at 6 months.
Expectations were high that there would be
vast improvements and that everyone would
pass. Unfortunately, this did not happen.
However, there were improvements in that
the –GA modifier was being used more often
and offices were able to produce a corresponding
ABN in most cases.
Phase 2 of the ABN training was now in
effect. All errors from the second ABN audit
were compiled and analyzed. They were broken
down into two areas: form completion
and modifier use. With the details of the
audit errors, an ABN Refresher Program was
developed.
The errors included:
■ Some sites still could not produce an
ABN when the –GA modifier was used
■ ABNs were used for covered services and
sick visits
January 2006
10
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org

■ ABNs were used for preventive care exams (this is statutorily
non-covered)
■ Forms were not completed fully (missing critical elements such
as services, reason, option, estimated cost, signature/date)
■ Some client offices decided not to use ABNs
The last error on the list is an interesting one. It really is not a matter
of choice as to whether or not an office uses an ABN. The Office
of the Inspector General (OIG) may consider failure to use ABNs or
to balance-bill to be inducements for patients. Inducements resulting
in a Stark II violation as a perceived kick-back may result in civil
monetary penalties. True, CMS is more interested in recouping its
own lost revenue rather than the lost revenue of a provider, but that
does not make it any less of an infraction.
Revise the corrective action plan
Using the errors from the re-audit, a revised corrective action plan
and training program was developed. Beginning with the form
errors, each line of the form was incorporated into the training program
with examples of “do’s and don’ts.” For example: the
BECAUSE section was often completed incorrectly with ICD-9
codes or written diagnoses instead of the reason why the provider
thought the service may not be covered. This and other form completion
problems with the SERVICES and BECAUSE sections led
to the development of a modified ABN that already has services
and reasons available for check-off. The use of a modified form
with check-off boxes enables a provider to:
■ prompt the proper use of the ABN
■ increase readability by limiting handwritten items
■ improve efficiency by making it faster and easier to complete
these sections
■ improve accuracy
The modifications can be customized to the services offered by the
office or specialty without compromising the integrity of the form
(see Figure 2 for a sample modified form on page 14).
The training program addressed each section and provided examples
of when to use and not use the ABN. The refresher program
was also offered to all staff members from registration personnel,
clinical staff (including providers), and check-out/data-entry clerks.
It was clear from the second audit results that there needed to be a
full awareness and coordination among all of these people in order
to make the use of ABNs successful.
Continued on page 12
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
January 2006
11

Improving revenue through compliance ...continued from page 11
In addition, the ABN Reference Guide was
revised with added services examples given
and estimated costs listed. Some of these
were prompted by reviewing the services
billed for Medicare patients such as the PPD
(purified protein derivative skin test for
tuberculosis screening). Many Medicare
patents at a particular office were being seen
for pre-admission physicals for assisted living
admissions. Since the PPD is being performed
as a screening test and not due to
exposure, it is not expected to be covered.
This and any EKGs or other admission tests
made mandatory by the assisted living facility
are not always deemed as “medically necessary”
by Medicare. Without an ABN being
obtained, the bills for these services would all
have to be written off.
Another common error was that neither
option had been checked off by the patient
(option 1 “yes, I want the service”, or option
2 “no, I don’t want the service”). The staff
was instructed to remind patients or to check
off option 1 in the patient’s presence if they
neglected to do so when they were signing
and dating the form. The document is not
valid without an option checked or without a
date and signature.
Bundled services
ABNs should not be used for “bundled services.”
Bundled services are certain services
that Medicare considers to be included in the
visit or procedure provided. Examples of
bundled services are:
■ Dip urinalysis (81002 etc.)
■ Pulse oximetry (94760)
■ Peak flow
■ Conscious sedation (99141)
■ Some prolonged services codes (99358-
99359)
Connecting the dots
The ABN should be attached to the chart or
encounter form (superbill) of any Medicare
patient being seen. This should be done at
registration. Even a sick patient often ends up
with potentially non-covered services being
performed “while they are there.” A sick visit
is often the opportunity used by either
patient or provider to receive additional services,
like screening tests or immunizations.
The medical assistant or nurse should have
the form ready for when the patient is in the
exam room and before any questionable services
are performed. It is imperative that the
services and reason (BECAUSE section) be
completed prior to the patient receiving the
services since it is up to the patient as to
whether or not they want any potentially
non-covered services. This is a CMS requirement
as well. Providers can add to or
append the items on the form as they see fit
in the course of their encounter with the
patient. Use of a reference guide can aid in
choosing which services may apply and can
also aid in supplying the estimated cost on
the form.
Now that you have a completed and signed
ABN, what do you do The clinical staff
needs to make sure that the form makes it
along with the encounter form/superbill to
the check out person or data entry clerk.
Here they can determine what is statutorily
non-covered (-GY modifier needs to be
added) or what needs to be billed with the -
GA modifier (items listed in the SERVICES
section of the ABN). The CPT or HCPCS
code(s) and ICD-9 code(s) should be linked
appropriately, modifiers appended as indicated,
and monies collected for any statutorily
non-covered services at this point.
When under a CAP agreement with
Medicare
The new Competitive Acquisition Program
(CAP) was scheduled to open for enrollment
in the fall of 2005. However, a combination
of vendor non-interest and national disasters
has now pushed back the process until tentatively
summer 2006. If and when this goes
into effect, providers who have signed up for
the program may be responsible for getting
ABNs signed for a third party i.e., a pharmaceutical
distributor. Therefore, it is important
to learn how to successfully execute a proper
ABN so that providers will be prepared to
take on this function for a third party in the
future. Unless the structure of the proposed
CAP agreement changes significantly, be
ready to gear up.
Conclusions
A properly executed ABN will:
■ Allow you to balance-bill the patient
■ Help recoup otherwise lost revenue
■ Reduce write-offs
■ Improve cash collection, cash flow, and
revenue
Although the use of ABNs may seem to be a
burdensome task, the end result will be a
boost to your bottom line. Education, training,
and coordination of staff can make for
an organized effort that will reap positive
benefits. ■
Contact Us!
http://www.hcca-info.org
info@hcca-info.org
Fax: (952) 988-0146
HCCA
5780 Lincoln Drive, Suite 120
Minneapolis, MN 55436
Phone: 888-580-8373
To learn how to place an advertisment in
Compliance Today, contact Margaret
Dragon:
e-mail: margaret.dragon@hcca-info.org
phone: 781-593-4924
January 2006
12
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org

Figure 1: ABN Reference Guide
Services that may require an ABN (use the –GA modifier)
■ Medically unnecessary services (clue may be dx is a V-code, but
not all V-codes)
■ Most screening tests/services (even covered screenings have
frequency requirements)
■ Baseline EKG (93000 $28 or 93005, $19)
■ EKG as part of a routine physical (93000 $28 or 93005, $19)
■ Digital Rectal Exam (DRE) for prostate screening (G0102, usually
done as part of a routine PE) more often than Q12mo., $23
■ Pap smear (Q0091, $42) more often than Q2yrs.
■ Visit for well woman exam (E/M code eg G0101, $39) more often
than Q2yrs.
■ Removal of skin tags or other benign lesions for cosmetic reasons
11200 $73, 11201, $18
■ Screening flexible sigmoidoscopy (G0104, $131 and G0106, $147)
more often than Q5yr.
■ PPD for TB screening 86580, $18
■ B12 injections (frequency & medical necessity are issues)
J3420, $5
■ Contraception injectables i.e. DepoProvera J1055
■ Most vaccines w/o medical necessity (e.g. prophylactic tetanus
or Td)
■ Vaccines beyond the frequency guidelines (e.g. peumonia vaccine
is a once in a lifetime benefit). NOTE: most vaccines are not covered
and should be billed with the –GY modifier (no ABN needed).
■ Welcome to Medicare Visit (G0034, $101)—within 6 months of
eligibility
■ EKG with the Welcome to Medicare Visit (G0366, $28)—within 6
months of eligibility
Services that do NOT require an ABN or a modifier:
■ Sick visits
Services that do NOT require an ABN but need a –GY modifier:
■ Preventive Care Visits i.e. routine or annual physical/PE (99387 or
99397)
■ Most screening tests/services if “statutorily non-covered”
■ Vaccines for travel or non-covered vaccines (e.g. Hepatitis A)
■ Administration of travel/non-covered vaccines (90471 or 90472)
Cosmetic surgery
■ Pre-Op exam for cosmetic surgery plus any tests performed as
pre-op
■ Services provided to immediate relatives (any & all services if
patient is related to M.D., D.O. or mid-level)
NOTE: This list is for reference only and is not all-inclusive.
Fees used are for example only and are based on Medicare
rates in the mid-Atlantic, 2005.
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
13
January 2006

Improving revenue through compliance ...continued from page 13
Figure 2: Advance Beneficiary Notice (ABN) Form
January 2006
14
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org

feature
article
Editor’s note: This interview with Greg
Jones was conducted by Roy Snell,
HCCA CEO in early December 2005.
For general Medicare information,
including the Prescription Drug Benefit,
please contact 1-800-MEDICARE or
visit our website at www.medicare.gov.
To report any suspected Fraud, Waste,
and Abuse in the Medicare Part D
Prescription Drug program, please
contact 1-877-7SAFERX or e-mail
MEDICinfo@healthintegrity.org
Office of Counsel to the Inspector General
where I was responsible for negotiating and
monitoring Corporate Integrity Agreements
(CIA) for a wide range of health care
provider types, including hospitals and pharmaceutical
manufacturers. In that role I regularly
conducted site visits to providers operating
under CIAs. Conducting site visits was
my favorite part of that job because it gave
me the opportunity to see first hand how
various providers were implementing and
maintaining their compliance programs.
Meet Greg Jones
Law Enforcement Liaison–
Prescription Drug Benefit–Program Integrity Group,
Centers for Medicare & Medicaid Services
RS: Greg, what is your title, and would
you briefly describe your responsibilities with
the Centers for Medicare and Medicaid
Services
GJ: I am the Law Enforcement Liaison for
the Division of Medicare Modernization Act
Integrity within the Program Integrity Group.
My primary responsibility is to coordinate
with law enforcement on program integrity
matters related to the Part D prescription
drug benefit. In addition, I am the Team
Lead on developing CMS’s Fraud, Waste,
and Abuse Guidance for the Part D Plans.
RS: What is your background and
previous work experience
GJ: Formerly, I was with the Department
of Health and Human Services (HHS),
At the OIG I also had the pleasure of working
closely with HCCA to coordinate
Government-Industry outreach and education
efforts which included two separate
industry roundtables.
Prior to transferring to the Office of Counsel
to the Inspector General, I was with the
OIG’s Atlanta Office of Evaluation and
Inspections where I led national studies
uncovering over $8M in fraud, waste, and
abuse in the Medicare program.
RS: So tell us about your first year at CMS.
GJ: This is a very exciting time at CMS;
the implementation of the Medicare
Modernization Act, including the drug benefit,
is the most significant change to the
Medicare program since its inception in
1965. It truly is an honor and an amazing
professional growth experience to be a part
of this historic event.
I started in March 2005 and have been going
full speed since day one. My first project was
reviewing the compliance plan and business
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
integrity sections of the Part D Plan applications.
Collectively, our division reviewed over
400 Part D Plan applications. I spent this
summer training the OIG’s investigators, FBI
agents, and Assistant United States Attorney’s
about the drug benefit to help prepare them
to investigate and prosecute potential fraud,
waste, and abuse in the drug benefit. Most of
my time this Fall has been spent drafting the
Fraud, Waste, and Abuse Guidance for the
Part D Plans. These are just the highlights—
in between I’ve also been learning about the
intricacies of the drug benefit, keeping track
and following up on various Part D complaints,
and assisting with the planning of
Continued on page 16
15
January 2006

Meet Greg Jones ...continued from page 15
several conferences. Despite the fast pace,
which is stressful at times, it has been a very
positive and fulfilling experience.
RS: Having previously worked in the
HHS Office of Inspector General, how was
the transition to CMS
GJ: Coming to CMS has given me the
opportunity to learn about the policy and
operational side of Medicare and see what it
takes to run the day-to-day operations of
what is essentially the largest insurance program
in the world. In that regard it is definitely
a different perspective.
At the same time, however, it has been great to
work collaboratively with my former colleagues
to prepare for the implementation of the drug
benefit. My experience at the OIG has been
invaluable in having an “eye” for identifying
potential vulnerabilities in the drug benefit and
it also helps me understand the needs of the
OIG and our other law enforcement partners
such as the Department of Justice.
RS: Tell us the status of the Fraud, Waste,
and Abuse summary that was published in
June 2005.
GJ: As most of your members know, we
released for public comment an eight page
Fraud, Waste, and Abuse Summary document
in June 2005. Since then we have spent time
reviewing the public comments and working
with policy experts within the agency, as well
as the law enforcement community, to develop
a much more comprehensive document.
We expect to release for public comment the
more detailed document in January 2006,
and hope to finalize it by early Spring 2006.
RS: You have a lot on your plate these days
with Medicare Part D implementation. I know
this is a big question and we probably don’t
have enough room for a complete answer, but
if you had to put together a list, what are the
main issues health care compliance officers
need to know about Medicare Part D (fraud
and abuse, training, policies and procedures)
GJ: Well, three things come to mind:
■ The role of the plans themselves in overseeing
their downstream subcontractors
involved in the delivery of the drug
benefit
■ The role and responsibilities of the
Compliance Officer at each plan
■ The need to develop an audit workplan to
monitor for efficient and accurate delivery
of the Part D benefit
I encourage all your members to pay special
attention to these sections in the Fraud,
Waste, and Abuse Guidance document and
provide feedback to us during the public
commenting period.
RS: Would you share with us some of the
Medicare Part D challenges
GJ: One area we are paying particular
attention to at this time is marketing. All
Part D Plans are required to ensure that marketing
activities—whether they initiate from
paid marketing employees or independent
agents—comply with the Marketing
Guidelines. To date, CMS has received complaints
alleging that agents have:
■ Offered beneficiaries a cash payment as an
inducement to enroll in Part D
■ Conducted unsolicited door-to-door sales
■ Stated that the agent works for or is contracted
with the Social Security
Administration or CMS
■ Misrepresented the product being
marketed as an approved Part D Plan
when it actually is a Medigap policy or
non-Medicare drug plan
■ Misrepresented the Prescription Drug
Plan being marketed
■ Requested beneficiary information or
check numbers, which may be a prelude
to identity theft
■ Asking beneficiaries to pay “up front”
premiums
Organizations found to violate CMS’s
Marketing Guidelines will be placed under a
corrective action plan (CAP). If the organization
fails to correct the deficiency under the
CAP, then intermediate sanctions such as a
freezing of marketing and enrollment may be
imposed. If after the imposition of intermediate
sanctions the problem has not been
corrected, a Civil Money Penalty may be
imposed or the organization’s contract may
be terminated. Cases appearing to be potentially
fraudulent will be referred to the OIG.
Protecting beneficiaries from aggressive marketing
tactics is something we take very serious
and plan to monitor closely.
RS: Tell us about the Medicare Drug
Integrity Contractors (MEDICs).
GJ: The MEDICs are companies CMS is
contracting with to assist us in combating
fraud, waste, and abuse in the Medicare Part
D prescription drug benefit.
RS: What are some of the activities a
MEDIC may perform
GJ: The MEDICs will:
■ Analyze data to identify problems that
indicate fraud or abuse may be occurring
■ Conduct complaint investigations
■ Develop and refer cases to the appropriate
law enforcement agency as needed; and
■ Support ongoing law enforcement
investigations.
Our Enrollment and Eligibility MEDIC,
“Health Integrity, LLC” is operational and
their primary focus is to investigate Part D
complaints, which at this time are mostly
issues related to enrollment, eligibility
determination, and marketing.
RS: Will the Medicare Part D Manual
include information about fraud
January 2006
16
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org

