Information-blocking compliance perpetually changes. Learn how to build a compliance culture across IT, HIM, privacy, legal, medical, and nursing.
Continue readingSolving the info-blocking compliance puzzle takes ongoing team effort
How value-based reimbursement is shifting information-blocking paradigms
For value-based care, avoiding information-blocking isn’t enough
Continue readingSix key steps to reduce the impact of telehealth audits
Telehealth is almost as old as the telephone itself. In 1879 – just three years after Bell patented the telephone – an article in Lancet described the concept and advocated its adoption.
A law that’s even older can trigger many telehealth audits today. The 1863 False Claims Act (FCA) was enacted to keep profiteering contractors from defrauding the Union army. It can trigger serious problems for hospitals that don’t take proactive steps to make sure their telehealth practices are audit-proof.
That’s because the 2010 Affordable Care Act updated the FCA to make healthcare providers liable for “retention of any overpayments” from Medicare and Medicaid. This even includes overpayments resulting from accident or error. Indexing penalties for inflation each year, a requirement added in 2015, increased hospital liabilities. This puts liabilities at three times the amount of the overpayment(s) plus $11,803 to $23,607 for each instance. (Some 29 states and the District of Columbia have additional False Claim laws.)
These laws’ implications and requirements touch every part of the hospital. Keeping the whole organization in compliance means that all departments have to work together.
New laws, new regs, new worries for telehealth
Even before COVID, the government audited claims from what was then a smaller, rural telehealth system. Regulators found a trend of incorrect payments to doctors outside rural areas, who were therefore ineligible to receive them.
Telehealth is on the latest Office of the Inspector General (OIG) work plan, too. The OIG will be addressing remote patient monitoring by telehealth as an area of concern.
The public health emergency, with its series of 90-day waivers, made it possible for telehealth to grow so fast. Now, as the COVID emergency ebbs, Congress is considering making its current, expanded status permanent. (Two bills were introduced in May. One would enable audio-only telehealth services for Medicare enrollee. The other would expand telehealth for Medicaid and Children’s Health Insurance Programs.)
That’s good. But with laws come regulations covering acceptable types, locations and forms of delivery of telehealth services. And with regulations come scrutiny and audits. That can create challenges, especially with the specter of FCA liability in the background.
The best way to cope with audits is to prevent the need for them in the first place. Here are six steps to follow:
- Know what you’re up against. Keep up to date with all the developing federal and state regulations, waivers, and other requirements. That in itself can take up most, if not all, of your personal and your compliance team’s time.
Related: Find out how a team of expert compliance professionals and a nationally respected law firm track and analyze the latest regulatory changes, keep you updated, and give you actionable ways to adapt your process.
- Inventory your waivers. Which waivers do you rely on, in which departments and facilities? Do the providers and staff that they apply to know about them? And who makes sure the requirements are met and documents it?
- Check your records. One of the biggest causes of noncompliance isn’t malice. It’s error. Did an accidental typo in Coding result in an incorrect claim? Does everyone in Billing know which states require what reimbursement levels for telehealth services? Are certain telehealth records missing? Who’s responsible for keeping the signed doctors’ orders and documents that establish medical necessity? Do patients and services meet billing guidelines? Do you have a telehealth compliance policy? Does it need changing? Start conducting spot-checks to find out.
Related: Find out about state requirements for telehealth billing.
- Audit your process. Another big cause of noncompliance is miscommunication – particularly the assumption that someone else is taking care of something. So put together an internal audit team, with each department represented. That way, each can learn from the other. Hold an entrance conference to highlight what you learned from your spot checks, define the internal audit’s scope, set expectations, and assign specific tasks and timelines.
- Fix whatever’s broken. Reconvene the internal audit team and communicate the findings. Together, use that input to find opportunities to correct or cure what’s wrong in your process. Then, create a Corrective Action Plan (CAP) that will include needed education, training, policy, and process changes. Monitor your CAP over time, to see how it’s working and to spot anything else that needs fixing.
- Rebill and repay. If your internal audit and CAP were successful, you’ll have discovered missing or insufficient documentation. Report it. You may have also have found instances of incorrect payments. Rebill and repay. Yes, it will cost your hospital money. But not nearly as much as a full-blown government audit. A Department of Justice investigation could end up costing you time, legal fees, and FCA triple damages.
