Q&A: Managing fraud and bribery risks in the healthcare sector
February 2015 | SPECIAL REPORT: CORPORATE FRAUD & CORRUPTION
Financier Worldwide Magazine
FW moderates a discussion on managing fraud and bribery risks in the healthcare sector between Wendy C. Goldstein at Cooley LLP, Brian G. Flood at Husch Blackwell LLP, Omid Yazdi at KPMG LLP, and Michael K. Loucks at Skadden, Arps, Slate, Meagher & Flom LLP.
FW: With billions of dollars being lost annually due to corruption and fraud in the healthcare and life sciences sector, what broad steps, in your opinion, can the industry and regulators take to tackle this massive, systemic problem?
Loucks: For companies within the industry, enhancing internal compliance reviews and regularly assessing and updating processes and procedures would go a long way toward mitigating the risk of fraud and corruption. There always will be bad actors, but making it clear that the company has a rigorous and ever-evolving compliance program in place can be a deterrent. For the government, sufficient resources should be dedicated to the investigation and fair prosecution of those who have engaged in corruption and fraud.
Goldstein: The industry and regulators must continue to collaborate on multiple fronts to ensure that existing laws are able to keep pace with innovation emerging in the healthcare and life sciences space. Specifically, legal, regulatory and compliance guidance must be provided to address the significant advances in science and healthcare technology. This can only be achieved with ongoing, open dialogue and communication between and among relevant public and private stakeholders including lawmakers, enforcement authorities and industry. Such an alliance will help to identify intentional wrongdoers from those that may make mistakes due to ambiguity. Resources would ultimately be saved.
Flood: The industry evolves daily, improving the way it analyses and uses claim data, divining price and paying for positive outcomes. We are leaving behind ‘per-click’ services. We are analysing patient payments to mitigate corruption and fraud in healthcare, for instance by abandoning a pay-as-you-go service approach in favour of bundled payments. We believe these broad steps will assist in improving both positive utilisation of services and blunt abusive tendencies. We have learned that higher utilisation may not always create either positive outcomes or measurable real value. As such, we are advancing data analysis, ‘weeding out’ malignant providers entering the market and examining those malignant providers in a post-payment stage, particularly for activity such as improper payments, over-utilisation, abuse or fraud. Evolving our approach has prompted reciprocal evolution among payers; they are recognising that developing payment motivation, through combined, bundled payments, will best change provider behaviour. We continue to be open-minded of ways to better pinpoint improper payments and over-utilisation.
Yazdi: The business model for the healthcare and life sciences sectors is heavily reliant on reimbursement from the government. However, the fraud and corruption risks are different in each sector. For example, the US government is the world’s largest buyer of goods and services including healthcare. At any given point in time, there is a large of number of outstanding applications for healthcare providers to become Medicare providers. The sheer number of the applicants makes it challenging for the government to dedicate the appropriate level of resources to perform the appropriate risk based due diligence on these providers. Conversely, for the life sciences sector there tends to be higher risk of corruption in developing countries. In the last five years there has been an increased focus by the US government on compliance with the Foreign Corrupt Practices Act (FCPA), and the industry has taken note of that by increasing its investment in its compliance programs.
FW: What are some of the common types of fraud and bribery that arise in this sector?
Goldstein: Common areas of fraud, waste and abuse in the life sciences space include interactions between and among the industry, the prescribers of items and the customers of such items. For those in the healthcare sector that bill the government by submitting claims directly, fraud, waste and abuse may arise with inappropriate billing or coding for items and services.
Yazdi: In the healthcare provider sector, the most common schemes are billing for services not rendered, billing for medically unnecessary services and upcoding, which is assigning an inaccurate billing code to a medical procedure to increase reimbursement. Other examples include theft of personally identifiable information to bill payers for services that were never rendered, such as hospital, ambulance and physical therapy services. On the life sciences side, in addition to the violation of anti-bribery laws, there continue to be violations of different anti-kickback statutes, as well as off-label marketing – the practice of the employees or agents of a life science manufacturer promoting a product for a use other than what the government has approved.