GJ: Yes. The Fraud, Waste, and Abuse
Guidance document is scheduled to be a
chapter in the Part D Plan Manual.
RS: What has the CMS Program Integrity
Group been doing to prepare for the implementation
of the drug benefit
GJ: I see our strategy as a three-prong
approach that includes:
1. Contracting with the MEDICs
2. Reviewing and providing comments on
CMS’s Part D regulation, policies, and
subregulatory guidance and developing
our own Fraud, Waste and Abuse
Guidance document.
3. Coordinating with our partners in the law
enforcement community such as the OIG,
DOJ, FBI, States, and many other government
agencies, as well as private organizations
such as HCCA, to collaborate on
approaches to address and combat fraud,
waste, and abuse in the Part D prescription
drug benefit.
4. Lastly, we have spent a lot of time speaking
with experts, which includes some
recent hires at CMS with direct industry
experience, to educate ourselves about the
pharmaceutical drug industry. This has
been invaluable and I believe puts us in a
much better position to ensure the integrity
of the Part D prescription drug benefit
and the Medicare Trust Fund.
For general Medicare information,
including the Prescription Drug Benefit,
please contact 1-800-MEDICARE or
visit our website at www.medicare.gov.
To report any suspected Fraud, Waste,
and Abuse in the Medicare Part D
Prescription Drug program, please
contact 1-877-7SAFERX or e-mail
EDICinfo@healthintegrity.org ■
By Michelle Wilcox DeBarge and Amanda Littell
Editor’s note: Michelle Wilcox DeBarge,
JD, is a Partner and Amanda Littell, JD,
MPH, an Associate in the law firm of
Wiggin and Dana. Michelle Wilcox
DeBarge may be reached by telephone at
860/297-3702 or by e-mail at mdebarge
@wiggin.com, and Amanda Littell may
be reached by telephone at 203/498-
4529 or by e-mail at alittell@wiggin.com.
On November 28, 2005, the Office
of the Inspector General (OIG)
for the U.S. Department of
Health and Human Services issued draft
compliance guidance (Guidance) for recipients
of extramural research awards from the
National Institutes of Health (NIH) and
other agencies of the U.S. Public Health
Service (PHS) See 70 Fed. Reg. 71,312.
The Guidance highlights the following three
risk areas for recipients of PHS awards:
1. Time and effort reporting
2. Properly allocating charges to award projects
3. Reporting of financial support from other
sources
The Guidance also adds an eighth element to
the OIG’s standard seven elements for an
effective compliance program: defining roles
and responsibilities and assigning oversight
responsibility.
Scope of guidance
With the goal of preventing the submission of
erroneous claims and combating fraud and
abuse in federal health care programs, the
OIG in the last several years has developed a
series of compliance program guidance aimed
at various segments of the health care industry.
This guidance encourages development of
an internal compliance infrastructure and
organizational control to help monitor and
ensure compliance with applicable laws. The
guidance also lists specific risk areas applicable
and of potential concern to the respective
industry segments. An organization’s establishment
of a compliance program in line with
the compliance program guidance is voluntary,
but highly recommended by the OIG.
Although there has been a notable increase in
governmental enforcement actions and
whistleblower cases related to grant compliance
and administration, the publication of
the Guidance is the first official word from
the OIG on the issue of research compliance
program elements. The OIG had published a
notice on September 5, 2003 soliciting information
and recommendations for developing
compliance program guidance for recipients
of NIH research grants. Based on comments
to that notice, the OIG published the
Guidance for the purpose of offering a
“checklist” of items that the OIG believes are
critical for developing compliance programs
or refining an existing compliance program.
The OIG also expresses its view in the
Guidance that all research institutions would
benefit from compliance programs to foster a
“culture of compliance” that begins at the
Continued on page 18
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
17
January 2006

OIG issues draft guidance ...continued from page 17
administration or management level and
permeates the organization.
The OIG expands the scope of its Guidance
beyond that stated in the 2003 notice to other
biomedical and behavioral research awards
from the public health agencies of the U.S.
Department of Health and Human Services,
including the Agency for Health Research and
Quality, the Agency for Toxic Substances and
Disease Registry, the Health Resources and
Services Administration, the Indian Health
Service, the Centers for Disease Control and
Prevention, the Substance Abuse and Mental
Health Services Administration, and the Food
and Drug Administration. The Guidance is
relevant for colleges, universities, and other
recipients of public funds that conduct biomedical
and behavioral research. The
Guidance is intended to apply broadly to all
PHS awards, which includes cooperative
agreements and certain contracts that are not
governed by federal procurement laws and
regulations, as defined at 45 C.F.R. § 74.2.
The Guidance focuses on grant compliance
and administration issues governed by the
statutes and regulations that affect the “allowability”
of costs. However, the OIG recognizes
that the research community uses the term
“compliance” broadly to include areas such as
human and animal subject research, conflicts
of interest, research misconduct and intellectual
property issues; the OIG states that an institution
may find it beneficial to adopt the
principles and standards in the Guidance in
connection with these other regulatory areas.
Risk areas
The OIG highlights the following three primary
risk areas, while also cautioning that
they are not intended to be exhaustive of
potential risk areas.
Time and Effort Reporting—The OIG
identifies time and effort reporting as a “critical”
compliance issue and emphasizes that time and
effort expended on a project must be accurately
reported. This is especially important given that
compensation for a researcher’s personal services—including
direct salary and fringe benefits—
is usually a significant cost of a research project.
Moreover, many researchers have multiple
responsibilities. For example, researchers may
also be involved in teaching and clinical work,
and these separate responsibilities may be challenging
to distinguish and measure. The failure
to accurately report the percentage of time
devoted to projects could lead to overcharges to
funding sources and, in certain circumstances,
to civil or criminal fraud investigations.
The OIG focuses specifically in the Guidance
on false reports of the amount of time devoted
to a project. The OIG states, for example, that
it is unacceptable for a researcher to report in
award applications to three different awarding
agencies that the researcher will spend 50% of
his or her time on each of the awards. The
OIG also states that it is unacceptable for
researchers to report an aggregate “commitment
of effort” in excess of 100% of the researcher’s
time, citing, as an example, that it would be
improper to report to one awarding agency that
70% of the researcher’s time will be spent on an
award when 50% of the researcher’s time will
be spent on clinical responsibilities.
Properly allocating charges to award
projects—The Guidance states that research
institutions must properly allocate charges to
award projects. To ensure this, institutions
must have an accounting system that properly
separates the amount of funding from each
funding source. Institutions must not permit
a principal investigator to “bank” or “trade”
award funds among grants. As an example of
improper allocation of charges, the OIG cites
the allocation of cost on various federal
research awards from overspent accounts to
under-spent accounts, with the purpose of
maximizing federal reimbursement and
avoiding the refunding of unused grant proceeds
from those under-spent accounts.
Reporting financial support from other
sources—The OIG emphasizes that reporting
financial support from other sources is critical
to PHS’s decisions with respect to whether and
to what extent to fund a particular project.
The reporting of other financial support is
required by the application for funding (PHS-
398), which includes a certification by both
the principal investigator and the research
institution that all statements in the application
are true, complete and accurate to the best
of their knowledge. The OIG states that a failure
to accurately report all sources of financial
support may lead to double-charging of both
award funds and Medicare (and other payors)
for the same service.
Compliance program elements
Standard Seven Elements of an Effective
Compliance Program—The OIG recognizes
that some institutions have separate
compliance programs for their various areas of
regulated activity, but encourages institutions
to integrate their compliance efforts by eliminating
overlapping systems or by developing a
single compliance program covering all compliance
areas. Regardless of the structure of an
institution’s compliance program, the
Guidance recommends establishing the same
seven elements of compliance programs to
address PHS research awards compliance that
the OIG has recommended in the past for
other segments of the health care industry.
The OIG’s discussion of these seven elements
is very similar to the OIG’s other compliance
program guidance; accordingly, for purposes
of this article, we primarily highlight below
the OIG comments in the Guidance that are
specific to research compliance.
Continued on page 36
January 2006
18
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org

■ There will be Compliance experts from
government, vendors, outside counsel,
consultants, and academics.
Just the facts:
Roy Snell
Here are the facts about HCCA’s 2006 Compliance Institute.
■ It will mark our 10th Anniversary.
■ It is our first time in Las Vegas with the Compliance Institute.
■ We will print 1,080,000 pieces of paper.
■ There will also be Compliance experts
from audit, education, transcription,
coding, billing, auditing, and ethics.
■ Approximately 60 % of the speakers will not have spoken the year
before.
Keep reading—there’s more:
■ Special tracks for HIPAA, Quality of Care, Research/IRB,
Physician Transactions, SOX, Rural Hospital, Auditing and
Monitoring, Hot Topics, General Compliance and Tax
Exemption/Charity Care.
■ We will occupy 2,845 room nights.
■ 20 staff will manage the conference.
■ Industry Immersion for Academic Medical Centers, Long-Term
Care, Large Health Care Systems, Payor/Managed Care, Medical
Device, and Physician Group Practice.
■ There will be 200 speakers.
■ There will be 95 sessions.
■ The U.S. Department of Health and Human Services Inspector
General is speaking at the Compliance Institute.
■ There will be presenters from the Centers for Medicare and
Medicaid Services (CMS), U.S. Department of Justice (DOJ),
Department of Health and Human Services (DHHS), Office of
Inspector General (OIG), Joint Commission on Accreditation of
Healthcare Organizations (JCAHO), and the U. S. Sentencing
Commission (USSC).
■ Pre-conference: Compliance 101, HIPAA 101, Medicare Part D,
Auditing/Monitoring, and more.
■ Post-conference: Laboratory, Auditing/Monitoring, Quality of
Care.
■ Auditing/Monitoring and Privacy Officer Round Tables.
■ And endless networking opportunities!
We have come a long way. It is simply amazing. Help us celebrate our
10th year! Hope to see you there.
■ It is the largest health care compliance conference in the world.
■ Five (5) compliance achievement awards will be given out
Sunday night.
■ Five (5) laptops will be given away.
■ There will be 60 vendors.
January 2006
20
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org

:: OVER 200 SPEAKERS
NEW THIS YEAR ::
SPECIALIZED
SESSION TRACKS
■ SOX
■ Hot Topics
■ Physician
Transaction
■ HIPAA
HCCA’S 10 TH
ANNIVERSARY
COMPLIANCE INSTITUTE ::
Don’t gamble on the success of your compliance program!
April 23–26, 2006
Caesars Palace, Las Vegas, NV
■ Rural Hospital
■ Auditing &
Monitoring
■ Quality of Care
■ Research/IRB
■ General
Compliance
■ Tax Exemption/
Charity Care
Sessions at the HCCA 2006 Compliance Institute will offer
the latest compliance information on the hottest topics and
current events in compliance. The program will feature
multiple HIPAA and compliance sessions and specialized
session tracks. Industry immersion sessions for a variety
of health care segments are also being planned.
BROAD SPECTRUM OF SPEAKERS
Representing Policymakers, Enforcement Officials, Practicing
Lawyers, Active Compliance and Privacy Officers
Save $425!
Early Bird rate extended
to January 20!
visit our Web site at
www.hcca-info.org
to register
CONTINUING EDUCATION CREDITS: AAPC ACCME ACHE ACMPE AHIMA ANCC HCCB MCLE NAB NASBA

Here’s your chance to share your expertise
and get a chance to win.....
HCCA is seeking your contributions!
Dear Compliance Professionals,
HCCA is seeking contributions for a new manual on auditing and monitoring.
Here’s a great opportunity to contribute to the association—and
get a chance to win a laptop, a portable DVD player, or receive
free registration for the HCCA Compliance Institute.
We are asking health care professionals to share their tools and
success stories that have aided their auditing and monitoring
programs. We are interested in all aspects of auditing and
monitoring. (If you would like, identifying information can
be removed, so your organization can remain anonymous.)
Everyone who submits materials will be entered into a
drawing to win a laptop, a portable DVD
player, or free registration to the Institute
on April 23–26 in Las Vegas. You will be
entered into the drawing for each audit tool
you submit (i.e., two audit tool submissions
equals two entries). Authors of accepted
materials will be listed as contributors in the
manual, if they wish.
We look forward to receiving contributions
from you. For more information or to make
a contribution, contact Alan Pierce at
888-580-8373, ext. 245, or alan.pierce@hcca-info.org.
Thank you,
Alan Pierce
Editor/Product Manager
Meet
Alan Pierce
See page 32
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
January 2006
23