Patient demand for telehealth isn’t going away. Neither are the costs of noncompliance with telehealth regulations. As the public health emergency expires, fines from regulators and denial of claims from payers are sure to add up. The best way for your healthcare organization to solve these potentially massive financial problems is to work together to prevent them. Proactively partnering with colleagues in all relevant departments, your compliance team can lead the efforts to identify and fix issues before they become major problems. That way, you’ll be able to provide the telehealth services patients want in compliance with what the regulations demand.
It’s a big effort to keep your compliance champions connected and communicating. See how YouCompli can help you manage the rollout of new regulations and verify best efforts to regulators and your board. YouCompli is the only healthcare compliance software combining actionable regulatory analysis with a simple SaaS workflow.
Take as directed: Medication compliance and the Compliance office
Working toward higher rates of patient medication compliance is a critical component of patient care. That includes communicating what the medications are, what they do, and how to take them. Providers are keen to ensure they provide clear directions and to be sure patients can pay.
It’s no wonder they take such care: Each year, about 125,000 Americans die due to poor medication adherence, according to the American Heart Associationi. Improper compliance practices come with a hefty price tag of $528 billion in annual expenses, according to a 2019 OptimizeRx surveyii.
What’s more, medication mismanagement is a strong predictor of hospital readmission rates. Individuals who failed to take prescribed medication as directed had a 20 percentiii chance of hospital readmission within 30 days, compared to 9 percentiv for patients who take meds as directed. For the compliance officer, keeping hospital readmission rates low is crucial to avoid wasteful spending, per the Centers for Medicare and Medicaid guidelines.
So many factors contribute to whether a patient properly follows through with medication instructions. Providers and administrators alike do their best to put systems and communications in place that make compliance easier. While not within a compliance officer’s direct control, there are policies and procedures that can help hospitals comply with CMS requirements to lower readmission rates. This helps facilitate better health outcomes and increased quality of life for patients.
So how can you ultimately help patients improve medication management skills? Here are a few tips you can include in your medication compliance plan to help reduce readmission rates.
Discuss side effects
Patients who experience side effects may stop taking their medication altogether; without discussing this decision with their healthcare provider.
That’s why it’s so important for doctors to discuss common and possible side effects with patients.
Work with healthcare providers at your facility about how they can discuss any treatment plan changes to lessen the chances of side effects. Make it known that the treatment plan may include adjusting the dosage or changing the medication altogether. Cut Out Distractions
According to BMC Health Services Researchv, three out of five patients often forget to take their medication.
Are distractions the main culprit? Encourage providers to discuss the importance of taking meds at the same time each day.
Maybe patients can use a cell phone alarm to set up reminders. Taking multiple medications at different times? The workaround may be to set other alarm times for numerous times during the day.
To make things even easier on patients, providers may consider prescribing once-daily medications.
Providers may consider collaborating with the patient on the best time to take the medications when distractions are at their lowest.
Money worries
Sometimes the issue of medication compliance comes down to cost. About 70 percentvi of physicians link high prescription costs to a lack of medication adherence.
To save money, they may ration meds or not take them at all.
In a study published in Circulation, viione in eight patients with heart disease didn’t take prescribed medication because of the expense.
Luckily, there are resources such as GoodRx, an app that allows anyone to shop at local pharmacies for the lowest prescription medication prices.
Doctors can also prescribe generic versions of meds whenever possible to cut back on costs.
Communicate more
Poor communication is a deterrent to medication compliance, which is in turn linked to poor health outcomes.
Fortunately, Motivational Interviewing can help. With Motivational Interviewing, health care providers are encouraged to ask open-ended questions beginning with What, Why, How, and When during discussions about medication usage. This technique is shown to improve behavioral change and adherence, as reported in Perspect Public Healthviii.
This PDF by The Motivational Interviewing Network of Trainers provides more information on motivational interviewing.
Medication compliance helps patients experience better health outcomes, reducing readmission rates and helping the hospital avoid tripping CMS’s indicators for fraud, waste and abuse. While much of the responsibility lies with the patient, hospital policies and procedures can help ensure the patient has the best possible chance to understand and comply with medical guidance.