Loucks: A common example is the payment of a bribe to ensure that certain pharmaceuticals are being prescribed or certain medical devices are being used. Another common example is to bill for a service not rendered. Because most healthcare systems involve payment systems removed from the delivery of the healthcare, it is possible for someone to bill and get paid by an insurer for a fabricated service.
Flood: There are a number of common forms of abusive behaviour that result in civil or criminal fraud. Firstly, there are parties who intentionally over-utilise services without documented medical necessity, and those parties often foster improper relationships between prescribers of service and suppliers of goods or pharmacy products. Secondly, parties over-utilise medical supplies or pharmacy products and providers of services. Some misuse billing and coding by providers in order to raise reimbursement rates. Finally, systemic designs for patient steerage and medical population control are often created for higher utilisation rather than proper health maintenance.
FW: How widespread is awareness of fraud and bribery risks in this sector? How can companies promote a deeper understanding of the issue among their workforce?
Yazdi: There has been a significant improvement in increasing awareness in this area. Much of this improvement has been driven by the different law enforcement agencies prosecuting high profile cases, with many of them resulting in record level settlements. Increased governmental focus on life science companies over the last few years has resulted in a corresponding increase in the size and mandate of companies’ compliance departments. Today, the global employees of a typical large life science company probably have a basic appreciation for the regulatory framework they operate in, such as the FCPA and Open Payments – a US federal program requiring collection of information of the financial relationships between life science companies and healthcare providers. There are similar statues in countries like the UK, France, Australia and Japan, as well as industry initiatives like the European Federation of Pharmaceutical Industries and Association’s code on Disclosure of Transfers of Value from Pharmaceutical Companies to Healthcare Professionals and Healthcare Organisations. There is always room for improvement in enhancing training programs and tracking compliance. The question that will always be open to debate is how well those policies and guidelines are followed by those employees who keep the compliance departments and their advisers fully engaged in responding to incidents of misconduct.
Goldstein: Healthcare and life sciences companies are very aware of fraud, waste and abuse. Certain types of entities within this space are required by federal or state law to have compliance programs in place. For example, US federal law requires Medicare Part D plans to have compliance programs that address fraud, waste and abuse concerns. Manufacturers are required, by certain state laws, to have compliance infrastructures. The Department of Health and Human Services (DHHS) has issued voluntary compliance guidance and industry trade associations have model codes relevant to compliance. The Federal Sentencing Guidelines for Organisations, DHHS Office of the Inspector General Corporate Integrity Agreements, Deferred Prosecution Agreements and other consent decrees all raise awareness. Compliance at all levels of an organisation can and should be managed though the implementation of an effective corporate compliance infrastructure, that is not static, but changes with the business. This starts with the board of directors that sets the appropriate tone at the top, as the directors satisfy fiduciary duties.
Loucks: Every country prohibits fraud and bribery in the delivery of healthcare. There have been many prosecutions for bribery and corruption in various countries, and there have been US prosecutions for bribery in foreign countries. So, it can safely be said that awareness of the rules is widespread. However, the risk of prosecution is not uniform around the globe, and neither are the consequences of a conviction. While fraud and corruption are worldwide problems in the industry, some countries pursue offenders with greater diligence and resources. Companies can minimise these risks by educating their workforce on the applicable rules and then openly promoting the importance of adhering to compliance regulations. Corporate management should also instil a culture which supports disclosure of conduct that is not in compliance with either federal law or the policies of the company. If employees do not feel free and secure to tell management about misconduct by other employees, some will pursue other alternatives, including reporting conduct to law enforcement agencies, or, where a country’s laws permit, as in the US, become a whistleblower.
Flood: In some nations, including the US, there has been a concerted push for education around fraud and bribery in the industry. This push has been led by government and payers. Coupled with this agenda, there have been regulatory requirements of compliance programs and training. These initiatives have resulted in higher industry awareness of compliance and regulatory risks. Equally, heightened awareness has also begun to stimulate a cultural shift, moulding a culture that expects proper risk mitigation and controls to catch abusive and fraudulent payments. Meanwhile, other nations are studying these leading regulatory schemas to try to define a regulatory and compliance framework, one that will help to control payment risks in the healthcare industry.
FW: There have been calls for the establishment of a global health governance framework and the development of a treaty protocol to combat healthcare corruption. What is your reaction to such proposals?
