1/28/2014

1

Fraud, Waste, and Abuse Panel

February 9, 2014

HCCA Managed Care Compliance Conference

Today’s Panel Discussion

Summary of FWA requirements as part of an

effective compliance programJose Tabuena

Current trends and applicable takeaways in today’s

FWA environmentAdam Rattner

Applying culture change principles and a

proactive approach to FWA prevention through

Medicaid contract compliance

Jack Bevilacqua

1/28/2014

2

Summary of FWA Requirements as

part of a Compliance Program

Jose Tabuena, Concentra | Humana Inc.

Know Your History

Office of Inspector General, US Department of Health and Human Services

• Compliance Guidance– Compliance Program Guidance for Medicare+Choice Organizations (1999)

– Link: http://oig.hhs.gov/fraud/docs/complianceguidance/111599.pdf

Centers for Medicare and Medicaid Services – Medicare Prescription Drug, Improvement, and Modernization Act (2003)

o Guidance for Part D (Chapter 9) included the FWA component as part of a plan sponsors overall compliance plan | program requirements (2006)

o FWA program could be separate and in addition to compliance program, or integrated

– Medicare Managed Care Manual (Chapter 21, Pub. 100-16) and Prescription

Drug Benefit Manual (Chapter 9, Pub. 100-18): These guidelines are identical and allow organizations offering both Medicare Advantage (MA) and

Prescription Drug Plans (PDP) to reference one document for guidance(Revised 01-11-2013)

– Link: http://www.cms.gov/Regulations-and-

Guidance/Guidance/Manuals/Downloads/mc86c21.pdf

1/28/2014

3

Chapter 21 and 9 Compliance Program Guidelines

Section in Guidelines Element of an Effective Compliance Program

50.1 Written Policies, Procedures, and Standards of Conduct

50.2 Compliance Officer, Compliance Committee, and High Level Oversight

50.3 Effective Training and Education (50.3.2 – FWA Training)

50.4 Effective Lines of Communication

50.5 Well Publicized Disciplinary Guidelines

50.6

Effective System for Routine Monitoring, Auditing and Identification of

Compliance Risks (50.6.9 – Use of Data Analysis for FWA Prevention

and Detection; 50.6.10 – Special Investigation Units (SIUs)

50.7

Procedures and System for Prompt Response to Compliance Issues

(50.7.3 – Procedures for Self-Reporting Potential FWA and Significant

Non-Compliance; 50.7.6 – Responding to CMS-Issued Fraud Alerts)

Each sponsor must implement an effective compliance program that

meets the regulatory requirements set forth in Chapter 42, Parts 422 and

423 of the Code of Federal Regulations.

Definitions – In the Compliance Program Guidelines

• Fraud– “Is knowingly and willfully executing or attempting to execute, a scheme or

artifice to defraud any health care benefit program or to obtain (by means of

false or fraudulent pretenses, representations, or promises) any of the

money or property owned by, or under the custody or control of, any health

care benefit program. 18 U.S.C. § 1347.”

– Fraud is a deliberate misrepresentation or deception intended to result in

financial gain. It is a criminal act.

• Abuse– “Includes actions that may, directly or indirectly, result in: unnecessary costs

to the Medicare Program, improper payment, payment for services that fail to

meet professionally recognized standards of care, or services that are

medically unnecessary. Abuse involves payment for items or services where

there is no legal entitlement to that payment and the provider has not

knowingly and/or intentionally misrepresented facts to obtain payment.”

– Abuse includes actions similar to fraud but not proven to be criminal.

FWA means fraud, waste and abuse.

1/28/2014

4

FWA Definitions, continued

• Fraud versus Abuse

– “Abuse cannot be differentiated categorically from fraud, because the

distinction between ‘fraud’ and ‘abuse’ depends on specific facts and

circumstances, intent and prior knowledge, and available evidence, among

other factors.”

• Waste

– “Is the overutilization of services, or other practices that, directly or indirectly,

result in unnecessary costs to the Medicare program. Waste is generally not

considered to be caused by criminally negligent actions but rather the

misuse of resources.”

FWA means fraud, waste and abuse.

Chapter 21 and 9 Guidelines – Evolving Thoughts

• “It is worth noting that for many Sponsors, traditional fraud, waste, and

abuse programs have been aimed at the conduct of third parties…”

• “. . . whereas their compliance programs typically encompass the

organization’s efforts to monitor itself and its subcontractors with respect

to contract regulations and compliance with applicable laws and

regulations.”

• “CMS believes that, under this requirement, Sponsors must have

policies in place to identify and address fraud, waste and abuse at both

the Sponsor and third-party levels . . .”

“Specifically, the chapter provides recommendations and requirements

for Sponsors to implement a program to control fraud, waste, and abuse

as part of an effective Part D compliance program.”

1/28/2014

5

Two Perspectives

• Compliance – Risk of Non-compliance and Misconduct (including fraud)

by the organization.

– For most compliance program activities, the audience is primarily internal

and draws more on education and protecting the organization from legal

actions brought by others.