Concerns about abuses in the nonprofit sector
arising out of charitable organizations
allegedly formed to benefit victims of
tragedies such as 9/11 and tsunami relief
have led to efforts to apply a version of SOX
to nonprofits. Evidence of this scrutiny has
arisen on both the administrative and legislative
fronts. At the state level, California,
Massachusetts, and New York are key states
which have publicly pushed for heightened
scrutiny, with Governor Arnold
Schwarzenegger firing the first salvo by signing
California S.B. 1262, entitled the
California Nonprofit Integrity Act of 2004,
effective January 1, 2005 (California Act).
The California Act added corporate accountability
provisions to existing California
reporting requirements for charities. While
the filing, registration, and reporting provisions
of the new California statute do not
apply to hospitals, 2 other provisions may still
apply. For example, the California Act
requires nonprofit corporations to have audit
committees with detailed requirements on
their composition. 3 More rigid requirements
on fundraising, and a required annual compensation
review, are also part of the
California Act. 4
Editor’s note: Albert Y. Lin is an associate
in the law firm of Brown McCarroll,
LLP, in Austin, Texas. Mr. Lin may be
reached by e-mail at alin@mailbmc.com
or by telephone at 512/703-5726.
By now most compliance officers
are well aware of the 2002
Sarbanes-Oxley legislation (SOX),
which imposed far greater accountability,
financial reporting, independence, and governance
principles on corporations than ever
before. With the possible exception of document
retention requirements and whistleblower
protections, SOX technically applies
only to publicly held companies. Nonprofit
companies—in particular, nonprofit taxexempt
health care entities—should be aware
of proposed federal legislation that may soon
increase accountability of their top-level
management and executive boards and
impose SOX-like burdens upon their compliance
professionals.
While transgressions of nonprofit organizations
have not yet reached the level of notoriety
as Enron and WorldCom, the potential
for such abuse exists since nonprofits have
such a major financial impact in the world
economy (with one estimate of total worldwide
nonprofit expenditures at $1.6 trillion
in 2002). Moreover, the nonprofit health
care sector makes up a significant portion of
By Albert Y. Lin
that figure. According to a 2003 report by
the National Center for Charitable Statistics,
13.2 percent of all “501(c)(3)” organizations
in the United States are in the health care
industry. Of the nation’s nearly 5,000 hospitals,
approximately 85% are nonprofits. 1
In Massachusetts, state Attorney General
Tom Reilly introduced the “Act to Promote
the Financial Integrity of Public Charities” in
May 2005. 5 The Massachusetts proposal contains
SOX-like provisions such as annual certification
of financial statements submitted
to the state attorney general, a required audit
committee if audited financials are required
under state law, a requirement for reasonable
compensation and prohibited excessive compensation
to insiders, whistleblowing provisions,
and increased penalties of $5,000 for
violations of the new law. Similarly, in New
York, Attorney General Eliot Spitzer has
actively called for statutory SOX extensions
to nonprofits, such as state laws mandating
required financial statement and internal
control certifications by nonprofit CEOs.
Current proposed New York legislation
appears to take a less severe approach,
although the state Web site on charities has
increased transparency by permitting searches
for nonprofits that have failed to comply
with basic state filing requirements.
Other states have proposed or passed laws
with similar SOX concepts. 6 Maine passed
“An Act to Strengthen the Charitable
Solicitations Act” in 2004, which imposed
notice and approval requirements when nonprofits
engage in “conversion” transactions
(transfers of assets from a public charity to
non-public charities) imposed specific limitations
on the number of board members who
can be “financially interested,” and requires
audited financial statements for every nonprofit.
That same year, New Hampshire
passed a new law that requires nonprofits
with revenues of $500,000 or more to file
the most recent audited financial report with
the state attorney general. 7 Compliance officers
should carefully review their state’s
January 2006
24
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org

espective nonprofit law compliance responsibilities,
as state approaches vary greatly.
Developing federal activity impacting
nonprofits
Enforcement activity and legislation at the federal
level is moving along at a fairly rapid pace
as well. In 2004, the IRS announced it would
be targeting more than 2,000 tax-exempt
organizations for examination, with special
attention directed towards executive compensation
within such tax-exempt entities. 8
That same year, U.S. Senators Charles Grassley
(R-IA) and Max Baucus (D-MT) of the Senate
Finance Committee requested the Independent
Sector, a coalition of 500 charities, to consider
and recommend actions to improve governance,
ethical conduct, and accountability in
the nonprofit sector. This study, entitled
“Strengthening Transparency, Governance, and
Accountability of Charitable Organizations,”
was issued in June 2005 (the Sector Report). 9
Senator Grassley is expected to introduce legislation
that will incorporate proposals suggested
by the Sector Report (introduction plans in
September 2005 were delayed, no doubt due
to the Hurricane Katrina crisis that required
emergency legislation).
Proposed principles of the Sector
Report
The following key principles within the Sector
Report may eventually be components of the
new laws. Governing members of tax-exempt
health care organizations should be aware of
these new requirements, which may increase
their accounting and oversight responsibilities.
Note that the following discussion highlights
only proposals recommended by the Sector
Report; adherence to these proposals before
they become law may be viewed, as with
SOX in general, as a “best practices” strategy
that, if followed, could pay off in the long
run even if the practices do become required
by federal law.
Increased monitoring effectiveness and
signature requirements. Tax-exempt organizations
with more than $25,000 in annual
gross receipts must file IRS Form 990
(Annual Information Return), which discloses
all pertinent financial information, typically
in more detail than for-profit federal tax
returns. 10 The Sector Report reveals that too
many Form 990s are inaccurate or incomplete,
and sometimes reveal little useful information.
The inability to interpret such
reports leads to ineffectiveness in enforcement.
The disclosures required on the face of
Form 990 are arguably too vague and open
to interpretation. For example, the current
Form 990 requires that revenue be broken
into “program service revenue,” “management
and general,” and “fundraising” components.
Possible revisions would make it
clearer what is expected to be within classifications.
For example, the key program
achievements of the tax-exempt entity could
be disclosed on the first page (rather than
buried in a supporting schedule behind the
second page). Form 1023 (Application for
Recognition of Tax-Exempt Status) for
501(c)(3) organizations was recently updated
to reflect many principles later set forth in
the Sector Report; as such Form 990 revisions
are likely. Form 1023, for example, asks
if the entity has a conflict of interest policy,
but nonetheless mentions that such a policy
is not required. This type of hesitant questioning
may be changed; it should be clearer,
for example, that conflicts of interest policies
are generally required for tax-exempt health
care organizations due to various administrative
rulings, if not by explicit statute.
The Sector Report also recommends mandatory
electronic filing of Form 990s. And currently,
while any authorized officer may sign
the Form 990; proposed legislation is likely
to require the chief executive officer or chief
financial officer to sign it, in a nod to SOX’s
requirement that for-profit top officers certify
the financial statements
Current IRS rules only provide for late filing
penalties; the proposed legislation would
lend far more urgency to Form 990 filings if
the IRS heeds the Sector Report’s recommendation
of automatic suspension of an organization’s
tax-exempt status after two consecutive
failures to file Form 990.
Form 990 is a critical monitoring device for
ensuring compliance with tax-exempt laws
and regulations, and the Sector Report urges
that tax-exempt organizations pay close
attention to its preparation and filing. It is
suggested that health care entities avoid a
“less is better” approach in Form 990, and
instead move toward detailed and coherent
disclosure in Form 990. Filed Form 990s for
virtually all charitable organizations are now
easily available online, thus the ease of public
scrutiny should be considered as an additional
motivation for accurate and timely filings.
Increased audit activity for tax-exempt
organizations. The Sector Report also suggests
mandatory internal review of the taxexempt
purposes of charitable organizations,
with additional IRS audits serving as the
motivating force. Currently, there is no effective
way to determine whether or not an
organization has substantially changed its mission
or governance structure, apart from a
general plea in the determination letter and a
check-the-box question in Form 990 asking if
governing documents have changed. The
Sector Report therefore recommends that
Congress allocate additional resources for
audits and reviews of the annual Form 990s. It
is hoped that increasing the effectiveness of
Continued on page 28
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
January 2006
25

The trend toward increased corporate... ...continued from page 25
Form 990s would encourage organizations to
conduct self-review of corporate governance
activities in connection with more detailed
Form 990s. For example, organizations should
thoroughly review organizational documents
(articles of incorporation, bylaws, compensation
practices, policies, etc.) once every five
years, and preferably more frequently.
Formal audits of financial statements
and operations. This proposal will likely be
met with strong resistance due to the costs of
a formal financial audit. Currently, organizations
receiving federal funding of $500,000
or more must perform annual audits, but
apart from this requirement, no audit
requirement exists beyond any state requirements.
The Sector Report urges that charitable
organizations with $1 million or more in
total annual revenues attach an audited
financial statement to the Form 990s.
Organizations with at least $250,000 and
under $1 million in annual revenues would
have their financial statements reviewed (but
not audited) by a certified public accountant.
If the nonprofit health care organization currently
generates all financial statements internally,
serious thought might be given to
retaining independent auditors in the same
manner as SOX requires for public companies.
In the current environment, the benefits
and relative security offered by a competent,
independent audit may very well outweigh
the costs of the audit.
Adoption of a formal conflict of interest
policy. This aspirational suggestion is likely
to be proposed and the nonprofit health care
organization should not wait for it to become
law. As mentioned earlier, current IRS policies
strongly suggest, but do not quite
require, tax-exempt organizations to adopt a
standard conflict of interest policy. These
policies provide for such procedures as
recusal of “interested” board members (such
as when the board determines compensation
or approval of contracts which indirectly
benefit the board member). The Sector
Report suggests making conflict of interest
policies mandatory for all tax-exempt organizations.
The cost of a conflict of interest policy
is relatively minimal; the IRS has a standard
conflict of interest policy that is easily
adopted by the board and applicable among
most health care organizations. 11
The presence of a conflict of interest policy is
critical since the Sector Report highlights
executive compensation within charitable
organizations as an issue, motivated by media
reports of high salaries and loans to executives.
Within the health care industry, the adoption
and documented observance of a conflict of
interest policy, as well as documented reference
to salary studies of comparable organizations,
can help shift the burden of proof if the
level of compensation is questioned.
Increasing the use of audit committees.
It is suggested that far too few nonprofits
establish formal audit committees with
required financial expertise. Often, those
who serve on charitable boards are motivated
by the mission of the organization and as
such, financial expertise is often lacking.
Particularly within the health care field, at
least one board member well-versed in
finance (preferably with the certified public
accountant or similar designation) should
serve on the committee.
If necessary, a non-voting, advisory committee
may be established. Unfortunately, no federal
law addresses the role of audit committees
within charitable organizations; to date,
only California has required audit committees
(for charitable corporations with revenues in
excess of $2 million). The Sector Report proposes
educating nonprofits on the importance
of the audit function, but does not recommend
an outright requirement at the federal
level, acknowledging the costs involved. The
organization should consider its board composition
and ascertain whether a minimum
level of financial expertise is present on the
board, and if not, it should consider adding
board members or advisors accordingly.
Congress should pass legislation to define
and regulate donor-advised funds. Donoradvised
funds are sizeable funds maintained
by a single public charity, and donors are
able to direct where the donor-advised fund
distributes their contributions. Health care
organizations may frequently receive sizeable
contributions from donor-advised funds.
Unfortunately, there is little statutory guidance
on how these funds operate and solicit
contributions.
The proposals urge a statutory definition of
“donor-advised funds,” as well as more specific
rules on how quickly funds must be distributed
out to the eventual charitable recipient.
The new rules may also specifically prohibit
the donor from receiving any substantial
benefit as a result of a particular grant
recommendation.
Incorporation of federal tax standards.
Currently there is not enough overlap and too
much inconsistency between tax-exempt rules
as imposed by the IRS and state nonprofit
rules. Texas, for example, has its own standards
for determining exemption from state franchise,
property, and sales tax that are not necessarily
consistent with federal income tax
exemptions. Texas also has its own hospital
community benefits report, and such reports
could arguably be coordinated with IRS
authorities. The Sector Report calls for
increased sharing of information between state
and federal officials (typically, the state attor-
Continued on page 33
January 2006
28
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org

suffix that identifies package size (e.g., the
number of pills in a bottle) and drug strength.
Given the vast number of prescriptions that will
be filled and processing fees that will be paid, it
is vital that claims submissions and payments be
electronic. In order to submit those claims electronically,
retail pharmacies are required to use
the full eleven-digit NDC number.
By Edwin D. Rauzi
Editor’s note: Edwin D. Rauzi is a partner ■ Under the Medicare Modernization Act, a
in Davis Wright Tremaine LLP’s Seattle drug that is not on the formulary of the particular
plan is “not a covered Part D drug”
office. He focuses his practice on Health
Care matters, designing and implementing
corporate compliance plans; advising sentation that is made in reckless disre-
■ Under the False Claims Act, a false repre-
corporate compliance officers. He may be gard of the truth and in support of a
reached by telephone at 206/622-3150 claim for payment that includes federal
dollars may be subject to a penalty of
The Medicare Prescription Drug
$10,000 per claim
Benefit begins on January 1, 2006. ■ Under the Health Insurance Portability
Just about everyone in the health care and Accountability Act of 1996, only
delivery system will soon be asked to sign a contract
(and probably several) based on the new sets” may be submitted electronically
transactions that include approved “code
benefit. The contracts are likely to be tendered
with inadequate time for review and no meaningful
opportunity to negotiate. Succumbing to amoxicillin, a generic and common antibiot-
To illustrate, consider a prescription for
the expedient approach, however, may put your ic. A drug is a generic because it does not
organization in peril of violating the False matter who manufactures it or how many
Claims Act—not once, but on a recurring basis. pills come in the bottle. From the clinical and
pharmacy perspective, therefore, it does not
There is a design flaw in the electronic claims matter whether the drug is manufactured by
submission process that makes compliance Glaxo SmithKline (GSK) or Teva. Under the
for many organizations virtually impossible. Medicare Modernization Act, however, a drug
That design flaw is the use of eleven-digit that is not on the formulary of the particular
National Drug Code (NDC) numbers to drug plan is not a covered Part D drug.
describe generic drugs that are dispensed.
That level of precision is nearly impossible to If you consult the Red Book, the pharmacy
attain, and is at odds with the very nature of industry resource list of all NDC assigned numbers,
you will see literally hundreds of NDC
generic drugs and accepted clinical practices.
numbers associated with that drug. Hundreds of
Three propositions that originate in three numbers exist because, in addition to a different
federal laws are central to understanding five-number NDC prefix for each manufacturer
what may go wrong:
or repackager of the drug, there is a six-digit
For hospitals, the rule is not yet clear, but the
trend is clearly toward using NDC numbers
for one simple reason: there is no comprehensive
alternative. When the code set was first
introduced, hospitals were able to prevail upon
regulators to allow them to continue to use the
old HCPCS “J” codes. Those “J” codes, however,
are limited to the small subset of drugs
that were covered by Part B of Medicare. With
the expansion of the Medicare benefit to cover
virtually all prescription drugs, there simply is
no “J” code that can be used. Providers will
have to use the full eleven-digit code for all
prescriptions filled, a time-consuming process
fraught with potential for error.
Hence, as proposed, the claims submission
process anticipates perfection to the eleventhdigit
on claims submissions. There are two
exacerbating factors that render that expectation
unrealistic: automated dispensing and
the proliferation of plans (and formularies)
the MMA promotes.
Many pharmacies use Pyxis or similar
machines to dispense drugs. Those machines
use bins to hold large amounts of pills. Once
pills from more than one manufacturer are
mixed in the bins, it is impossible for the
machine to tell when pills with one NDC
number end, and another begins. Even more
problematic is the idea that a prescription of
30 generic pills would be identified as 14
from one manufacturer and 16 from another.
Continued on page 30
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
January 2006
29