Flood: I applaud the idea of worldwide payment transparency. Countries across the globe have struggled internally with creating these governance frameworks. The struggle is due likely to the complexity of healthcare, and the emotional responses that an allegation of provider abusive practices produces in the populace and in the governors. However, because of the regional variances in structure, population, health risks and fraud and abuse risks, a ‘one size fits all’ framework that could account for these wide variances is hard to imagine. Arguably, imposing a uniform framework would create more distress than a non-mandatory one. However a non-mandatory, working model that countries could refer to in order to build a foundation, or to draw from as a comparative example, ultimately creating their own functioning controls, could be successful. I do not believe developed partnerships exist that truly enhance global efforts for healthcare waste, abuse and fraud reduction. I do believe a dedicated partnership focused on this industry would benefit from the global reduction of this problem. The exchange of industry-tailored, specific information on best practices and intelligence regarding questionable activities would benefit the market as a whole to reduce improper or fraudulent payments.
Yazdi: Part of solving a problem is creating awareness. Any time an international group comes together to address a problem like healthcare corruption, that is undoubtedly a positive development. The challenge will always be the level of investment and attention to this made by the different countries. I have lived in Asia, Europe and the Middle East and appreciate the varying speed with which a governance model is first introduced, and how it is eventually adopted. Developed countries like the UK and US will always have higher expectations for faster implementation of such protocols while developing countries will generally have a harder task of first addressing some of the deep rooted corruption issues in their own country.
Goldstein: It is critical to ensure that a treaty recognises principles only. Differences in how global organisations operate and are structured, country by country, must be addressed and respected within any potential framework.
Loucks: There are many different healthcare delivery systems and legal enforcement regimes around the globe. This poses a huge challenge to administrators when attempting to create a single, effective governance framework. What will work in the US may not work in China and vice versa. Rather than wasting political capital and time on creating of a global governance framework, those resources would be better directed at improving the level of global enforcement of existing laws against corruption. Laws that exist but are not enforced invariably become laws that are not obeyed. Obeying an unenforced law can create a competitive disadvantage if one’s competitors engage in bribery without a realistic fear of prosecution.
FW: What practical processes can companies implement to develop internal checks and controls to reduce incidents of fraud and bribery within their organisation?
Yazdi: A practical compliance program has a number of elements that include an appropriate tone at the top, meaningful policies and procedures, communication and training, due diligence on third parties and appropriate auditing and monitoring. Today it is common practice for a global life science company to engage with third parties to conduct and sometimes facilitate its business. But in today’s environment, working with the wrong third party or business partner could result in incidents of fraud and bribery initiated by that third party. That is why creating an appropriate process to perform third party due diligence has become paramount and an area of significant investment for compliance departments. More and more companies are enforcing their anti-bribery and corruption contractual audit rights with their joint venture and third party partners and are requesting access to their books and records.
Flood: There are multiple, exemplary processes from which to draw. The Health Care Compliance Associations (HCCA), the Committee of Sponsoring Organisations (COSO), the Association of Inspectors General (AIG) and the American Health Care Lawyers Association (AHLA) are suitable places to begin research. Each company must do a stringent evaluation of its risks, as well as those risks created by its business model and the geographies it serves. After stratifying these risks, healthcare companies must set out on the path of creating reasonable policy and physical controls that reduce risk exposure and identify post-payment issues for litigation or recovery. Each company must learn from these functions and update those processes in a rolling progression to fit new risks.
Goldstein: Effective corporate compliance infrastructure must be implemented. The internal checks and controls employed by firms should address seven or so key areas – compliance officers and committees, policies and procedures, training, open lines of communication, management and board, auditing, monitoring, corrective action, and disclosures. No one size fits all. Each organisation is unique and must invest in resources to set a program up for success. The culture of an organisation must be aligned with the program.
Loucks: A strong and robust compliance program is critical, coupled with a culture that encourages employees to obey the law and to report violations to the company’s compliance office. The company must couple its compliance program with definitive actions when employees are found to have violated a law. Nothing sends the message more that upper management does not tolerate violations of bribery laws than the termination of those who have engaged in such activity.
