Compliance officers reflect on COVID pivots and preparing for the end of the public health emergency

Featured speakers: Craig Bennett, Vice President and Chief Compliance Officer, Boston Medical Center; Rachel Lerner, Esq., General Counsel & Chief Compliance Officer, Director, Center for the Prevention of Elder Abuse and Neglect, Hebrew SeniorLife; Maria Palumbo, Chief Compliance & Privacy Officer, Lawrence General Hospital. Moderated by Larry Vernaglia 

Bennett, Lerner and Palumbo addressed the Massachusetts Health and Hospital Association’s Healthcare Legal Compliance Forum in December 2021. (Read a summary.) This recap of their remarks looks at how their Compliance teams responded to COVID and have continued to partner with their organizations to manage regulatory change. It also looks at regulatory changes they are planning for in 2022. To access the full session recording, please contact the Massachusetts Health and Hospital Association.  

Initial COVID response

The panel reflected on their organizations’ initial response to COVID. “All of us had to pivot on a dime,” said Bennett. “We hadn’t had an opportunity to plan for it. Instead, we worked daily that first quarter to make sure we were as compliant as we could possibly be.” He was part of a team that looked at various waivers, platform security, privacy and other issues affected by the public health emergency to provide care safely.  

Lerner had a similar experience. “We immediately convened interdisciplinary committee so we could make changes quickly. Telehealth was really new territory for us, and we had to look at our outpatient medical practice, and home- and community-based care,” she said. “Tracking COVID 19 waivers was a team sport between Legal and Compliance. We broke down some silos, and that may be one good lasting benefit of this experience.”  

Palumbo and her colleagues focused on creating templates and consistency for documentation to make things as straightforward as possible for clinicians. That included having them track their patient contact time in minutes rather than defaulting to 20-minute increments. “We’re auditing these processes now to be sure we’re prepared when it gets looked at externally.”  

Accessibility concerns and solutions

Palumbo illustrated how healthcare organizations had to respond to the specific needs of their communities. “Our population tends not to have computers or printers at home,” she said. It wasn’t enough to deliver COVID test results to the portal, because people needed printed results to return to work or school. Without a printer, they were stuck. “We were like the take-out line at a restaurant – we not only have to contract with the state to provide nine-lane testing, we also have a multiline drive up for picking up your covid test results because people need that hard paper.”  

Building a culture of compliance

Bennett reflected on the tremendous amount of change and adaptation healthcare staff managed over the past two years. “I have to commend all hospital staff in being able to pivot and not missing a beat,” he said. His organization paused or reprioritized certain issues, but they maintained a focus on complying with regulations. That meant checking in with people regularly. That helped him assess whether people were getting the support and resources they needed related to their work. He expects to continue looking for ways to support staff. “We’ll continue to try to add flexibility to meet the needs of our staff and the needs of our patients and organization.” 

Palumbo, too, is working to meet people where they are at. She recently “camped out in the cafeteria,” she said. “I couldn’t believe the results: About 350 people came to talk to me, including residents, physicians, surgeons, nurses, case managers, and housekeeping staff.” They asked about patient privacy and other compliance issues. “So much came up during COVID but we didn’t stop to work through everything or stop to talk to each other. I’ll try to do that at least once a quarter.”  

New compliance issues

Palumbo walked through some upcoming regulatory changes she’s watching. This included the Medicare Final Physician Fee Schedule and noted that the Appropriate Use Criteria changes are delayed until the January first that follows the end of the pandemic. She encouraged everyone to understand the documentation requirements for using nurse practitioners for some portion of care as well as the changes to billing for surgeon and ICU provider time.  

New rules also allow audio-only telehealth visits for behavioral health as long as the patient wants it and the physician documents it properly.  

Balancing privacy, efficiency, safety, and cybersecurity

Lerner continues to address privacy concerns related to COVID testing and contact tracing. “We were working so hard to limit the spread of the disease in our senior living facilities,” she said. “It was hard to navigate contact tracing and privacy.” Now she is addressing cybersecurity insurance requirements, for her own organization and making sure vendors have sufficient insurance. “Moving to remote workforces and telehealth, the cybersecurity exposure is higher than it’s ever been,” she said. “For instance, people working from home might want to print documents, but we have to keep them from printing PHI at home or mailing things insecurely when someone can’t come pick it up.”  