Administrative “complification” ...continued from page 29
Publisher:
Health Care Compliance Association, 888-580-8373
Executive Editor:
Roy Snell, CEO, HCCA, roy.snell@hcca-info.org
Contributing Editor:
Odell Guyton, President, HCCA, 888-580-8373
Layout:
Sarah Anondson, HCCA, 888-580-8373, sarah.anondson@hcca-info.org
Story Editor:
Margaret R. Dragon, HCCA, 781-593-4924, margaret.dragon@hcca-info.org
Advertising:
Margaret R. Dragon, HCCA, 888-580-8373, info@hcca-info.org
HCCA Officers:
Odell Guyton
HCCA President
Senior Corporate Attorney,
Director of Compliance,
U.S. Legal–Finance & Operations
Microsoft Corporation
Daniel Roach, Esq.
HCCA 1st Vice President
VP & Corporate Compliance Officer
Catholic Healthcare West
Steven Ortquist, CHC
HCCA 2nd Vice President
Senior Vice President, Ethics and
Compliance/Chief Compliance Officer
Tenet Healthcare Corporation
Rory Jaffe, MD, MBA, CHC
HCCA Treasurer
Executive Director–Medical Services
University of California
Julene Brown, RN, BSN, CHC, CPC
HCCA Secretary
MeritCare Health System
Al W. Josephs, CHC
HCCA Immediate Past President
Senior Director Policies and Training
Tenet Healthcare Corporation
Cynthia Boyd, MD, FACP, MBA
Chief Compliance Officer
Rush University Medical Center
CEO/Executive Director:
Roy Snell, CHC
Health Care Compliance Association
Board of Directors:
Anne Doyle
Director, Corporate Learning and
Organizational Development
Tufts Health Plan
F. Lisa Murtha, Esq., CHC
Managing Director
Huron Consulting Group
Frank Sheeder
Partner
Brown McCarroll, LLP
John Steiner, Jr., JD
Chief Compliance Officer
The Cleveland Clinic Health System
Debbie Troklus, CHC
Assistant Vice President for Health
Affairs/Compliance
University of Louisville, School of
Medicine
Sheryl Vacca, CHC
Director, National Health Care Regulatory
Practice, Deloitte & Touche
Cheryl Wagonhurst
Outgoing, Chief Compliance Officer
Tenet Healthcare Corporation
Greg Warner, CHC
Director for Compliance
Mayo Foundation
Counsel:
Keith Halleland, Esq.
Halleland Lewis Nilan Sipkins & Johnson
Compliance Today (CT) (ISSN 1523-8466) is published by the Health Care
Compliance Association (HCCA), 5780 Lincoln Drive, Suite 120, Minneapolis, MN 55436.
Subscription rate is $357 a year for non-members. Periodicals postage-paid at Minneapolis,
MN 55436. Postmaster: Send address changes to Compliance Today, 5780 Lincoln
Drive, Suite 120, Minneapolis, MN 55436. Copyright 2004 the Health Care Compliance
Association. All rights reserved. Printed in the USA. Except where specifically encouraged, no
part of this publication may be reproduced, in any form or by any means without prior written
consent of the HCCA. For subscription information and advertising rates, call Margaret
Dragon at 781-593-4924. Send press releases to M. Dragon, PO Box 197, Nahant, MA
01908. Opinions expressed are not those of this publication or the HCCA. Mention of products
and services does not constitute endorsement. Neither the HCCA nor CT is engaged in
rendering legal or other professional services. If such assistance is needed, readers should consult
professional counsel or other professional advisors for specific legal or ethical questions.
For example, If the plan’s formulary specifies GSK amoxicillin, and
the pharmacy dispenses the same drug manufactured by Teva, one
of two things may happen: first, the pharmacy may submit a claim
that includes the NDC number for GSK amoxicillin (which could
later be characterized by a whistleblower or regulator as a false
claim); or second, the pharmacy may submit a claim that includes
the NDC number for Teva amoxicillin (which will not be paid).
The MMA is also designed to encourage competition. Each of the
competing plans is required to define its own formulary. A pharmacy
that deals with several drug plans, in theory, will be required to
dispense only the brand of generics each plan includes on its formulary;
pills from other manufacturers are not covered Part D drugs.
As another example, consider the plight of the long-term care pharmacy
serving several nursing and assisted living facilities. Even if all
residents of one facility choose the same plan (and formulary), it is
unlikely all the other facilities the pharmacy serves will do the
same. The generic drug on the formulary for one pharmacy may
not be on the formulary for the other plan. If the automated dispensing
machine is full of Teva amoxicillin, that is what all of the
residents of all of the facilities are going to receive (which is both
clinically appropriate and consistent with federal policy to promote
the use of generics). Technically, however, some of the prescriptions
dispensed that day will not be covered by Medicare.
None of this is necessary in order for members of prescription
drug plans to get access to generic drugs. Unfortunately, the “fix”
is either the development of a new code set to describe generic
drugs or federal legislation. Completion of either process is not
likely by the end of this year.
Under the current design of the Prescription Drug Benefit,
providers who dispense drugs are thus faced with a difficult
choice. Those who obligate themselves to submit electronic claims
with eleven-digit numbers take on an impossible task. Those who
insist on manual claims—which identify the generic but not the
manufacturer and bottle size—may be rebuffed or, at a minimum,
encounter delays in payment.
Providers need to publicize this issue with prescription drug plans
and regulators alike, or whistleblowers may turn out to be one of
the prime beneficiaries of the new prescription drug benefit. ■
January 2006
30
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org

By José A. Tabuena
JOSÉ A. TABUENA
Editor’s note: José A. Tabuena is with the
Forensic & Dispute Services practice of
Deloitte Financial Advisory Services and
assists organizations in the development
and assessment of corporate compliance
and anti-fraud programs. He is currently
an Assistant Editor with Compliance &
Ethics for The Society of Corporate
Compliance and Ethics (SCCE). This article
was originally published in Compliance
& Ethics (Vol. 1, No. 2), page 10,
November 2004. HCCA members interested
in learning more about Compliance &
Ethics can visit the SCCE Web site at:
www.corporatecompliance.org or e-mail
José at jtabuena@deloitte.com
How did “internal control”
become such a catch phrase in
the current business climate For
the experienced auditor, the terminology and
underlying concepts, though frequently used,
are deceptively simple and often ill-defined
or applied in an assumptive manner.
Just what are internal controls and what can
happen to a company’s performance (and
stock) if the controls aren’t very good Often
it is not well understood that a compliance
and/or antifraud program itself serves as a
broad form of internal control. Certainly the
features of such programs can comprise the
fundamentals of a company’s internal control
system.
In certain highly regulated industries (including
health care, defense contractors, financial
institutions), an ethics-based compliance or
integrity program headed by a compliance
officer with senior management responsibility,
have produced an established track record
for the processes called for in the corporate
governance reforms. Yet the recent legislation
and resulting standards, though touting useful
principles, still fail to recognize or emphasize
a compliance program as an essential element
for enhancing corporate governance. 1
The changing legal and regulatory environment
is encouraging companies to do what
compliance officers and internal auditors have
been striving to accomplish for some time—
namely to consider compliance and fraud prevention
programs as a significant part of an
organization’s internal controls. To a growing
extent, regulators and investors are demanding
proactive compliance and fraud control programs
characterized by an emphasis on the
timely detection of fraud or other misconduct.
The changing mindset places greater emphasis
on internal controls, and particularly in the
United States, the Committee of Sponsoring
Organizations of the Treadway Commission
(COSO) internal control framework.
This fundamental shift presents an opportunity
for ethics and compliance officers to
become more actively involved in corporate
governance matters and to demonstrate tangible
value to an organization. For the compliance
function, which may have been chafing
under ambiguous accountabilities and perhaps
perceptions that compliance programs
only contribute burdensome processes, the
environment is encouraging greater expectations
to support efforts to combat corporate
fraud and misconduct. Although there are
some studies indicating that compliance and
antifraud programs can pay for themselves 2 it
has been a challenge for a compliance program
to show value beyond the prevention of
uncertain regulatory fines and penalties.
Sarbanes-Oxley (SOX) and corresponding regulatory
changes have raised the stakes for senior
management and the board of directors.
What follows is a discussion on how a compliance
function can contribute to meeting the
new requirements to assess the effectiveness of
internal controls over financial reporting,
while simultaneously laying the groundwork
for documenting and demonstrating the effectiveness
of the compliance program. This is
unquestionably an opportune time to embrace
the new financial governance standards as a
bridge to overall compliance excellence.
Continued on page 40
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
January 2006
31

Editor’s note: This interview with Alan
Pierce, HCCA’s Editor/Product
Manager, took place in late November
2005 and was conducted by Margaret
Dragon. Alan may be contacted at
888/580-8373 and by e-mail at
alan.pierce@hcca-info.org.
MD: Alan, would you tell our readers
about your writing and editing background
AP: Most of my writing and editing experience
has come from newspapers. I started my
career as a reporter at a small daily newspaper
in Creston, Iowa, where I covered school board,
city council, and county board meetings. I also
covered law enforcement and the fire department,
so I’ve seen more than my share of car
accidents, house fires, and trials. Later, I
became an assistant editor at the Ottumwa
Courier. I supervised two reporters who worked
out of our news bureaus, and I edited articles
written by correspondents who possessed various
degrees of ability. However, I continued to
write, because the newspaper had a small staff.
The journalism background has helped me
tremendously in my later positions. Working in
newspapers forced me to master a lot of information
quickly and then turn around and produce
accurate and clear articles. That skill
helped my in my previous job as a children’s
book author and editor. In 18 months, I wrote
19 history books that were roughly 5,000
words each. My newspaper background has
helped me as an editor at HCCA where I must
grasp the complexity of health care compliance.
did you decide to move into the compliance
field
AP: I joined HCCA on September 6,
2005.The challenge of this position and the
subject matter intrigued me. Essentially, I am
responsible for developing products for a
field that is relatively new. I wasn’t an expert
on a lot of issues I wrote about as a reporter,
but I try to learn. I’m learning now. I’m
always learning.
MD: Tell us how do you go about developing
product ideas and would it be helpful
for members to email their ideas to you
AP: I’ve been attending conferences and
asking compliance professionals questions
about what types of products would benefit
them. I try to stay up on the trends in the
industry. But really, I need assistance from
members. It’s similar to being a reporter. I can
attend meetings and ask people questions, but
the compliance professionals are out in the
field and they encounter compliance issues
every day. I encourage them to send me ideas
about products. To me, generating and sharing
ideas are largely what HCCA is about.
MD: How do you research a product and
determine its viability
AP: Some ideas come from conferences
I’ve attended. I try to discern important
issues and develop products that address key
concerns. I also look to the HCCA survey as
a guide to see what the priorities are for compliance
professionals.
ALAN PIERCE
AP: I expect to contact members more in
the future as HCCA plans new products.
Right now, I’m focusing on finishing products
that were started when I joined HCCA.
MD: What products are you currently
developing for HCCA
AP: We are developing several products.
First, Debbie Troklus is updating HCCA’s
Compliance 101 book. The book is popular
with members and is a necessary resource for
people working in health care compliance. I
think they will be pleased with the new version.
Second, HCCA is developing an
Auditing and Monitoring Manual. This manual
will be comprised of tools and policies
submitted by members and it will be a superb
resource for professionals who are starting an
auditing and monitoring program or are
wanting to improve their program. Third, we
plan to offer pay-per-view white papers on
the Web site and at conferences. I envision
these publications to run 20 to 50 pages.
MD: When is the target date for these
products to be available for purchase
AP: My goal is to have these products
available in time for the Compliance
Institute in April.
January 2006
32
MD: When did you join the HCCA staff,
what intrigued you about the work, and why
MD: Will you contact members to conduct
research or to get their help
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
MD: What help could HCCA members
provide to you in developing these products

AP: As far as the Auditing and
Monitoring Manual, I encourage members to
send me auditing and monitoring tools and
policies. Several members have been very
generous and cooperative, and I appreciate
their efforts. Some people have asked me to
be more specific about what types of tools
HCCA is looking for. I hesitate to be more
specific because when I have given examples
of material I am looking for, members
assume I am not interested in other areas of
auditing and monitoring. That is not the
case. I am seeking tools that have helped
members with their programs and that
would benefit others. Also, I can always
use ideas and writers for white papers and
books.
MD: What is the time commitment for
those volunteering to help
AP: The time commitment depends on
the project. For the Auditing and Monitoring
Manual members have taken tools and policies
that are already developed and e-mailed
those to me. Writing a white paper would
take more time, but HCCA has an editor to
assist with the process.
MD: If a member would like to be
involved, but can’t make a substantial time
commitment, what contributions to this
product development could they provide
AP: Members can always contribute
ideas. I encourage members to call me or
e-mail me with ideas. If there is an issue that
is crying out for discussion in a book or
paper I want to hear about it.
MD: Will you conduct any focus groups
during the Compliance Institute to learn from
what products our members will most benefit
AP: That’s a good question. I might
distribute questionnaires at the Compliance
Institute to learn more about the kinds of
products members want.
MD: What is the best way for members
to contact you
AP: They can e-mail me at
alan.pierce@hcca-info.org or call me at
888-580-8373 ext. 245. ■
The trend toward increased corporate...
...continued from page 28
ney general has oversight responsibilities for
nonprofits). Organizations should be prepared
for quicker investigative actions from state and
federal authorities in response to reported
abuses within tax-exempt organizations.
It is clear that with the growing impact of
charities and nonprofits following the recent
Katrina devastation, legislators will face
much more public pressure to (i) pass legislation
that increases nonprofit accountability,
and (ii) ensure that the benefits of taxexempt
organizations are directed toward the
bona fide charitable purposes and goodwill
of the general community. Those in the
nonprofit, tax-exempt health care compliance
area should keep abreast of such developments
and prepare for heightened compliance
requirements. At the very least, compliance
professionals should conduct self-audits
to see if their organization reflects problems
highlighted by the Sector Report, and
address any shortcomings accordingly. ■
1. Julie Appleby, “Non-profit Hospitals’ Top Salaries May Be
Due for a Check-Up,” USA Today, Money Section (Sept.
9, 2004), available at www.usatoday.com/money/industries/
health/2004-09-29-nonprofit-salaries_x.htm#POE=
click-refer
2. Cal. Gov’t Code § 12583.
3. Section 12586 in part reads as follows:
If it is a corporation, have an audit committee appointed
by the board of directors. The audit committee may
include persons who are not members of the board of
directors, but the member or members of the audit committee
shall not include any members of the staff, including
the president or chief executive officer and the treasurer
or chief financial officer. If the corporation has a
finance committee, it must be separate from the audit
committee. Members of the finance committee may serve
on the audit committee; however, the chairperson of the
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
audit committee may not be a member of the finance
committee and members of the finance committee shall
constitute less than one-half of the membership of the
audit committee. Members of the audit committee shall
not receive any compensation from the corporation in
excess of the compensation, if any, received by members of
the board of directors for service on the board and shall
not have a material financial interest in any entity doing
business with the corporation.
4. Cal. Gov’t Code § 12586(g).
5. A copy of the Massachusetts proposal is available at
www.ago.state.ma.us/sp.cfmpageid=2059
6. Maine LD 1691 (Mar. 10, 2004). A white paper discussion
of the Maine laws is available at www.nonprofitmaine.org/
documents/LD1770Sum.pdf. The National Council of
Nonprofit Associations monitors activity within nonprofit
law development, and helpful 2004 and 2005 surveys of
state legislation—whether passed or not—can be downloaded
at
www.ncna.org/index.cfmfuseaction=Page.viewPage&page
Id=555
7. New Hampshire H.B. 1408 (Jun. 11, 2004), available at
www.gencourt.state.nh.us/legislation/2004/HB1408.html
8. IRS News Release 2004-106 (Aug. 10, 2004).
9. Supra, n.2.
10. Note that churches and governmental entities are generally
exempt from Form 990 filings; this will include hospitals
that are essentially “owned” by local hospital districts.
11. Available at http://www.irs.gov/pub/irs-utl/topice00.pdf
HCCA’s 8th Annual
Compliance Survey
HCCA conducted its annual member
survey online from December 5, 2005,
to January 5, 2006.
This survey provides important benchmarking
data for the entire industry.
This research tracks the growth of
corporate compliance programs and
positions, and looks at issues facing
compliance officers and their staffs.
This important research also gives us
information on compliance education
and training as well as compliance
staff salary levels.
The 8th Annual Survey will be released
at the HCCA’s 10th Anniversary
Compliance Institute in Las Vegas and
will be mailed to all HCCA members.
January 2006
33

