Barry Posner and Tama Kudman, partners at Kudman Trachten Aloe Posner LLP, spoke to us about maintaining effective compliance programs in the healthcare sector.

We discussed the importance of developing a strong organizational culture of compliance from the top down, led by senior management and supported by experienced compliance and legal professionals.

Kudman and Posner represent healthcare providers in complex, high-stakes litigation involving alleged fraud, waste, and abuse under the federal Anti-Kickback Statute and the Stark Laws. They also advise and assist healthcare clients in a range of commercial and transactional matters.

Both are highly experienced attorneys with over 50 years of combined expertise in the healthcare sector.

We discussed common types of fraud in healthcare, and strategies to prevent it, last week.

Good compliance

“The absolute worst and most ineffective compliance program is something that is ‘off the shelf,’ and sits in a drawer collecting dust. Somebody goes online, distributes it to their employees and then everybody puts it into a desk and says, ‘Oh, we have a compliance program.’ That is not an effective compliance program,” said Posner.

Kudman added: “The best way to create an effective compliance program starts with the management team, hopefully under the supervision of an experienced compliance lawyer.

“The team, with the support of their compliance counsel, needs to really dissect their business, sitting down in a room with the CEO, the CFO, and the people who really are doing the work to understand where the risk points in a business are and where things can run afoul. That’s from the finance, sales operations perspectives, and creating a system of rules and checks and balances in order to prevent and prohibit wrongful conduct.”

In Posner’s view: “You need to fully examine the risk points and come up with business-specific and industry-specific issues and then address those issues through your compliance program.

“The next point starts in the C-suite. The CEO, the CFO, the COO and the head of sales truly need to be committed to the creation of a culture of compliance; without that culture, issues are dismissed, and people become uncomfortable reporting compliance issues.

“In addition to having a compliance officer, healthcare companies should also have an anonymous compliance hotline that every employee knows exists, and that they should be reminded to use. A culture of compliance should applaud employees for appropriately reporting matters to the compliance officer, in person or through the hotline.

“And it’s important to review compliance programs intermittently. I think every six months would be a lot, but typically companies should be reviewing at least annually. A big ‘unless’ is if you’re starting a new business line, new business division or a new venture: that obviously should go through the same degree of scrutiny that the entire business had when you created your program or when you started your business,” Posner stated.

OIG guidance

“The OIG’s [Office of Inspector General’s] compliance outline comprises several factors,” Kudman explained. “It [refers to] implementing written policies and procedures, governance and oversight, effective training and education, effective lines of communication, which goes to what Barry was talking about in terms of having the compliance officer and encouraging employee feedback, regular internal auditing and monitoring.

“And that could include having in-house counsel or effective non-in-house counsel that is on speed dial, and enforcement and disciplinary guidelines along with prompt responses.

“It can’t just be somebody picking up the phone and calling to report an issue and you say, ‘Thank you very much for reporting this,’ and then do nothing. Because if employees get the sense that this is not a living, breathing compliance program, and that you’re saying one thing, but you’re really winking and nodding at them because, hey, maybe what you’re doing is not compliant, but it’s bringing in a lot of business, and we’re going to reward you for that, then you don’t get any benefit if your business runs afoul of the law. Right?

“The absolute worst and most ineffective compliance program is something that is ‘off the shelf,’ and sits in a drawer collecting dust.”

Tama Kudman, partner, Kudman Trachten Aloe Posner LLP

“All of this is to say that the government must be satisfied, and you as a business owner must also be satisfied, that not only is your business saying you’re trying to be compliant, but that you’re taking all the steps necessary to ensure compliance.

“Everybody knows that healthcare is laden with a million rules and regulations but what the government wants to see and what a business owner should want to create, is an atmosphere of compliance where when mistakes are made, they can be identified, examined, and addressed.