Managing regulatory change

Lerner said she spends a lot of time looking at regulatory changes to understand their implications to her organization. “It can take us a long time to decide ‘does this apply to us?’ And then figure out what to do with it. Then we have to figure out what to do with that information in bits and pieces. It is certainly a complex, ever-changing universe on that front.” She spoke of Compliance’s key role in knitting together all that information to help the organization act on it and integrate it into daily processes.  

YouCompli sponsored MHA’s 2021 Healthcare Legal Compliance Forum. We provide a complete solution to help healthcare compliance organizations manage regulatory change. Find out more about YouCompli.  

Subscribe to get the latest articles about healthcare regulatory changes.

Man typing on laptop
Request a demo of the YouCompli solution.

Health organizations tackle regulatory change at Mass. conference

The Massachusetts Health and Hospital Association recently convened its Healthcare Legal Compliance Forum to update members on key areas of regulatory change, compliance and enforcement in this late COVID era. 

Current and former law enforcement officials, healthcare compliance practitioners, attorneys and consultants gave a broad view of the priorities, challenges and opportunities facing the Compliance profession.  

Federal and State Enforcement Update 

Featured speakers: Toby R. Unger, Chief of Medicaid Fraud Division, Office of the Massachusetts Attorney General; and Patrick Callahan, Healthcare Fraud Unit, US Attorney’s Office. Moderated by David Schumacher, Partner, Hooper, Lundy & Bookman. 

Unger and Callahan noted that the pandemic shifted the makeup of their case load. It reduced the rate of whistleblower and other fraud complaints, and for Unger at least, abuse cases increased.  

They talked about how health organizations can effectively partner with law enforcement. They generally see the best outcomes when Compliance and Legal teams bring issues to them or work quickly with them to find data and resolve issues. 

And they shared their take on effective Compliance functions. A good Compliance department doesn’t need to be huge with a lot of people and formal processes,” Callahan said. “A good department is one that has a real effect when they ask leadership to make a change. They have a voice that gets leadership’s attention, and they can have questionable practices stopped during an investigation. When they ask to press pause, they are listened to.”  

Read More: State and Federal enforcement agencies anticipating more complex investigations as COVID-era practices emerge

Compliance Officer Roundtable  

Featured speakers:  Craig Bennett, Vice President and Chief Compliance Officer, Boston Medical Center; Rachel Lerner, Esq., General Counsel & Chief Compliance Officer, Director, Center for the Prevention of Elder Abuse and Neglect, Hebrew SeniorLife; Maria Palumbo, Chief Compliance & Privacy Officer, Lawrence General Hospital. Moderated by Larry Vernaglia. 

Bennett, Lerner, and Palumbo shared their experience over nearly two years of pandemic-influenced healthcare compliance. They talked about how they collaborated to manage regulatory change and reinforce their culture of compliance. They also talked about the regulatory changes they are planning for in 2022.  

Lerner said she spends a lot of time looking at regulatory changes to understand their implications to her organization. “It can take us a long time to decide ‘does this apply to us?’ And then figure out what to do with it. Then we have to figure out what to do with that information in bits and pieces. It is certainly a complex, ever-changing universe on that front.” She spoke of Compliance’s key role in knitting together all that information to help the organization act correctly and then integrate it into daily processes. 

Read More: Compliance officers reflect on COVID pivots and preparing for the end of the public health emergency

Telehealth in the Pandemic and Beyond  

Featured speakers: Marcus Hughes, Associate General Counsel, UMass Memorial Health; Meg Cosgrove, Associate General Counsel, Beth Israel Lahey Health. And moderated by Jeremy Sherer, Healthcare Attorney, Hooper, Lundy, & Bookman. 

Hughes and Cosgrove discussed interstate telehealth compliance issues. They talked about the hard adjustments providers have to make as demand for telehealth surges and scrutiny of out-of-state practice increases. They shared ways they are preparing for the regulatory changes that will come with the end of the public health emergency.  

As waivers expire, Compliance officers have to increase their efforts at making sure providers understand licensing requirements and the risk of non-compliance. 

Hughes noted that there is a common belief that there is a national framework for remote care, but actually there isn’t. “Now that we’re in the late stage of the pandemic, we have to educate our staff to dispel some of the myths that are out there. And we have to make sure they know that the COIVD waivers are coming to an end.”  