YouCompli helps healthcare facilities know about regulations, decide if they apply to them, manage policy and procedure rollout, and verify compliance efforts. Learn more
i American Heart Association
ii OptimzieRX survey
iii 20 percent
iv 9 percent
v BMC Health Services Research
vi 70 percent
vii Circulation
viii study
Regulatory change management is critical to effective enterprise policy management
Managing and responding to regulatory change is a significant effort for healthcare institutions.
Continue readingTelehealth compliance considerations: looking ahead
Telehealth seems to be here to stay, even as the Coronavirus pandemic begins to recede in the United States. It’s a good time for healthcare institutions to make sure their telehealth practices hold up outside of emergency circumstances.
From a compliance perspective, that means patient privacy and technology, valid consent for treatment, visits with minors, and interstate care.
Patient privacy in telehealth
Patient privacy is just as important in telehealth as it is for in-person visits. This includes ensuring the provider conducts visits in a private space and documenting the visit in a secure medical record.
During the Coronavirus national public health emergency, the federal government has some enforcement discretion with telehealth. Regulators can choose not to impose penalties for Health Insurance Portability and Accountability Act (HIPAA) violations if they see that a provider took precautions to protect patient privacy provider. Good faith might mean using a platform like Microsoft Teams, Zoom, or WebEx and patient-specific passcodes – and still having a privacy breach. In a case like this, the regulator has the discretion not to impose fines under HIPAA.
Consents and visits with minors
Developing a process to obtain consent to treat before the first visit can help you comply with consent requirements. This may include mailing or securely emailing the consent to the patient (or parent or legal guardian) the week before the telehealth visit and having the patient send it back. This gives the provider time to answer the patient’s questions about consent for treatment.
For urgent telehealth visit, make sure there are policies in place to address telephone/verbal consent or to obtain two provider consents. If your system allows, you may be able to electronically send the consent. The patient can sign it online so you can add it to the electronic health record.
Whatever method to obtain consent your organization chooses, ensure there is a policy addressing the proper procedure and educate the team on the policy.
For telehealth visits with minors, try to follow the same process as for in-person visits. That means you should obtain the consent to treat and have it signed by a parent or legal guardian. Then have the parent or legal guardian attends the telehealth visit with the minor patient. This way diagnosis, care, and treatment plan can be discussed with the patient and the parent or legal guardian at the same time.
Crossing state lines for telehealth
Things to consider if the patient and provider are not conducting the telehealth visit in the same state:
- Licensing: Some state licensing boards have reciprocity. Some may not require an additional license in compact states while others may require a temporary or actual license to provide care in that state. This often applies to care provided via telehealth.
- Prescriptions: Can you prescribe across state lines? Avoid compliance issues by sending the prescription to a pharmacy in the provider’s “home” state. Then have the patient request a pharmacy-to-pharmacy transfer of the prescription.
- Your insurance: Does your medical professional liability (MPL) insurance provide coverage if you are out of state? How about if the patient is located outside your “home” state? Contact your MPL insurer to be certain you have coverage in the event of an out of state lawsuit.
- The patient’s insurance: What will the patient’s insurance cover for visits conducted out of the patient’s “home” state? Be sure to verify this before the patient’s telehealth visit to ensure proper billing and reimbursement for the visit and to decrease billing denials.
Considerations for adding telehealth as a service line
There are resources available for organizations considering adding telehealth as a permanent service line. YouCompli can help you understand which regulations apply to you, stay on top of changes, and manage implementation.
You can also find many free resources online:
- Foley & Lardner’s Telehealth Compliance Checklist from Foley & Lardner
- Adelade provides a free state-level telehealth regulation guide with additional compliance topics to consider
For many types of visits, patients love the option of telehealth. As providers work to be sure that they continue to deliver quality care, Compliance teams have an equally big job to be sure the systems and processes are in place to support that experience.
Keep on top of regulations affecting telehealth and making sure those regulations are translated into policies and procedures that affect patient care. YouCompli customers have access to notifications about changes to regulations, resources to inform policy and procedure updates, and tools to track compliance. Contact us today to learn more.
Denise Atwood, RN, JD, CPHRM is the Chief Risk Officer at District Medical Group (DMG), Inc., vice president of DMG Insurance Company (DMGIC), and owner Denise Atwood, PLLC.
Disclaimer: The opinions expressed in this blog are the author’s and do not represent the opinions of DMG.