By Celeste Daye and Sou Chon Young
Editor’s note: Celeste Daye is Director Up to now, whoever had the most “muscle”
of Patient Accounting with Dana Farber had the ability to make others conform to
Cancer Institute, and Sou Chon Young their “language,” by customizing their system,
building interfaces or creating new
is a Health Care Industries Consultant
with PricewaterhouseCoopers.
work. Rather then utilizing technology to
Mr. Young may be reached by e-mail improve processes, workflows were created to
at sou.chon.young@us.pwc.com
accommodate technology.
It was January 2003 when the
HIPAA has given the industry the opportunities
not only to review our workflows but
Health Insurance Portability and
Accountability Act (HIPAA) 835 also to shave off non-value added (NVA)
Transaction Code Set (TCS) project at steps, which will reduce costs and improve
Dana Farber Cancer Institute (DFCI) efficiency. DFCI saw this opportunity and
started; it was to be a short three- to sixmonth
engagement working to configure a didn’t anticipate was the complexity involved
wanted to capitalize on HIPAA. What we
few new modules in the legacy patient with becoming compliant and adopting the
accounting system and bring the highest HIPAA 835 TCS, as well as the additional
revenue payors live with the 835 HIPAA1 opportunities that the 835 would provide.
Transaction Code Set. Two years later we
are finally live with all of these major Experience
payors and there is still plenty of work DFCI’s legacy patient accounting system had
related to the 835 TCS.
come out with a few new modules and functionality
such as the EDI Toolkit, Line Item
October 2002 was the mandated live date Payment Posting, and Rejection Subsystem,
(October 2003 if you filed for an extension) which needed to be configured, tested, and
set by the Department of Health and moved into live. At the same time, some payors
had their own implementation guides in
Human Services, but most of the industry is
still not using the 835 TCS.
addition to the ANSI X12N 835
Implementation Guide (IG), which needed
Intent
to be taken into consideration when configuring
the legacy patient accounting system.
One of the goals of HIPAA was to simplify
the health care business. What seemed like Most of this work seemed straightforward
common sense, to simplify communication but given all the different components, it was
within the health care industry, has finally only a matter of time before we ran into
been put down into a plan: standardization. some significant roadblocks.
Negative experiences
Patient Accounting System Vendor
We quickly realized we had a challenge ahead
of us when the vendor documentation was
incomplete or incorrect, functionality was
not working properly and others were changing
as we tested, and some major components
of the 835 files were not incorporated
into the system. The vendor had unknowingly
made us a beta site; and after several conference
calls with the vendor’s senior management,
a support team was dedicated to DFCI
to address some of the problems we were
encountering. Despite all of this, the vendor
was one of the early adopters of the HIPAA
TCS and had sophisticated systems in place.
Payors
Like most providers, we scheduled Medicare
first on the list for these reasons:
■ Medicare is the biggest payor with the
highest revenue in DFCI’s book of business
■ Medicare already had the most experience
using the standard code sets, which are
part of the ANSI X12N
■ There were threats and fines for those
who did not adopt the TCS (specifically
the 837), so we decided to test in parallel
the two TCS
Again, we quickly realized we had a challenge
ahead of us. For one, there was little or no
response from their EDI support team; we
were on our own. After much analysis and
testing we were able to handle some of the
nuances Medicare had, such as cost outliers,
PLB interpretation, and using certain reason
codes inconsistently (i.e., to report both a contractual
allowance in some instances and then
denials in others). Now, a system can be configured
for binary decisions (yes/no) but usually
cannot “think” without additional logic
and parameters created and set into place; so
we began a discussion about a “pre-processor”
January 2006
34
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org

that would provide the intelligence and handle
some of these non-standard situations.
Each payor we activated had its own nuances
and idiosyncrasies. Issues ranged from limitations
in the payors’ legacy system that led to
difficulty translating proprietary codes into
the HIPAA compliant codes or taking codes
from primary payors and passing them
through, to having different interpretations
of the IG, all of which we had to overcome.
The ship had set sail and there was no turning
back; we had to make things work.
We are still challenged by the multiple interpretations
of the same claim adjustment reason
code (CARC), the inconsistency in which
an individual payor may report the frequency
in which it changes its files. And our inability
to recognize when changes are being made
makes the work extremely challenging.
Positive experiences by stakeholder
To help develop collaboration between
payors and providers
Many of us know that with anything new,
several unforeseen issues arise—what some
might call opportunities. For example, the
issues encountered when testing with payors
created an opportunity to work collaboratively
with some local payors. Subcommittees
were established, which provided a forum for
addressing issues with those working hands
on. Not only were new relationships formed
and old ones strengthened, but also trust
increased and (silos) and walls began to
come down.
Historically, payors and providers were seen
as being on opposing sides, but much less so
now, at least not from the EDI perspective.
For example, when DFCI encountered an
issue with the local Blue Cross Blue Shield
(BCBS) 835 file, we worked with a representative
and the company’s EDI team, which
held weekly meetings for local providers to
understand issues providers were having.
They not only listened but they also worked
with us to come up with a solution. Several
months later they were able to come through
and shortly afterwards we flipped the switch
and converted from the old proprietary format
to the 835 with them.
Harvard Pilgrim Health Plan also held weekly
calls for users/testers to discuss issues, to ask
questions, and to share experiences with one
another. These types of calls also helped form
relationships among the provider community.
As the industry moved toward the new EDI
world, it forced processes to be reviewed in
order to integrate EDI, which provided the
opportunity to improve processes and
remove NVA steps.
Denial management
Another opportunity that presented itself in
implementing the 835 was the ability to create
a denial management program. Since payors
are now required to use the same denial
codes (CARC), denial reports could be generated
for all payors that DFCI posts with the
835 file. PricewaterhouseCoopers has such a
product, TurboDM, utilizing the 835 TCS to
standardize denial reports and work-lists.
Prior to HIPAA, DFCI had denial reports
but crosswalks had to be built for each
payor’s proprietary denial codes. These lists
of codes were not only cumbersome to maintain
but they required additional manual
intervention to integrate each payor into one
standard report.
Performance improvement
When analyzing 835 files prior to go live,
several other issues were uncovered. It ranged
from contracting, to claim creation and edits,
to coding, and ran the whole gamut as far as
the revenue cycle was concerned. The 835 is
full of information and if tapped into can
reveal so many areas for performance
improvement, specifically surrounding the
revenue cycle. Some examples are:
■ Coding—HCPC code and modifiers
■ Payment—DRG and APC payments
(depending on if payor is sending back
information)
■ Contracting:
– Allowed and contractual amounts
– Bundling
– High-level payment analysis
■ Billing
In addition, we had hoped customized
processors built to handle payor specific
file/tape formats, prior to HIPAA TCS, can
now be sunset, which will reduce maintenance
for the IT staff. The return on investment
(ROI) is large, both from a tangible
and intangible prospective. Short-term ROI
involves reducing full-time employee’s
(FTE’s) dedicated to manual cash and denial
posting; automation of denial workflows is
now a possibility. Now add to that compliance
benefits such as reduced cost for archiving
(paper versus electronic) and ease of
locating an electronic remittance versus a
paper remittance advice. The list goes on—
the benefits are endless as we move into the
EDI world.
Future
The journey has just begun. As the industry
works toward tightening the implementation
guides (such as version 4050 and 5010) and
further collaboration, we will fully realize the
simplification intended when first mandated.
In addition, an entity or board will need to
surface to govern and lead the rest of the
industry (such as HHS, WEDI, etc.) and
impose penalties on those who do not work
Continued on page 37
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
January 2006
35

OIG issues draft guidance ...continued from page 18
■ Written Policies and Procedures. The
OIG recommends that every institution
develop and distribute written policies and
procedures addressing compliance with
federal award requirements. The policies
and procedures should be provided to all
faculty members and other employees that
are affected by them, to students that may
be conducting research with federal awards,
and to any agents or contractors who furnish
services in connection with federal
research awards. As in past compliance program
guidance, the OIG recommends that
the institution develop a code of conduct
and that there be involvement of senior
management of the institution, such as the
board of regents and president.
■ Designation of a Compliance Officer
and a Compliance Committee. The
compliance officer should report directly to
the institution’s president and should have
direct access to the board of regents or
other governing body, senior administration
officials, and legal counsel. For larger
institutions, the compliance officer could
also report to the provost or official with
similar high-level responsibility for the
oversight of research administration.
■ Conducting Effective Training. The
OIG states that it is important to train
appropriate administrators, both at the institution
and department levels, faculty
(including principal investigators), other
staff, and contractors on award administration
and other award program requirements.
It may be helpful to involve faculty, such as
principal investigators, in developing training
programs to promote buy-in with the
compliance program. Administrative personnel
who manage award funding should
receive specialized training on federal cost
principles and grant administration regulations
and policies. Employees who are
involved with clinical research should receive
training in the protection of human subjects,
the IRB process, and the responsible
conduct of research. The OIG suggests that
institutions consider relaying in the training
actual examples of compliance problems at
the institution or other institutions, typically
without any identifying information.
■ Developing Effective Lines of
Communication. University officials,
department chairpersons, or other supervisors
should serve as the first line of communication
for compliance issues. The
OIG’s other standard recommended communication
methods should also be considered,
such as hotlines, e-mails, newsletters,
and suggestion boxes, at least one of
which should allow employees to report
matters on an anonymous basis.
■ Auditing and Monitoring. The OIG
notes that all institutions that spend
$500,000 or more in federal awards are
required to have a “non-federal entity” single
audit. This is usually in addition to an
institution’s annual financial statement
audit. As in other compliance program
guidance, the OIG also recommends conducting
internal audits and risk assessments
to identify other risk areas. The OIG
emphasizes that external auditors should be
considered when there is a particular problem
or risk area that needs attention.
■ Disciplinary Guidelines. The OIG recommends
similar disciplinary policies and
sanctions as it has recommended in past
guidance.
■ Responding and Developing Corrective
Action Plans. The OIG recommends similar
policies for investigating and responding
to alleged violations of the compliance program
or applicable federal or state laws as it
has recommended in past guidance.
The new eighth element. The OIG has
added an eighth element that it considers
“especially important” for an effective compliance
program at a research institution. The
eighth element requires the institution to
define roles and responsibilities and assign
oversight responsibility for research activities.
Institutions should delineate responsibilities for
all individuals involved in federally supported
research, including research administration and
department personnel, and principal investigators
and others engaged in research. The OIG
notes that, since PHS regulations define the
institution as the “responsible legal entity” that
certifies statutory and regulatory compliance,
clearly defined roles and responsibilities will
assist institutions in fulfilling their certifications
of compliance and assist in protecting
institutions against allegations of wrongful
conduct. The Guidance recommends including
roles and responsibilities in the institution’s
written policies and procedures and in its formal
training and education program.
Conclusion
The Guidance currently is in draft form.
Comments on the Guidance are due to OIG
by January 30, 2006. After considering all comments,
the OIG will prepare a final version for
publication in the Federal Register. Until then,
recipients of awards from PHS should review
the draft Guidance in light of their current
policies, procedures, and practices and begin to
consider the ways in which the information in
the Guidance may help improve the recipient’s
research compliance efforts. The Guidance is
helpful both regarding grant management and
other regulatory areas affecting the research
enterprise, such as human subject protections,
research misconduct, and conflicts of interest.
For additional general information on research
compliance issues, the Guidance includes a
bibliography that identifies literature on
research compliance issues, including guidance
on establishing a compliance program. ■
The information in this article does not constitute legal advice,
which can only be obtained through personal consultation with an
attorney. The information published here is believed to be accurate
at the time of publication, but is subject to change and does
not purport to be a complete statement of all relevant issues .
January 2006
36
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org