Read More: Healthcare GCs look at telehealth compliance in the Pandemic and beyond

COVID-19 Hot Compliance Topics  

Featured speaker: Martie Ross, Office Managing Principal, PYA  

Ross covered federal vaccine mandates. unwinding regulatory flexibilities, and provider relief fund audits and enforcement. Her detailed slides are available from PYA here. They provide great insight for Compliance practitioners. 

Ross recommends that you review and track changes to internal policies and practices and establish a process to completely unwind. “As a compliance officer, it’s time to back through your compliance documentation over the past two years and think about how you’re going to unwind from these changes,” she said. 

Read More: Compliance expert Martie Ross explains critical regulatory change management issues facing healthcare in 2022

YouCompli sponsored MHA’s 2021 Healthcare Legal Compliance Forum. We provide a complete solution to help healthcare compliance organizations manage regulatory change. Find out more about YouCompli.  

Subscribe to get the latest articles about healthcare regulatory changes.

Man typing on laptop
Request a demo of the YouCompli solution.

Five tips to help providers comply with Stark

The Stark Law creates a whole set of antikickback rules that providers must understand and actively work to comply with. And with all its good intentions, the Stark Law is incredibly restrictive. In fact, even the U.S. Court of Appeals for the 4th Circuit noted that “even for the well-intentioned healthcare provider, the Stark law has become a booby trap rigged with strict liability and potentially ruinous exposure.”

The Centers for Medicare and Medicaid (CMS) and Congress have taken steps to clear up confusion and loosen the rules in some cases (See our article on exceptions for value-based care). Still, your Compliance team has a tremendous responsibility to make sure that policies match the rules and that providers understand and follow the policies.

Policies match the Stark rules

Changes to the Stark Law have been coming out practically since the law was enacted. The law, which aims to protect against kickbacks and self-referrals, has gotten complicated in the details. Congress issues amendments to help  the law catch up to changing business practices. Healthcare organizations may have written policies that facilitated compliance originally. However, those may be completely out-of-date if they weren’t keeping up with the changes in the law.

For example, CMS has introduced modifications that addressed challenges with value-based care and resolve issues restricting coordinated care and health data exchange. Another modification to the law was allowing healthcare providers to accept cybersecurity tech donations from stakeholders.

While the compliance officer enforces the policies, he or she doesn’t have to live them the way those in operations do. Getting input from key stakeholders such as providers, Risk Management, and others in the C-suite can help ensure that final policies are clear. This early feedback and engagement can also help identify how the policy or regulatory changes will affect the individuals who must operate under them. Lastly, they can help identify potential operational conflicts with new policies or regulatory changes.

(See how YouCompli delivers model policies and procedures that help your organization comply.)

Providers following the Stark policies

With compliant policies in place, it’s time to help providers understand how to follow them. This is where communicating what certain key terms in a policy or regulation means in the context of the provider’s particular work becomes critically important.

Compliance officers know that “the road to success is going to run through quality of care,” says Harry Nelson, health care attorney at Nelson Hardiman. “Compliance isn’t the internal police that slows things down, but a strategic part of growth.” When it comes to making sure providers understand how to follow policies, the compliance officer has to look at the language of the policy from the providers’ perspective, not that of the compliance officer.

Here are five steps to help providers understand and follow Stark-compliant policies:

  1. Engage your operational leaders. Make sure the president and CEO understand the nature and intent behind Stark limitations so they can help explain and reinforce them. Give situational examples they can relate to so they understand what the key terminology means.
  2. Invest in training and communication. One email won’t do it with changes to Stark-related policies. Engage providers in small groups, in writing, and in person to explain nuances and answer questions about tricky scenarios. Whenever possible, use real-world scenarios to help illustrate how the regulations and policies impact them. Education and training should also be routine and ongoing with key stakeholders.
  3. Get feedback. Regularly check in to gather feedback from your leaders. Find out if the implemented tools and procedures are working for them, as well as to identify challenges they face. This step will help you see areas where the  words on paper mean something the compliance officer had not thought of. Adapt procedures and tools if necessary.
  4. Encourage people to ask questions. Make sure providers and your operational leaders alike know they can use you as a sounding board for grey areas or possible violations. It’s much better if they proactively ask if a proposed arrangement is compliant. Otherwise, they may have to unwind a relationship if they find out it is not compliant.
  5. Promote awareness to prevent future mistakes. Once an error is made, chances are it will reoccur and lead to additional violations. As you are addressing errors, promote awareness to prevent future mistakes. For example, when you are communicating the fact that a mistake was made, go the extra step to what caused it. This will be an opportunity to find out where their confusion was and use that insight to update policies or training.