“As a defense lawyer, I want to be able to advise the government that, ‘We have a living breathing compliance plan. We have implemented all seven of these elements of a good compliance plan. Maybe something fell through the cracks, maybe mistakes were made, but it certainly wasn’t because we were not trying,’” Kudman explained.

Posner added: “Each year, the Department of Health and Human Services [HHS] puts out its ‘work plan’: essentially, it describes where it will be focusing its attention, enforcement or otherwise, in the coming year. It’s important to pay attention to this in terms of your compliance plan and corporate conduct.”

Effective training

“Training is critically important,” Posner said. “This is going to sound very old school; I’ll probably date myself. I personally have a strong preference for live training, when cost effective and practical.

“And look,” he added. “If you have 2,000 people in 1,000 offices, that obviously doesn’t work. But if you’ve got four facilities with 500 people, it can definitely work.

“There is real value to sit looking people in the eye and walking them through real-life issues and how regulatory and compliance issues can arise; many healthcare practitioners that were committed to compliance would approach me after the training to say ‘You brought something up, Barry… we had this situation last month where the following happened, is that OK?’ Live training provided people with an avenue to not only feel like their concerns were being heard, but also experience them being addressed.”

General counsel and compliance officers

Posner highlighted the risk that could crop up when counsel serves in a compliance function.

“One of the government’s concerns with counsel, and one of the great, sorry for the reference, ‘bozo no-nos’ of compliance is where companies have their general counsel, or an attorney, serve in the role of a compliance officer. That is an absolute no-go. The concern from the government’s perspective is that the general counsel and attorney-client privilege is being used to cover compliance issues.”

Kudman added: “The essence of compliance is candor and openness and providing information to the government. If attorney-client privilege is used to thwart that, you cannot possibly have an effective compliance program. You can’t take cover under an in-house counsel to participate in fraud because there is a crime-fraud exception which negates the privilege. There is no privilege for a participant in the fraud. So, if in-house counsel is being used as sort of a yes person to facilitate the fraud, there is no cover.

“Generally, the recommendation would be twofold. If you’re going to have in-house counsel, you also have outside compliance counsel. In-house counsel can only do so much, and it’s predominantly because of this concern. Additionally, you want employees to be candid.

“I agree with Barry completely. We do see situations where the government’s approach is, but yeah, you had counsel, but you were in essence using them as cover. And we see that theme very often. People say, ‘Wait a minute, I had in-house counsel. He was a lawyer. They were general counsel; they were in-house; and they saw everything that was going on and being used to bless it.’

“An ‘advice of counsel’ defense is only available where counsel is adequately apprised of all pertinent facts. So, again, it is essential that people who are seeking advice of counsel with respect to, for example, setting up a marketing plan, be open about what they want to do and are intending to do. It is also essential that the advice be fully followed. You can’t veer from any legal advice, because if you do, that becomes evidence that you intended not to follow advice of counsel. The fact of non-compliance with attorney advice can be used as evidence of bad faith and intent, potentially,” she said.

“Healthcare companies should also have an anonymous compliance hotline that every employee knows exists, and that they should be reminded to use.”

Barry Posner, partner, Kudman Trachten Aloe Posner LLP

Posner added: “There is an interesting point here, and I’ve seen it in a different context, and it’s cut both ways. One is the ‘I’m moving at 500-miles-an-hour-and-I’m-not-thinking’ executive, and there’s the more nefarious executive that asks one set of questions intending to do something different.

“Sometimes you give advice based on a certain set of facts, and either unwittingly or intentionally, the business process or plan changes after the fact. ‘But I spoke to my lawyer,’ they say. And some of it is fully innocent because as they were creating their recipe, they changed a few ingredients, but they didn’t stop to take a moment and reflect, ‘OK, well, do these changed facts create any potential exposure, liability, or compliance concerns?’

“Others ask you the question under a set of facts and then do something else, and will say, ‘But I asked my lawyer.’ Obviously, the former is innocent, the latter not so much.”