Case study of Dana Farber Cancer Institute
...continued from page 35
toward the common goal. Without any penalty or
enforcement, the industry will move at a much
slower pace.
The landscape is constantly changing and two other paradigm
shifts such as consumerism and pay-for-performance
are looming on the horizon. In our opinion, leveraging
the HIPAA TCS and complying with the security
and privacy rules will be essential in adoption of these
new paradigms.
But before we get ahead of ourselves, we all need to do
a better job about voicing issues from the trenches and
expressing them to organizations such as WEDI, CMS,
HHS, etc. to further reduce the chaos it has created
and work better toward true simplification. We hope
that this article has shed some light on and has motivated
you to look further into adopting the HIPAA TCS
or to plow forward despite the challenges.
Summary
As with any situation, one can view it as a problem or
an opportunity. DFCI and PwC viewed HIPAA as an
opportunity. Together we have moved into the HIPAA
world and we look forward to additional opportunities
to come. Along the way, we’ve built some great relationships
with some payors and have learned some great
lessons. Some of these didn’t even deal with HIPAA,
payors, or patient accounting. Project management,
working internally with IT and vendors were all part
of the mix.
All in all, we have all benefited and moved one step
further in reducing cost and simplifying administration
within health care. ■
1. HIPAA—Health Insurance Portability and Accountability Act of 1996.
The Healthcare Compliance
Certification Board (HCCB) compliance
certification examination is
available in all 50 States. Join your
peers and become Certified in
Healthcare Compliance (CHC).
CHC certification benefits:
■ Enhances the credibility of the
compliance practitioner
■ Enhances the credibility of the
compliance programs staffed
by these certified professionals
■ Assures that each certified
compliance practitioner has
the broad knowledge base necessary
to perform the compliance
function
■ Establishes professional standards
and status for compliance
professionals
■ Facilitates compliance work for
compliance practitioners in
dealing with other professionals
in the industry, such as physicians
and attorneys
■ Demonstrates the hard work
and dedication necessary to
perform the compliance task
CHC
CERTIFIED IN
HEALTHCARE
COMPLIANCE
The Compliance
Professional’s Certification
Congratulations on achieving
CHC status! The Health Care Compliance
Certification Board announces that the following
individuals have recently
successfully completed the Certified in
Healthcare Compliance (CHC) examination,
earning CHC designation:
Samuel L. Alfano
April Ileen Andrews-Singh
Anthony P. Angelo
David James Behinfar
James Canino
Patricia Ann. Combs
Mary Lucille Crumbaker
Caron R. Cullen
Charlotte Renee Dokes
James Alexander
Donaldson
Anne Therese Dosch
Kim E. Edwards
James Joseph Ferriter
Levoy Golden Haight
Carrie A. Hardie
Lorenzo Alan Henderson
Kristan Ann Holt
Kristy M. Johnson
Steve C. Kilgore
Indus M. Kreutz
Jack Lay
Linda J. Lemay
Edward G. Longazel
Rebecca Lynn Massey
Peggy Ann Mccurry
Lori A. Moon
Madonna C. Moranville
John Robert Outlaw
Lise D. Rauzi
Dana Kathleen Reid
Kate Riley
Deborah Gayle Rodgers
CHC Certification, developed
and managed by HCCB, became
available June 26, 2000. Since
that time, hundreds of your colleagues
have become Certified in
Healthcare Compliance. Linda
Wolverton, CHC, says that she
sought CHC Certification
because “many knowledgeable
people work in compliance, and I
wanted my peers to recognize me
as ‘one of their own’.” With
certification she is “recognized as having
taken the profession seriously, having met the national professional standard.”
Brenadette A. Schwab
Susan B. Scutt
Neil Edward Shields
Angela Eakes Solomon
Linda L. Stratton
Kristine Marie Tomzik
Pat Wagner
Robert L. Wamsley
Robin Lee Wilcox
Karen K. Wilson
Cathy A. Wolfe
Ami Zumkhawala-Cook
Veronica Angulo
Timothy Barker
Janet Berkel
Marvin Capehart
Sara Ann Desmond
Kathleen A. Dimaggio
Kathleen Gallegos
Patricia Hansen
Lee Harrison
Andrea M. Kuhlen
Samuel Kofi Kyeremeh
Latour Rey Lafferty
Mary P. Luthy
Donald Ray Martin
Melanie Benitez Roberts
Connie Sweeney
Nina Viloria
Susan Lee Waterman
Christopher Parella
Betty Bibbins
For more information on how you can become CHC Certified, please call
888-580-8373, e-mail hccb@hcca-info.org, or visit the HCCA Web site at
www.hcca-info.org and click on the HCCB Certification button on the left.
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
37
January 2006

By Lawrence A. Fogel and Joseph M. Watt
Editor’s note: Lawrence A. Fogel, guidance documents for hospitals, including
principal, and Joseph M. Watt, partner, the February 23, 1998, Federal Register and
are both members of BKD Health Care the January 31, 2005, Federal Register.
Group, a division of BKD, LLP, in
Kansas City, Missouri, which serves thousands
of health care providers nationwide. the OIG acknowledged that effective compli-
In the OIG’s original compliance guidance,
Mr. Fogel and Mr. Watt consult with ance programs provide the following benefits:
clients on a broad spectrum of corporate ■ Enable hospitals to ensure that false or
integrity solutions. Contact the authors at inaccurate claims are not being submitted
lfogel@bkd.com or jwatt@bkd.com
to government and private payors
■ Assist hospitals in identifying weaknesses
United States hospitals cannot and internal systems and management
blame the federal government for ■ Demonstrate to employees and the community
that the hospital is strongly committed
a lack of guidance on developing
and maintaining effective compliance programs.
To the contrary, the Office of ■ Provide a more accurate view of employee
to honest and responsible corporate conduct
Inspector General (OIG) has provided written
guidance as a roadmap for hospitals to abuse
and contract behavior related to fraud and
operate effective compliance programs. ■ Identify and prevent criminal and
unethical conduct
Some hospitals seem unconcerned about effective
compliance programs. Many hospitals program to meet the hospitals specific
■ Enable hospitals to conform the compliance
assume just having a compliance program needs
offers sufficient protection. In reality, ineffective
compliance programs offer little or no ■ Create a centralized process for distribut-
■ Improve the quality of patient care
protection to hospitals that commit compliance
violations, detected or not, well after seri-
rules and regulations pertaining to fraud
ing information on relevant health care
ous damage occurs. Effective compliance programs
may enable hospitals to avoid compli-
■ Encourage employees to report potential
and abuse
ance violations or detect them early enough to problems
mitigate serious damages. Furthermore, government
agencies may be more lenient with gation of alleged misconduct
■ Provide for prompt and thorough investi-
hospitals that operate effective compliance ■ Provide for immediate and appropriate
programs even if cited for a violation.
corrective action
■ Reduce the loss to the government
Guidance is available and accessible. The from compliance violations through early
OIG has published two primary compliance detection and reporting
LAWRENCE A. FOGEL
According to the OIG, the following seven
elements should be included in compliance
programs:
1. Develop and distribute written standards of
conduct and written polices and procedures
2. Designate a chief compliance officer and
compliance committee
3. Develop and implement effective education
and training programs
4. Maintain a hotline or other processes to
receive complaints
5. Respond systematically to allegations and
improper or unlawful activities and
enforce appropriate disciplinary actions
6. Use audits or other monitoring techniques
to monitor compliance
7. Investigate and resolve identified systematic
problems
To evaluate compliance program effectiveness,
the OIG recommends hospitals perform periodic
reviews, at least annually, to determine if
the seven compliance elements have been satisfied.
Documentation supporting compliance
activities should demonstrate the compliance
program operated effectively. Reviewers should
be independent of physicians and line management.
The compliance review team should:
■ Conduct on-site reviews
■ Interview personnel involved in
management, operations coding, claims
development submission, etc.
January 2006
38
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org

JOSEPH M. WATT
■ Solicit staff and employees’ impressions
using questionnaires
■ Review medical and financial records and
other source documents
■ Review written materials and documentation
prepared by the hospital
■ Analyze trends
Despite the 1998 guidance, many hospitals
have yet to perform periodic compliance effectiveness
reviews. Consequently, the OIG published
supplemental compliance guidance for
hospitals in the January 31, 2005, Federal
Register. In it, the OIG states there must be a
commitment to active involvement of organizational
leadership for every compliance program.
The OIG expects a hospital’s leadership
to promote a culture of values and rewards for
prevention, detection, and resolution of compliance
problems. Hospitals are expected to
develop a culture that values compliance from
the top down and fosters compliance from the
bottom up. The OIG believes such an organizational
culture is the foundation of an effective
compliance program. The OIG recommends
compliance program effectiveness be
evaluated based on outcome indicators such as
monitoring and evaluating billing and coding
error rates and identifying overpayments.
In addition to evaluating outcome indicators,
the OIG recommends hospitals evaluate the
seven elements through probing questions,
including, but not limited to, the following:
1. Compliance officer and committee
■ Does the compliance department have a
clear, well-crafted mission
■ Is the compliance department properly
organized
■ Does the compliance department have
sufficient resources
■ Is there an active compliance committee,
comprised of trained representatives
from each of the relevant functioning
departments
■ Does the compliance officer have direct
access to the governing body, CEO and
legal counsel
■ Does the compliance officer have a good
working relationship with other key
operational areas
■ Does the compliance officer make regular
reports to the board of directors and senior
management
2. Development of compliance polices
and procedures
■ Are policies and procedures clearly written
■ Does the hospital monitor compliance
with internal policies and procedures
■ Have the standards of conduct been distributed
to all members of the board of
directors, officers, managers, employees,
contractors, medical and clinical staff
■ Has the hospital developed and implemented
a risk assessment tool
■ Does the risk assessment tool include an
evaluation of federal health care program
requirements
3. Open lines of communication
■ Has the hospital promoted a culture
encouraging open communication without
fear of retribution
■ Has the hospital established an anonymous
hotline or similar reporting mechanism
■ Is the hotline or other reporting mechanism
well publicized
■ Are all instances of potential fraud and
abuse investigated
■ Are results of the investigation shared
with the governing body and relevant
departments
4. Appropriate training and education
■ Does the hospital provide qualified
trainers
■ Does the hospital conduct annual
compliance training
■ Is the training both general in nature and
specific to pertinent staff responsibilities
■ Does the hospital evaluate the contents of
its education program annually
■ Has the hospital kept current with
changes in federal health care program
requirements
■ Does the hospital seek feedback after each
training session to identify strengths and
weaknesses of the compliance program
■ Does the hospital administer post-training
tests
■ Has the hospital’s governing body been
provided with appropriate training
■ Has the hospital properly documented
who has completed the training
5. Internal monitoring and auditing
■ Is the audit work plan reevaluated annually
■ Does the work plan address the appropriate
levels of concern
■ Does the work plan include an assessment
of billing systems
■ Is the role of the auditors clearly
established and are coding and auditing
personnel independent and qualified
■ Has the hospital evaluated the error rates
identified in the annual audits
■ Does the audit include a review of all
billing documentation, including clinical
documentation
Continued on page 40
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
January 2006
39

The OIG’s roadmap for effective compliance programs ...continued from page 39
6. Response to detected deficiencies
■ Has the hospital created a response team
to evaluate detected deficiencies
■ Are all deficiencies thoroughly and
promptly investigated
■ Are corrective actions taken to resolve
compliance violations
■ Are subsequent periodic reviews performed
to verify that corrective actions
have eliminated compliance problems
■ Are overpayments promptly identified and
returned to the fiscal intermediary or
other payors
■ Are compliance violations promptly reported
to the appropriate law enforcement
agency, if required
7. Enforcement of disciplinary standards
■ Are disciplinary standards publicized to all
hospital personnel
■ Are disciplinary standards consistently
enforced throughout the organization
■ Are enforcement actions of disciplinary
standards properly documented
■ Are employees, contractors, medical and
clinical staff checked routinely against the
government sanctions list
In summary, there are at least three ways a
hospital can evaluate the effectiveness of its
compliance programs. The first is for the hospital
to conduct an internal review using its
own personnel. Note: The OIG cautions that
the reviewers should be independent of linemanagement.
In other words, the reviews
should be conducted as independently and
objectively as possible.
The second way is to utilize external consultants.
This generally provides an independent
and objective evaluation of the compliance
program’s ability to meet the seven elements
required for effective compliance programs.
The third way is through a government
investigation. Government investigators have
the right to request copies of the compliance
plan and standards of conduct and to review
the hospital’s compliance activities to determine
if the compliance program is effective.
Without a doubt, hospitals should perform
their own compliance effectiveness reviews at
least annually to evaluate if their compliance
programs are operating properly. The OIG has
provided a good roadmap of its expectations
for an effective compliance program. Now,
hospitals are in the driver’s seat to develop and
maintain effective compliance programs. ■
A new value proposition ...continued from page 31
Legal and regulatory context
The emerging control frameworks converge
for the purposes of SOX section 404 and the
development of compliance programs.
Another common denominator is the focus
on antifraud programs and controls. Each of
the standards establishes criteria for evaluating
such controls from a distinct vantage point.
The COSO framework 3 establishes criteria for
internal control over financial reporting which
forms the basis of management and auditor
obligations under SOX 404. The standards
under the amended U.S. Sentencing
Guidelines for Organizations are designed to
address what prosecutors and courts look for
in determining whether an organization has
exercised due diligence in establishing a program
to prevent and deter violations of law.
The listing requirements of the stock
exchanges define certain control standards in
greater detail. Still, the various criteria share
similar characteristics that can be organized
under the overall COSO framework.
Sarbanes-Oxley and ensuing
regulations and standards
Reaffirming the obvious, Sarbanes-Oxley is
focusing attention on standards that will have
far-reaching governance and control expectations
on organizational compliance systems. It
is now abundantly clear that many of the principles
found in Sarbanes-Oxley overlap and
complement existing compliance guidances,
and those principles are being further adopted
and enhanced by other regulatory authorities.
To further restate what is well known, the
credibility of public company financial reporting
was undermined following a string of corporate
accounting scandals. These events led
to a number of proposals to improve the
financial reporting process and restore investor
confidence. In 2002, Congress passed the
Sarbanes-Oxley Act 4 to improve the integrity
of financial reporting and to restore public
confidence. Subsequently, the Securities and
Exchange Commission (SEC), various stock
exchanges, and the National Association of
Securities Dealers adopted rules and regulations
mandating processes tailored to meet the
requirements of the new law.
Failures in internal control, particularly over
financial reporting, were among the specific
concerns addressed by Congress in SOX. 5
Congress required that management affirmatively
report on a company’s internal control
over financial reporting, and that auditors
attest to the accuracy of management’s report.
The Act thus created the Public Company
Accounting Oversight Board (PCAOB) to
oversee the audits of public companies.
Organizations use internal controls as safeguards
and checks on a variety of processes
January 2006
40
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org