Denise Atwood, RN, JD, CPHRM has over 30 years of healthcare experience in compliance, risk management, quality, and clinical areas. She is also a published author and educator on risk, compliance, medical-legal and ethics issues. She is currently the Chief Risk Officer and Associate General Counsel at a nonprofit, multispecialty provider group in Phoenix, Arizona and Vice President of the company’s self-insurance captive.
Organization Liability: Impact and Risk Mitigation (Part II)
Impact of Risk Liabilities
Unmanaged or poorly managed risk can cause devastating effects to the organization from a reputational and financial perspective.
An extreme example of financial risk, coupled with nationwide reputational risks, was the Tylenol case in the 1980’s. The New York Times describes how, in 1982, Extra-Strength Tylenol capsules were tampered with and laced with potassium cyanide. Seven people in the Chicago area died and copycats caused several more deaths across the U.S. As a result of those incidents, tamper-resistant packaging was created and implemented so over-the-counter products, such as Tylenol, could not unknowingly be laced with a poison which could cause injury or death.
Despite the fact that the manufacturer had not introduced the poison, this event led to huge financial and reputational liability for McNeil Consumer Healthcare, the makers of Tylenol. On just the financial side, this cost a considerable amount of money due to decreased sales and increased advertising costs.
As this example demonstrates, financial and reputational risk for an organization in the healthcare field can have disastrous consequences that threaten to bankrupt or put the organization out of business. If the event or incident is sufficiently egregious, the organization could also face loss of accreditation or state licensure. If this happens, they may also lose Medicare and Medicaid contracts.
Risk Mitigation
Proactive risk mitigation strategies include transfer of risk, through such vehicles as contracts and insurance, and early reporting of incidents or events by staff.
Transfer of risk in contracts in typically done with indemnity or hold harmless clause. Transfer of risk via insurance is done by ensuring the organization has adequate coverages and retentions to meet the organization’s needs.
The intent of an indemnity clause is to transfer the risk of financial loss from one party to the agreement to another party to the agreement. Generally, this is financial losses or expenses caused by contract breach or default, negligence, or misconduct by one of the parties.
Hold harmless language in the contract states one party will not hold another party responsible for potential risks or damages. Hold harmless clauses can be unilateral and apply to just one of the parties to the contract or can be bilateral and apply to both parties to the contract. Typically, bilateral hold harmless language is preferred for healthcare organization contracts because each party will assume their own risk and not sue the other party to the contract for the risk which was assumed.
Early reporting by staff is crucial in order to ensure that appropriate action, discussion, documentation and reporting takes place. Most importantly, this is necessary to ensure that risk mitigation strategies can be implemented to eliminate or decrease risk to the organization.
PRACTICE TIP:
- Develop and conduct risk assessments of insurance policies and large contracts to identify areas for improvement.
- Review contracts to ensure indemnity or hold harmless clauses have been included. If not, add the clauses on renewal.
- Work with Risk Management to conduct a risk assessment to evaluate organization risks and implement mitigation plans.
Denise Atwood, RN, JD, CPHRM
District Medical Group (DMG), Inc., Chief Risk Officer and Denise Atwood, PLLC
Disclaimer: The opinions expressed in this article or blog are the author’s and do not represent the opinions of DMG.
Denise Atwood, RN, JD, CPHRM has over 30 years of healthcare experience in compliance, risk management, quality, and clinical areas. She is also a published author and educator on risk, compliance, medical-legal and ethics issues. She is currently the Chief Risk Officer and Associate General Counsel at a nonprofit, multispecialty provider group in Phoenix, Arizona and Vice President of the company’s self-insurance captive.
Sign-up for the YouCompli Blog to Stay Up to Date on Compliance Related News!
Manage your healthcare regulatory change process effectively and efficiently
YouCompli enables the compliance officers to assign ownership and oversight of tasks to different department heads, functional leaders, or specialists. The solution prompts users to accept, reject, or reassign the task by a stated deadline. Manage the rollout and accountability of new requirements with the best workflow in the business.
Organization Liability: Types of Risk (Part I)
Risk is an important concept for compliance professionals working in the healthcare space to understand. After all, there are many times where risk and liability have crossover to compliance.
For example, in response to a suspected email or electronic health record breach, compliance and risk professionals will need to work together. This work will include:
- Evaluating the breach
- Reporting to the insurance carrier
- Collaborating with a breach coach or legal team to ensure the investigation meets legal requirements and timelines
- Collaborating with the information technology team and a forensics firm to ensure risk mitigation strategies are implemented and effective
And so on.