Stark compliance starts with knowing about changes to the regulations and continues with crafting policies that providers can understand and follow. Involving stakeholders in policy creation and training, and engaging tech systems to reinforce the lessons will support the long-term success of Stark-compliant policies.

Do you have the tools you need to recognize and manage regulatory change across your organization? Find out how YouCompli can help you manage and coordinate your response to regulatory change or schedule a demo.

Subscribe for blog updates

Stark Law: Flexibility for value-based care

The well-intentioned but complex Stark Law has gotten some updates recently. The changes give healthcare providers greater flexibility, especially with value-based care. 

The Stark Law was introduced in 1989 by United States Congressman Pete Stark (D-CA). It aims to protect Medicare and Medicaid from paying for services that may trigger conflict-of-interest concerns. This includes certain healthcare services for which physicians referred their Medicare/Medicaid patients to an organization with which they have a financial relationship. Referrals like this trigger questions about whether the patient really needed the service and raises concerns of physicians referring for their own financial benefit.  

Take, for example, a physician who refers a Medicare/Medicaid patient for an x-ray to a medical imaging facility. The facility then bills Medicare for that service. This may seem appropriate unless the physician has a financial interest in the medical imaging facility.  

The law faced criticism, however, for being too rigid. According to Henry Casale, partner at Horty Springer, “providers have found that the Stark Law is deceptively simple to summarize, but compliance has proven to be difficult and complex.” 

Casale went on to say that “Stark said that ‘the only way to protect healthcare consumers from unnecessary referrals is to impose a bright line rule.’ The Stark Law prohibits a physician from making referrals for certain Designated Health Services (DHS) payable by Medicare or Medicaid to an entity with which the physician (or an immediate family member) has a direct or indirect financial relationship (ownership or compensation). It also prohibits the entity from filing claims with Medicare or Medicaid for those referred DHS, unless the financial relationship complies with an exception to the Stark Law.”  

New value-based exceptions 

New exceptions under Stark allow for physicians to refer Medicare/Medicaid patients to entities they have a financial relationship with and that are part of a value-based program, in some cases. Additionally, the physician may receive remuneration, such as cost savings payments, so long as the requirements of the new exception are met.  

According to Casale, “The Stark value-based rules cover both cash and in-kind remuneration and do not include the term ‘Fair Market Value’.”  These rules have a number of requirements, but those requirements decrease as the value-based physician participants assume more financial risk.  The greatest flexibility is when the physician participants agree to assume full financial risk. (This includes capitation and global budget payment arrangements.) The requirements increase if the physician participants assume only “meaningful” financial risk. (The physician is responsible to repay or forego no less than 10 percent of the total value of the remuneration the physician receives under the value-based arrangement.) The requirements are greatest where the physicians are not at financial risk. 

“The Stark value-based rules are a significant improvement,” Casale said. “But they do leave a number of questions unanswered.” They also differ markedly from the OIG’s value-based safe harbor regulations that were published the same day, especially where the physicians are not at financial risk.  Here the OIG only provides safe harbor protection for in-kind remuneration while the Stark rules permit both cash and in-kind remuneration.  

“So while the Stark rules provide guidance and significant flexibility,” Casale said, “providers need to also consider the OIG’s much more narrow view of value-based arrangements.”   

RelatedDiscover how CMS is improving patient care while reducing administrative burden for providers. 

Rules related to Stark and anti-kickback legislation have been evolving for decades. These recent changes reflect an effort to add greater flexibility with value-based care and help keep the law responsive to current business practices in healthcare.  

How is your healthcare system adapting to keep up with changes to rules from the Stark Law and other fluid regulations?  Read more about how YouCompli can help you stay on top of regulatory changes or schedule a demo. 

Jerry Shafran

Jerry Shafran is the founder and CEO of YouCompli. He is a serial entrepreneur who builds on a solid foundation of information technology and network solutions. Jerry has founded, managed, and sold software and content solutions that simplify complex work. His innovations enable professionals to focus on their core business priorities.

Subscribe to receive updates from YouCompli