including the three objectives set forth under
COSO: financial reporting, operating efficiency
and effectiveness, and compliance
with applicable laws and regulations. Most
companies and their auditors will use the
COSO framework, which has been deemed
suitable by the PCAOB for purposes of management’s
assessment. 6 The COSO integrated
framework includes five components of
internal control (Control Environment, Risk
Assessment, Control Activities, Information
and Communication, and Monitoring) that
are also acknowledged by the PCAOB.
SOX refers explicitly to controls related to the
prevention, identification and detection of
fraud. And the PCAOB repeatedly notes that
strong internal controls provide better opportunities
to detect and deter fraud. 7 Although
antifraud programs and controls must include
all five components of COSO, special
emphasis is placed on the control environment,
8 such as tone at the top, because of its
pervasive effect on the achievement of many
overall objectives of control criteria.
Amendments to the Organizational
Sentencing Guidelines
Prior to SOX, the U.S. Sentencing
Commission adopted the Federal Sentencing
Guidelines (FSG) which introduced the
seven criteria for management of ethics and
compliance risk, 9 and that have served as the
primary framework for compliance program
effectiveness. The FSG and COSO frameworks
share many characteristics. Much of
the FSG criteria are contained in the components
of COSO, especially under the control
environment. However, a main distinction is
that as a practical matter, the FSG only
requires evaluation of its elements when a
company is seeking to mitigate penalties for
corporate misconduct. Additionally, if a
Department of Justice attorney finds that a
truly effective compliance program has been
implemented, this “may result in a decision
to charge only the corporation’s employees
and agents” and not the organization itself. 10
This year the U.S. Sentencing Commission
voted to amend the existing guidelines. 11
These amendments narrow even further the
differences between the Guidelines and the
COSO framework. Many of the same forces
that led to the Sarbanes-Oxley requirements
had led to the initiation of the FSG and the
new amendments.
The amendments approved by the
Commission make the standards for compliance
and ethics programs more rigorous and
put greater responsibility on boards of directors
and executives for the oversight and
management of such programs. Board directors
and senior management must now take
active roles in the content and operation of
ethics and compliance programs. Similarly,
SOX devotes considerable attention on how
to ensure adequate board and management
oversight.
Significantly, the FSG states that the organization
must issue standards of conduct and
internal control systems that reduce criminal
activity and detect and prevent violations
of law. Just like SOX, the organizational sentencing
guidelines recognize the value of
internal controls and view them as an essential
feature of an effective compliance program.
Under the FSG, internal controls are
tied to risk assessment and monitoring activities—also
to COSO components.
The value proposition
As noted, many of the attributes of the
COSO components and their points of focus
implicate a compliance program under the
organizational sentencing guidelines. The
amendments to the FSG are therefore a
means for a compliance officer to get more
involved in Sarbanes-Oxley compliance. The
function is pivotal because many of the compliance
processes undertaken by the compliance
program can be applied to the SOX
internal control requirements.
Yet in most cases, SOX is managed out of a
unit under the purview of the controller’s
office or internal audit. And most of those
outside a compliance or legal department are
unaware of the compliance standards under
the FSG. As a result, many in charge of managing
SOX 404 implementation or assessment
are not familiar with the elements of
effective compliance processes.
What should be apparent is that involvement
in the SOX internal control process can set
the stage for demonstrating compliance effectiveness
to mitigate penalties if the occurrence
of fraud or corporate misconduct
should occur. Given the overlap between the
FSG and SOX, it makes sense to leverage
and integrate compliance program activities
with those of SOX internal control implementation
and assessment. What are likely to
emerge are the best practice standards that
for organizations can also serve as a demonstration
of compliance program effectiveness
to the government.
The following are areas of opportunities for
an organization contemplating a formal compliance
program, or for an existing compliance
officer to consider:
Integration of control processes. There is
often a tendency to compartmentalize compliance
responsibilities (e.g., SOX, FSG, industryspecific
legal mandates, etc.). But consider the
benefits to managing these processes with similar
controls and technology. Otherwise organizations
can face inefficient and ultimately fragmented
compliance processes. A compliance
Continued on page 42
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
January 2006
41

A new value proposition ...continued from page 41
officer responsible for coordinating all compliance
efforts can result in an integrated and more
effective compliance program.
Although SOX 404 focuses on the COSO
objective of the reliability of financial reporting,
there are areas where there will be overlap with
internal controls over operations and compliance
with applicable regulations. 12 Some compliance
controls may be relevant to financial
reporting, thus there is the prospect of including
the COSO compliance objective with SOX
financial reporting control efforts to further
drive business performance. A compliance officer
can also play a role in a company’s disclosure
controls and procedures under SOX section
302, particularly non-financial information that
is required by the SEC to be divulged.
Moreover, for complex industries, an ineffective
regulatory compliance function in which violations
of laws and regulations could have a material
effect on the reliability of financial reporting
is said to be regarded as at least a significant
deficiency and a strong indicator of a material
weakness under the new auditing standard. 13
Reliance on compliance work and activities
by external auditors. Another opportunity
arises from the flexibility that public
auditors are afforded under the new auditing
standard established by the PCAOB, to use
the work of others when evaluating internal
control effectiveness. The PCAOB notes that
this is “strong encouragement for companies
to develop high-quality internal audit, compliance,
and other such functions” 14 (emphasis
added). Accordingly the work of the compliance
program can serve a dual purpose in
supporting an efficient audit of internal control,
while providing documentation of the
effectiveness of the compliance program itself.
Areas of overlap under COSO. A significant
area of overlap between SOX 404 and
the FSG involves control environment objectives
under COSO. Several control environment
factors entail activities that have become
the province of the compliance program. For
example, the integrity and ethical values
attribute involves the code of conduct which
is a compliance program responsibility where
the function exists. The hotline is often managed
by the compliance department and can
be viewed as a control environment and/or
information and communication factor.
Training on the code of conduct and fraud
areas is considered an attribute under information
and communication. Many of the human
resource policies and practices attributes under
the control environment entail features of a
compliance program under the FSG (e.g.,
employee background checks, appropriate
incentives, and disciplinary practices).
A new provision of the organizational sentencing
guidelines is the importance of performing
on-going risk assessments on the
likelihood of compliance violations, and to
use those results to modify features of the
compliance program, and to prioritize compliance
resources and activities. Again, this is
similar to the expectations for fraud control
under COSO and the PCAOB.
If you can’t beat them, join them. In the
health care and pharmaceutical industries and
other highly regulated business sectors, compliance
programs and senior compliance officers
have become customary and an expectation
of government regulators and enforcement
agencies. Congress and government
agencies have even made clear their perspective
that a compliance function should be
freestanding from the general counsel and the
finance functions. 15 Not surprisingly, compliance
programs did not become the norm
until they were foisted on several organizations
through agreements with the government
known as corporate integrity agreements
(CIA). The enforcement of the False
Claims Act in health care resulted in CIAs
that have mandated compliance programs,
which essentially track the elements of an
effective compliance program under the FSG.
Interestingly, the SEC has started to require
certain compliance measures, such as the
appointment of a compliance officer, in a settlement
through a consent judgment. 16
Already in response to the mutual fund scandals,
we’ve seen the SEC issue a new rule
requiring registered investment companies
and advisors to designate a chief compliance
officer, and to have ethics codes and policies
and procedures designed to prevent violations
of securities laws.
So an additional benefit of being able to
demonstrate the existence of an effective
compliance program is that the SEC or other
enforcement agency will be less likely to
impose one on the program and/or will
reduce the scope and extent of the CIA
terms. Of course, this is in addition to the
mitigation of penalties under the FSG for
having an effective compliance program. The
burdens of a mandated program are heavy
indeed (annual reporting obligations, retention
of an independent review organization,
penalties for CIA failures, etc.).
Finally—Effectiveness
It has been implied in this discussion, that the
existence of a compliance program with the
features described in the FSG will constitute
an effective one. In truth, it remains to be
better defined what the government will
accept as proof of an effective program.
Unfortunately, data from the U.S. Sentencing
Commission is somewhat limited in demonstrating
any trends that the FSG may have on
reducing penalties and influencing corporate
behavior, and it is empirically difficult to test
its impact. 17 Given the growing awareness of
ethics and compliance programs, one might
January 2006
42
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org

expect a measurable impact of compliance
program effectiveness on an organization’s
financial reputation—however the direct
impact is unclear. 18
Nonetheless it is clear there is growing awareness
of the value of a compliance program.
With the amended organizational guidelines
coming into effect, it is expected that more
specific methods for assessing and measuring
effectiveness will result. Today’s leading
companies are expected not only to produce
superior goods and services but to adhere to
basic ethical principles and exercise principled
judgment in carrying out their affairs—
including accepting responsibility for misdeeds.
19 New standards for corporate performance
are emerging that encompass both
financial and moral dimensions.
If features of a compliance program that are
reviewed under SOX 404 and PCAOB
Auditing Standard Number 2 can pass
muster with management’s own assessment,
and the review of the public auditor, then a
case can be made that those aspects of the
compliance program are indeed effective.
The more a compliance officer is integrated
into SOX 404 efforts, and a compliance program
is considered part of a company’s overall
internal control framework, the more likely
that concrete underlying structure and
process measures can be gathered to validate
the effectiveness and value of the program.
At a minimum, the internal control work
done for SOX 404 can be part of the regular
review of the compliance program to assess
how it is functioning.
Internal controls are defined broadly and
encompass more than financial reporting—it
extend to every significant goal a company
has established. The importance and relevance
of a compliance program and officer
should not be underestimated as the relationship
between internal controls and management’s
responsibilities becomes increasingly
clear. ■
1. Gary W. Thompson, “Multifaceted Approach to Corporate
Governance Reform: The Role of Corporate Compliance
Programs and Officers” in Prevention of Corporate
Liability, Vol. 11, No. 8, 09/15/2003, pp. 97-99, 100
(Washington, D.C., BNA, Inc.).
2. See e.g., Insurance Fraud: The Quiet Catastrophe
(Insurance Research and Publications, Conning and
Company, 1996), an insurance industry study which
defined return on investment (ROI) as the ratio of money
saved to money spent fighting fraud, and found an average
ROI of $6.88 (Referenced by the Coalition Against
Insurance Fraud at
www.insurancefraud.org/rc_research_set.html); Seizing the
Opportunity, Part One: Benchmarking Compliance
Programmes (Corporate Executive Board, General Counsel
Roundtable, 2003), which found that each additional dollar
spent on compliance, returns $5.21 on average. Also, the
National Healthcare Anti-Fraud Association purportedly
maintains information of the ROI of the special investigations
units of its member organizations. (See reference to
Annual Anti-Fraud Management Survey Report at
www.nhcaa.org/about_nhcaa/).
3. COSO issued Internal Control—Integrated Framework in
1992, and recently issued Enterprise Risk Management—
Integrated Framework. More information on COSO and its
frameworks can be found at http://www.coso.org/.
4. Sarbanes-Oxley Act, 15 U.S.C. §7202 (2002). In particular,
see the internal control requirements under §404 of SOX.
5. PCAOB Release No. 2004-001 (March 9, 2004), p. 2.
6. PCAOB Auditing Standard No. 2, para. 14.
7. PCAOB Release No. 2004-001 (March 9, 2004) pp. 4, 24;
Auditing Standard No. 2, paras. 24, 25, 40, 53, 115.
8. PCAOB Auditing Standard No. 2, paras. 25, 52, 53.
9. U.S. Sentencing Commission Guidelines, Guidelines
Manual, 8A1.2, comment note 3(k)(7).
10. Federal Prosecutions of Business Organizations (the
Thompson Memo), United States Attorneys’ Manual,
Department of Justice, Title 9 (Criminal Resource Manual),
No. 162, VII-B. See
http://www.usdoj.gov/usao/eousa/foia_reading_room/usam/t
itle9/crm00162.htm.
11. The amendments go into effect on November 1, 2004,
unless Congress disapproves. An executive summary and the
full report of the amendments can be found at the U.S.
Sentencing Commission Web site located at www.ussc.gov.
The case Blakely v. Washington has raised issues about the
constitutionality of the federal sentencing guidelines. The
U.S. Supreme Court has heard two cases on the use of the
sentencing guidelines.
12. See PCAOB Auditing Standard No. 2, para. 15.
13. PCAOB Auditing Standard No. 2, para. 140.
14. PCAOB Release No. 2004-001 (March 9, 2004), p. 19.
15. Guidance provided by the United States Department of
Health and Human Services’ Office of the Inspector
General (OIG) indicates that it is “not advisable for the
compliance function to be subordinate to . . . the general
counsel or controller or similar financial officer” which can
be found in the voluntary compliance program guidances
issued by the OIG (see http://oig.hhs.gov/fraud/complianceguidance.html).
U.S. Senator Grassley has stated there
is an inherent conflict with the compliance officer and general
counsel being the same person (see Grassley investigates
Tenet Health care’s Use of Federal Tax Dollars, September
25, 2003, letter to Tenet Healthcare Corporation).
16. See Gary W. Thompson, “Is the SEC Learning to Spell CIA:
The Prospect of Mandated Corporate Compliance in SEC
Enforcement Actions” in Corporate Accountability Report,
Vol. 1, No. 34, 09/19/2003, pp. 920-921 (Washington,
D.C., BNA, Inc.).
17. See discussion on the sentencing data and the impact of the
FSG in the Report of the Ad Hoc Advisory Group on the
Organizational Sentencing Guidelines (October 7, 2003).
The report can be found at the U.S. Sentencing
Commission website located at www.ussc.gov.
18. The link between corporate profits and corporate citizenship
has been studied for decades without resolution. Some surveys
have found that customer loyalty, employee retention
and reputation are positively impacted by corporate responsibility.
See Joshua Daniel Margolis and James Patrick
Walsh, People and Profits The Search for a Link Between a
Company’s Social and Financial Performance (Mahwah, NJ:
Lawrence Erlbaum Associates Publishers, 2001) which summarizes
studies utilizing various accounting, market, and
outcome indicators.
19. See generally Lynn Sharp Paine, Value Shift: Why
Companies Must Merge Social and Financial Imperatives to
Achieve Superior Performance (New York, NY: McGraw-
Hill, 2003), for discussion on how companies are being
measured against performance standards that are qualitatively
different from those in the past.
Register Now!
HCCA
COMPLIANCE
ACADEMIES
■ March 20-23, 2006
Hilton Dallas
Lincoln Centre
Dallas, TX
■ June 5-8, 2006
Hilton Scottsdale
Resort & Villas
Scottsdale, AZ
For more information
or to register, visit
HCCA’s Web site at
www.hcca-info.org or call
HCCA at 888-580-8373.
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
January 2006
43