FW: How confident are you that the spread of domestic and international healthcare corruption can be reversed? Are domestic, international, public and private entities ready, willing and able to address the wide ranging issues associated with healthcare corruption?
Goldstein: Ethical organisations that invest in building and maintaining a unique infrastructure, with a mission that seeks to do the right thing, are, in fact, working toward a common goal of eliminating corruption. However, there may always be accusations of corruption from current or former employees, given the financial incentives to suggest that corruption exists.
Yazdi: The issue of healthcare corruption is complicated due to the inherently large size of the sector, the government’s unique role in providing reimbursement to the sector, and the overall increase in demand for healthcare services and products due to a global aging population. The good news is that today there is more awareness than ever before that corruption, by its very nature, is a debilitating disease that will stunt the growth of developing economies. Thanks to the efforts of organisations like Transparency International and the OECD, we hear less of an argument that paying bribes is a cultural norm and creating laws to combat it is an overreaction by the more developed countries. As a whole, the dialogue and perspectives on corruption have changed and it is likely that we will see the emergence of a positive trend. In the meantime, all of us in this profession have a significant amount of work in front of us.
Loucks: Bribery and corruption are as old as human civilisation, and will always exist. Rational and clear legal structures are critical in order to prohibit such conduct and fair and impartial enforcement of those who violate the rules is the most effective deterrent. A global organisation with only the power of the bully pulpit cannot effectively change patterns of corruption and fraud in the delivery of healthcare in a country that doesn’t effectively enforce its own laws, or fairly and impartially enforce its own laws.
Flood: Achieving the aim of reversing the spread of healthcare corruption involves pooling together coordinated resources, legislation, governmental support and industry integration. We carefully appropriate resources to control risk and bolster market viability and strive toward cooperation and communication. It is important to remember that providers need tools, such as proper market controls, reasonable rules for payment, and assistance from payers and government to eliminate fraudulent competition. The industry evolves daily. It becomes more sophisticated in the way it analyses and uses claim data. Corruption evolves, but so do the methods of curbing it. Of course, quelling healthcare corruption is a priority – but it is also a necessity. Healthcare corruption is crippling. It undermines market viability and destabilises market equilibrium. Fraudulent activity creates not only loss but also competition for payments, which saps both payers’ ability to pay and providers’ ability to serve. Corruption is complex and its effects are wide reaching. Reversing corruption will take time.
Wendy C. Goldstein is a member of the Cooley business department and is a partner in the firm’s Health Care & Life Sciences Regulatory practice. She is resident in the New York office. Ms Goldstein’s practice concentrates on healthcare fraud and abuse and government healthcare program matters relevant to manufacturers, payors and other ancillary providers in the healthcare life sciences space. She also represents those entities that invest in such concerns. She can be contacted on +1 (212) 479 6575 or by email: firstname.lastname@example.org.
Brian G. Flood is a partner at Husch Blackwell LLP in the Healthcare, Life Sciences & Pharmaceuticals industry. He has been a prosecutor, regulator, consultant for government and industry, expert and counsel. He has served on multiple boards of directors and worked with Fortune 100 companies. He is certified in Health Care Compliance, CHC, Certified Inspector General, CIG, and Accredited Health Care Fraud Investigator, AHFI. He can be contacted on +1 (512) 370 3443 or by email: email@example.com.
Omid Yazdi is a partner in the Los Angeles office of KPMG LLP’s Forensic Advisory Services and has over 20 years of international experience assisting KPMG’s clients with anti-bribery and corruption services, forensic accounting investigations, fraud risk management, litigation advisory services and financial statement audits. He is a Certified Public Accountant and a Certified Fraud Examiner. He can be contacted on +1 (213) 430 2119 or by email: firstname.lastname@example.org.
Michael K. Loucks, a nationally recognised healthcare fraud prosecutor, joined Skadden, Arps, Slate, Meagher & Flom LLP as a litigation partner in the Boston office in July 2010. With 25 years in public service, Mr Loucks most recently served as acting US attorney and first assistant US attorney for the District of Massachusetts, where he led major criminal and civil investigations, as well as many of the most high-profile healthcare fraud prosecutions of the past two decades. He can be contacted on +1 (617) 573 4840 or by email: email@example.com.
© Financier Worldwide