Generally speaking, healthcare compliance professionals should have a good working knowledge of organization risks and liabilities, as well as risk mitigation strategies.
This raises two important questions:
- What areas of risk do healthcare organizations face?
- What are the potential liabilities related to unmanaged or poorly managed risk?
Areas of Risk for a Healthcare Organization
Areas of risk for a healthcare organization are vast, and can involve injury to persons, property and reputation. Several areas of risk include:
Patient safety risks
These include near misses, which are mistakes which almost make it to the patient, as well as events or incidents that do make it to the patient, causing the patient to experience an unanticipated outcome such as a longer hospital stay, disability or death.
For example, a nurse may realize before giving a vaccine to a child that the adult vaccine and dose was drawn up in the syringe instead of the pediatric vaccine and dosage. This would be a near-miss. Along those same lines, a mistake occurs if the adult vaccine dose is actually administered to the child and an allergic reaction occurs.
Operational risks
These include such things as business interruption or supply chain issues. Business interruption incidents may include fire, flood, or pandemic. If the electronic medical record system goes down, and staff have to chart by hand on paper, this would be a business interruption. Supply chain issues can occur due to higher than normal demand or decrease in output by the manufacturer. If an organization cannot obtain needed supplies – such as hand sanitizer or surgical masks – that would be an example of a supply chain issue.
Legal risks
These typically involve lawsuits filed against the organization. Most commonly, lawsuits result from allegations of inappropriate employment practices or medical negligence or malpractice. For example, if a child had an allergic reaction after receiving an adult dose of a vaccine and unfortunately passed away, the parents may file a lawsuit alleging medical malpractice or negligence on behalf of the organization, the provider or the nurse who administered the incorrect vaccine.
Insurance risks
Insurance risks generally stem from a lack of adequate or appropriate insurance coverage or failure to transfer risk. Insurance risks can also connect to legal risks, which can stem from contracts with inadequate risk transfer or failure to conduct due diligence to vet the vendor. In the case of a pandemic, healthcare and other organizations may not have realized that pandemics and resulting business closures may be excluded from their business interruption insurance policy.
Human capital risks
These encompass the inability to hire, contract or retain appropriately trained staff. A lack of ICU level nurses causing staffing shortages would be an example. Human capital risks can also include professional board or licensing complaints against the organization’s doctors, nurses, therapists, or other licensed staff.
Reputational risks
Reputational risks are often forgotten or invisible to an organization until a bad event happens and it is announced to the public – at which point it is too late.
Reputational risk used to be limited to bad publicity which was published in print or reported on television. However, with the increased acceptance and use of social media, reputational risks are more far-reaching than the local newspaper or evening news program, and could potentially have national reach and negative impact on the organization . A newspaper may not run a story about a child who received an incorrect vaccine, but the child’s mother could post to Facebook or other social media platforms that the organization and providers are terrible and not to be trusted.
Practice Tips:
- Schedule a meeting with your insurance broker to evaluate your insurance policies by product line (i.e., general liability, property, cybersecurity, etc.) to ensure the organization is adequately covered to protect against most business losses.
- Educate staff to ensure they know how and where to report near-misses and mistakes that occur in the organization.
- Work with Risk Management to conduct a risk assessment to evaluate organization risks and implement mitigation plans.
Denise Atwood, RN, JD, CPHRM
District Medical Group (DMG), Inc., Chief Risk Officer and owner of Denise Atwood, PLLC
Disclaimer: The opinions expressed in this article or blog are the author’s and do not represent the opinions of DMG.
Denise Atwood, RN, JD, CPHRM has over 30 years of healthcare experience in compliance, risk management, quality, and clinical areas. She is also a published author and educator on risk, compliance, medical-legal and ethics issues. She is currently the Chief Risk Officer and Associate General Counsel at a nonprofit, multispecialty provider group in Phoenix, Arizona and Vice President of the company’s self-insurance captive.
Sign-up for the YouCompli Blog to Stay Up to Date on Compliance Related News!
Manage your healthcare regulatory change process effectively and efficiently
YouCompli enables the compliance officers to assign ownership and oversight of tasks to different department heads, functional leaders, or specialists. The solution prompts users to accept, reject, or reassign the task by a stated deadline. Manage the rollout and accountability of new requirements with the best workflow in the business.