The Health Care Compliance Association
welcomes the following new members and
organizations. Please update any contact
information using the Member Center on
the Web site, or e-mail Karrie Hakenson
(karrie.hakenson@hcca-info.org) with
changes or corrections.
Puerto Rico
■ Juan R. Arbona, PhD, JD, Abbott
Laboratories PR, Inc
Texas
■ Diana Adams, RRA, Inc
■ Joy Biddy, Medical Clinic of Houston, L.L.P.
■ Nancy B. Bowman, USMD Hospital at
Arlington
■ Elaine Carroll, City of Austin
■ Joy Choate, DFB Pharmaceuticals Inc
■ Mark D. Chouteau, Brown McCarroll LLP
■ Sharlene Daniels, MAHS, City of Austin
Hospital District
■ Hal Davis, Memorial Health System
■ Jackie Davis-Willett, TERM Billing Inc
■ Shannon De La Paz, Memorial Hermann
Healthcare System
■ CarolAnn Dixon, Hopkins County
Memorial Hosp
■ Kristen Dozier, Intermedix, Inc
■ Elizabeth Esparza, Austin Cancer Centers
■ Sylvia Fletcher, RN, MSN, Doctors Hosp
Dallas
■ Cindy Foley, Texas Back Institute Research
Foundation
■ Adele Giles, MBA, Nix Health Care System
■ Krista Lee Guerra, Brown McCarroll, LLP
■ Sharon Haynie, CHRISTUS Health
■ Brad Hicks, FIRSTCARE
■ Dianna D. Johnson, Austin Radiological
Association
■ Ken A. Johnson, Quest Diagnostics
■ Jack Keller, HealthTexas Medical Group
■ Jeff Keyser, Encysive Pharmaceuticals
■ Rebecca Komkov, Seton Healthcare
Network
■ Michael Eric Kreck, Texas Tech Univ. HSC
■ Philip LeBlanc, CPA, Valley Baptist Hlth Sys
■ Jason Mattern, Intermedix, Inc
■ Jeremy Mattern, Intermedix, Inc
■ Jennifer Mazzone, VA North Texas Health
Care System
■ Melissa McCall, CPC, Texas Tech Univ Hlth
Sciences Ctr, Odessa
■ Sheila McDaniel
■ William McDonald, CHRISTUS Health
■ Dorrie McMillan, N TX Affiliated Med Grp
■ Mary Ann Missman, CHRISTUS Health
■ Wanda J. Murphy, MSN, Bellaire Med Ctr
■ Donna Ohnmeiss, TBI Research Fnd
■ Ann Marie Paradowski, Tomball Regional
■ Nicholas Parish, CPC, Per-Se Technologies
■ Carol Phelps, Texas Health Resources
■ Scott Reichel, BA, Intermedix, Inc
■ Jane Rogers, RHIA, UT Southwestern
Mancrief Cancer Ctr
■ Leonard Rosenfeld, Tenet, Santa Barbara
■ Julie G. Rowell, Wilson Memorial Hosp Dist
■ Sandra Saunders, Thomason Hospital
■ Stuart Schroeder, BBS, MPA, Medical Arts
Clinic
■ Michael Sherwood, Triad Hospitals Inc
■ Laura Silva, TX Tech Univ Health Sci Ctr
■ Mathew Spencer, TX Tech Univ Health Sci
Ctr
■ H Allen Strickland, BBA, JD, McKenna
Hlth Sys
■ Cindy Strzelecki, MBA, RN, Methodist
Hlthcare Sys of San Antonio LLP
■ Deborah Terry, CHRISTUS Health
■ Diane Thomas, UTHSCSA
■ Molly Tomlin, Texas Home Health
■ Roberta Vanderburg, Hopkins County
Memorial Hosp
■ Javier Vergne-Morell,
■ Eric J. Weatherford, JD, Brown McCarroll,
LLP
■ Jeff B. Wieters, BS, RHIA, Department
Veterans Affairs
Utah
■ Victoria Holzman, Uintah Basin Medical
Center
■ Robyn Johns, Med USA Inc
■ Marie Smith, LDS Hospital
Vermont
■ Mary Lou Beaulieu, Northwestern Med Ctr
■ Robert Soucy, Retreat Healthcare
■ David J. Spielman, J.D., C.H.C., Paul,
Frank & Collins PC
Virginia
■ George Butler, Bon Secours Virginia
HealthSource
■ James L. Haines, American Healthcare, LLC
■ William Keating, Navigant Consulting, Inc
■ William T. Keevan, Navigant Consulting,
Inc
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
■ Katheine W. Keith, MHA, Inova Health Sys
■ Mary Laboy, Riverside Health System
■ Mary O’Bryant, Fauquier Hospital
■ David C. Pribble, Obici Health System
■ Robin Scott, Dept of Veteran Affairs
■ Debra Thompson, ValueOptions, Inc
■ Jean O. Worthman, VCO Medical Cntr
Washington
■ Bradley J. Berg, Foster Pepper & Shefelman
PLLC
■ Harold W. Brockman, MBA, Kittitas Valley
Community Hosp
■ Rob Brown, Univ of WA Medical Cntr
■ David L. Corn, Harrison Memorial Hosp
■ April Durland, First Choice Health
■ Brent R. Eller, Davis Wright Tremaine, LLP
■ Lisa George, Providence Everett Medical Ctr
■ Deborah Hassler, MS, Central Wash. Hosp
■ Debra Ann Jinkens, VA Medical Center
■ Christopher J. Knapp, Anderson Hunter
■ Debbie L. Miller, RHIT, Seattle Cancer Care
Alliance
■ Lori Nomura, Foster Pepper & Shefelman
■ Kim Oland, Virginia Mason Medical Ctr
■ Kate Riley, PhD, Univ of Washington
■ Bekki Sanchez, Harborview Medical Ctr
■ Debbie Sather, Group Health Cooperative
■ Beth Ann Saul, Seattle Cancer Care Alliance
■ Gayle Seyl, Virginia Mason Medical Ctr
■ Bradley Sharman, Jr., Virginia Mason
Med Cntr
■ Bill Smith, CliniTech Information Resources
■ Chuck P. Stillwaggon, Orthopedics
Northwest, PLLC
■ Susan Treiber, Ossur Generation II
■ Brandi Varnell, RN, Community Hlth Ctr
of Snohomish County
■ Robert Wamsley, AA, Empire Health Svcs
■ Becky Williams, Davis Wright Tremaine LLP
West Virginia
■ Carole A. Bachtel, VA Medical Center
■ Heather Caldwell, MBA, St Mary’s Med Ctr
■ Sara P. Marks, Ultimate Hlth Svcs Inc
■ Donna Perkins, VA Medical Center
■ Tara Steed Marsh, Univ Health Associates
Wisconsin
■ Judith Clay, VA Medical Center
■ Gail Coleman, Elder Care of Wisconsin, Inc
■ Nancy E. Faber, WI IL Senior Housing, Inc
■ Kathy Johnson, Dean Health Plan
■ Sheryl Krueger Dix, BSN, RN, CPHQ,
Froedtert & Community Health
January 2006
45

New HCCA Members ...continued from page 45
January 2006
46
■ Andrea McElroy, Beverly Enterprise
■ Kenneth Schelfhout, VA Medical Ctr
■ Steve Schreiner, MBA, MC Strategies
■ J Paul Spencer, CPC, CPC-H, Integrated
Billing Systems
Wyoming
■ Debra Cummings, Torrington Community
Hosp - Banner Health
■ Joseph Devin, Banner Health Washakie
Medical Ctr
■ Andy Fitzgerald, Campbell County
Memorial Hospital
■ Ed Johlman, Platte County Memorial
Hospital
The following individuals joined HCCA
between May and October 2005:
Alabama
■ Tedra Bonar, MSHA, MBA, HealthSouth
Corp
■ Connie Davis, Decatur General Hospital
■ Crystal Hicks, RN, MSN, CPC, UAHSF
Alaska
■ David Garrison, SEARHC
■ Teri L. Johnson, RT(R)(M)(CT),CNMT,
Alaska Open Imaging Center
■ Karen Pedersen, Southcentral Fondation
■ Aleita Sirevog, Ketchikan Indian
Community
■ Jeanette Pauline Stubbend, Southcentral
Foundation
Arizona
■ Lee Coffman, MAOM, Planned Parenthood
of Central & North AZ
■ Amber L A Iglesias, CPC, CPC-H, Univ
Physicians Healthcare
■ Roland Knox, Mt Graham Regional Med
Ctr
■ Nancy Milner, Yavapai Regional Medical
Center
■ Cheryl J. Murphy, Sierra Vista Regional
Hlth Ctr
■ Kristen Rosati, Coppersmith, Gordon,
Schermer, Owens & Nelson, PLC
■ Cynthia Sehr, Doctors Community
Healthcare Corp
Arkansas
■ Sandra Nugent, HSC Medical Center
California
■ Sunday Aigboboh
■ Veronica Angulo, MPH, Kaiser Permanente
■ Donovan L. Ayers, Blue Shield of CA
■ Ken Ayers, Kaiser Permanente
■ Lee Beck, Team Health
■ John Stanley Bokosky, St. Joseph Hospital
■ Anita Booker, MPA, San Mateo Medical Ctr
■ Robin Bowe, Kern Medical Ctr
■ Stephen Campbell, Cymetrix
■ Richard J. Carter, PhD, R Carter &
Associates
■ Nicholas R. Caster, BS, Palo Alto Medical
Foundation
■ William E. Chaltraw, Baker Manock &
Jensen
■ Jay D. Christensen, Christensen & Auer
■ Julianne Chun, City of Hope Nat’l Med Ctr
■ David Coronado, Navigant Consulting
■ Debra Dansky Pierce, Mact Health Board
Inc
■ Holly Delaney, CPMC
■ Dennis Demetre, AMG-SIU
■ Londa Freeman, Kaiser Permanente
■ Laurie P. Frye, MPH, Sequoia Community
Health Centers
■ Ana Marino Ghosh, Dept of Public Hlth,
City & Co of SF
■ Michael Gillis, UC Davis Medical Ctr
■ Geoffrey A. Goodman, Murphy Austin
Adams Schoenfeld, LLP
■ Rohit Gupta, Deloitte & Touche
■ Laurie Hanvey, Alvarado Hospital Medical
Center/SDRI
■ Lee Harrison, Pioneers Memorial Hospital
■ Sima Hartounian, Kasier Permanente
■ Karah Herdman, JD, Allergan Inc
■ Maureen Hewitt, Episcopal Homes
Foundation
■ Hilde Hithe, Kaiser Permanente
■ Leah D. Hunter, RN, BS, Livingston
Memorial Visiting Nurse Assoc
■ Claudia Kanne, Glendale Adventist Med Ctr
■ Arlette Kendall, North Bay Healthcare
■ Kate L. Kingsley, KLKingsley LLC
■ Harris F. Koenig, Centinela Freeman
HealthSystems
■ Andrea Kuhlen, Imperial County Behavioral
Health
■ Kofi Kyeremeh, Golden Technology, Inc
■ David M. Levine, UC Davis Health System
■ Rafael Eric Maristela, RHIT, CCS, Aptium
Oncology - Cedars Sinai Outpatient Cancer
Ctr
■ Jan Martin, County of Orange
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
■ Susan M. Muscarella, RN, Kaiser
Permanente
■ Matthew Navigato, Sinaiko Healthcare
Consulting Inc
■ Diane Ott, Kaiser Permanente
■ Laura Padilla, MHA, Kaiser Foundation
Operations
■ Kathy Perkins-Smerdel, BS, Pomona Valley
Hosp Med Ctr
■ Diane Petitti, Amylin Pharmaceuticals Inc
■ Karl Porter, CHC, Napa County Probation
Department
■ Gary Ray, Abramson Church & Stave LLP
■ May Rebischung, Kaiser Permanente
■ Jackie Rittenhouse, Kaiser, National
Compliance
■ Michele L. Robinson, Kaiser Permanente
■ John L. Rosenthal, LA Care Health Plan
■ Celia Ryan, RN, MSHA, Kaiser Permanente
■ Bophasy Saukam, San Joaquin Co
Behavioral Health Svcs
■ Marilyn Schmidt, Kaiser Permanente
■ Debra M. Schultz, Casa Colina Inc
■ Roxanne Shaw, Kaiser Permanente
■ Allan Siefkin, MD, Univ of CA Davis Hlth
System
■ Tracy L. Skinner, Kaiser Permanente
■ Randy Snowden, Health & Human Svcs
Agency
■ Maria Stauceanu, Care More Medical
Management Co.
■ Amy Tronolone, Dameron Hosp
■ Kelly L. Turner
■ Marisa J. Uribe, California Health Plan
■ Alicia Vasquez
■ Rebecca Velie, Evercare ASO Contracts
■ Dee Warrington, Lifemasters
■ Susan L. Waterman, CPC, CareMore
Medical Enterprises
■ Rachel Weber, Kaiser Permanente
■ Rita Williams, Kaiser Permanente
■ Karen Nicolai Winnett, Preston Gates &
Ellis LLP
■ Phyllis Marie Winston
■ Kelly Wittmeyer, Sutter Health
■ Kenneth Yood, JD, MPH, Paul Hastings
Janofsky & Walker ■

®
SMART2.o :
bringing HIM people
and HIM technology
together.*
On one side, it’s a technology solution. On the other, a service
solution. SMART2.o is more than a software tool, it’s a technology
solution designed to help you continuously assess coding
accuracy and data quality as an important part of your hospital’s
compliance program.
SMART2.o
For more than 15 years, we’ve worked with HIM professionals
providing affordable tools and services that help them with coding
accuracy, regulatory compliance, data management and reports
to monitor PPS requirements.
So, whether you look at your hospital’s compliance program from
a technology perspective or a service perspective, SMART2.o is
a very smart, very budget-friendly way to work.
To start an in-depth conversation about your particular needs,
contact Doug Barry at 866-792-4920 or visit pwc.com/healthcare
*connectedthinking
© 2005 PricewaterhouseCoopers LLP. All rights reserved. "PricewaterhouseCoopers" refers to PricewaterhouseCoopers LLP (a Delaware limited liability partnership) or, as
the context requires, other member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity. *connectedthinking
and SMART2.o are trademarks of PricewaterhouseCoopers LLP (US).

C ORPORATE C OMPLIANCE & ETHICS:
G UIDANCE FOR E NGAGING Y OUR B OARD
“This video provides an
overview of the Board’s
role in compliance.”
Odell Guyton
Senior Corporate Attorney,
Director of Compliance,
Microsoft Corporation
www.corporatecompliance.org
“It’s pretty clear that
the best compliance
program in the world
is meaningless, even if
it’s funded with a good
well-meaning compliance
officer, if the leadership
of the company is not
behind it and isn’t
supportive.”
Bringing the vision of
leadership together
with a compliant and
ethical culture
Honorable
Michael E. Horowitz
Commissioner, United
States Sentencing
Commission
ORDER TODAY!
Name:
Title:
Company:
Address:
City:
Total Payment $ ______________
Invoice Me
Purchase Order # _____________
Check/Money Order
VISA MasterCard American Express
Number
Exp. Date
Non-Members $395
SCCE/HCCA Members $345
State:
Phone:
Fax:
E-mail:
Mail to:
SCCE
5780 Lincoln Drive, Suite 120
Minneapolis, MN 55436
Phone: (888) 277-4977
Zip:
Name of Card Holder
Signature of Card Holder
Code: CT1104
Please make check payable to:
Society of Corporate Compliance and Ethics (SCCE)
FAX: (952) 988-0146
Online: www.corporatecompliance.org
E-mail: info@corporatecompliance.org