Protecting Hospital Finances in the Post-Pandemic Environment
It’s become a cliche, especially in healthcare, to say that COVID-19 has changed “everything”. One thing that has clearly changed, however, is hospital finances.
Pandemic response stretched every healthcare system in the United States, many to the breaking point. Revenues from non-COVID procedures were significantly reduced, to the point that furloughs of vital medical staff have become necessary.
In this environment, compliance professionals have an important role to play. Ensuring that all payment compliance regulations are being followed helps to protect existing revenue streams, and helps to get the system back on a strong financial footing. As hospitals are getting “back to normal” and trying to find ways to bolster their budgets, good compliance practices are vital.
Outstanding Payments and Patient Insurance
In-hospital treatments declined during the pandemic; however, virtual health visits significantly increased. It’s crucial to continuously monitor payment compliance practices, which include patient insurance information, especially when offering this new treatment vector.
Pre-pandemic, the number of Medicare patients increased by 11 million since 2014, and at least 37 states expanded Medicare eligibility in 2019. While it’s hard to say where Medicare coverage will go as government budgets also come under pressure, these numbers could mean that some outstanding medical bills may be covered.
Historically, about 1% to 5% of self-pay accounts, or patient out of pocket costs, are written off by hospitals as bad debt. Checking and double-checking that your institution has the right information about patients, now and going forward, can be a key step in keeping the hospital financially strong.
The number of uninsured patients has continued to grow — by 12% towards the last months of 2017, and 27 million Americans have lost their employer-provided insurance during the pandemic. Overall, improving payment compliance practices in relation to insurance is an important step in effectively managing these, and other, challenges with patient payment balances.
Reducing Readmission Rates and Penalties
If your hospital serves Medicare and Medicaid patients, you probably know the high number of readmissions that occur in typical months. Readmissions that take place within 30 days of an initial visit cost hospitals a staggering $41.3 billion. In a post-COVID world, these patterns may not hold — but that could mean that readmissions are going to go up, not down.
CMS instituted several programs to try to manage these readmission challenges.
- The Hospital Readmissions Reduction Program (HRRP): rewards hospitals for lowering readmission rates for common health conditions like heart attacks, pneumonia, COPD, and total hip and knee replacement surgery
- The Hospital-Acquired Condition Reduction Program (HACRP): encourages a reduction in avoidable infections resulting from colon surgeries and hysterectomies, bedsores, sepsis, and even blood clots
Hospitals with, according to CMS, higher than average readmission rates face steep penalties and lower claims reimbursement. In the fiscal year 2020, pandemic notwithstanding, 83% of the 3,300 hospitals in the U.S. were projected to face penalties. And these penalties can be as high as a 3% reduction in repayment. Across the United States, CMS penalizes the worst-performing hospitals with a 1% reduction in total claim reimbursement.
As hospitals reopen and restart regular procedures and treatment, and try to rapidly scale revenue generation, more hospitals may face penalties, if compliance practices are not strong. Surprisingly, at least 12% of readmission cases of readmission cases are preventable, according to the Medicare Payment Advisory Commission (MedPAC).
Two ways hospitals can comply with CMS’ regulations and boost patient care are:
- Embrace a process that sends discharge summaries to the primary care physician
- Assign staff follow-up on post-discharge test results.
Setting up such a process can be tricky, especially in larger hospital facilities and in facilities that are still challenged in the aftermath of COVID. Medical staff need to be able to consistently and quickly assign, track, and review summaries and test results.
Monitoring each step of the process is necessary to ensure that your organization is taking the proper steps to adhere to Medicare and Medicaid requirements. That way, your hospital easily avoids significant penalties while boosting patient care. CMS also recommends that hospitals be on the lookout for hospital-related illnesses, which can derail patient care standards.
What You Can Do
Staying on top of the ever-changing world of CMS regulations isn’t easy, especially as we emerge from the pandemic crisis. But we can help by providing you with expert advice and tools that target the regulations and policies needed to run your hospital compliance program more effectively.
Our fully customizable software helps you and your revenue cycle team stay on top of every regulation, so you’ll have the best possible chance of meeting essential mandates, keeping cash flowing and avoiding penalties.