• Fraud Control – Risk of External Fraud against the Organization

– For most antifraud activities, the target audience is primarily external and

draws heavily from data mining, investigations, law enforcement, and legal

actions initiated by the organization.

Compliance and Fraud control programs should not be looked at in a “silo”

Ethics and Compliance

Program

Antifraud Program &

ControlsCode of Conduct

Whistleblower Helpline

Hiring and Promotion Standards

Oversight – BOD & AC

Incentives & Discipline

Evaluate Effectiveness

Policies

Training & Education

Investigations

Enterprise Risk Assessments

Auditing and Monitoring

Technology & Metrics

Compliance Policies

and Procedures

Compliance & Ethics

Training

Internal Misconduct

Compliance

Risk Assessment

To Detect

Non-compliance

Regulatory

Requirements

Antifraud Policies

and Procedures

Fraud Awareness Training

External Fraud

Fraud Risk Assessment

To Detect Criminal Conduct

Fraud Detection

Data Analysis

Compliance and FWA leverage many of the same principles

1/28/2014

6

Compliance and Antifraud Programs leverage many of the same technologies

For many companies, technology to support the Compliance and Antifraud

Programs can be implemented primarily using software solutions with

existing footprints in their application architectures

Antifraud

Program Activity Functionality

Control

Environment

Whistleblower/compliance hotline; employee training and tracking; supporting and documenting

background checks; data analytics; electronic data recovery and preservation.

Risk Assessment

Identifying and documenting compliance and fraud risks and the related controls; identifying and

documenting related policies, procedures and system protocols; template test plans for relevant

controls, issue documentation and tracking; documenting results of control testing; reporting.

Control ActivitiesSystem and process related security and controls; manage user access and segregation of

duties; automated monitoring tools.

Information and

Communication

E-Learning system to managing content and provide online training; documentation on who has

completed training and when.

Monitor

Monitoring changes in the parameters in control configuration tables; monitoring who has

accessed transactions, financial system modules, and content; analyzing transactions for

anomalies; journal entry testing; monitoring manual processes;.

Compliance versus FWA Risk

• Do fraud specialists | SIU and internal auditors have a common interest

with compliance and ethics professionals?

• Could compliance officers enhance compliance by working more closely

with their organization’s antifraud professionals?

• Is there an effective way to integrate the required infrastructures?

Compliance and Fraud control programs should not be looked at in a “silo”

1/28/2014

7

A look at Antifraud Program Controls

1. Reactive strategies, proactive scanning, and prevention within

functional scopes of responsibilities

2. Utilizing a range of tools and methods, including investigations,

inspections, audit, data mining, and policy and systems development

3. Creative use of data-analysis and pattern recognition systems; a

serious appetite for integrating data from disparate sources to provide

the opportunity to conduct more sophisticated analyses and searches

4. Covering a a considerable range of risks and developing over time the

program’s own sense of the relevant risk-profile

The fraud control strategy includes 4 key paradigms

The Fraud Risk Assessment

• Considers the ways that fraud and misconduct can occur

• Is systematic and recurring

• Considers possible internal and external fraud schemes and scenarios

• Assesses risk at entity-wide, significant business unit and significant

account levels

• Evaluates likelihood, significance and pervasiveness of each risk

• Is performed with the involvement of appropriate personnel

• Considers management override

• Is dynamic and should be updated when new or unique circumstances

arise (e.g., changed operating and regulatory environments) at least

annually

A fraud risk assessment is crucial part of an entity’s broader risk

assessment process

1/28/2014

8

Where money flows, fraud is likely to follow

Identify Possible Fraud Schemes

• A scheme is the mechanism, scenario, or sequence of actions by which;

– The financial statements may be improperly manipulated or misstated;

– Assets may be misappropriated;

– Improper or unauthorized expenditures may be made;

– Self-dealings may occur; and

– Laws and regulations may be violated.

• One or more related fraud schemes may exist for each fraud risk,

consider the following;

– Past fraud within the organization, actual and alleged

– The industry in which the organization operates

– The geographies in which the organization operates

Determine specific fraud schemes without consideration of existing

controls

1/28/2014

9

Compliance and FWA Risk

• Enrollment Accuracy – LIS, Duals, late penalty, effective dates

• Billing Accuracy – Premiums (direct & SSA), refunds, cost sharing

• Bids and Reconciliation – cost allocations, assumptions

• Formulary Development/Management and Beneficiary Notifications

• COB Data Collection

• TrOOP Accumulation

• Cherry picking of healthy patients

• Inflation of expenses

• Data that misrepresents the medical condition of patients and treatments

received; manipulating Risk Adjustment payment system

• Rebates and Arrangements with pharmacies and manufacturers

Examples of Areas of Exposure for Plan Sponsors

Implementing Relevant Internal Controls

• The value proposition of this approach is to provide plans with a

real-time, Sarbanes-Oxley like control design, testing and remediation.

– Automated and independent of a Mock Audit and other internal monitoring

and auditing procedures.

• Multi-phased approach for developing and implementing internal

controls for MA plans, MA-PDs and PDPs.

– Based on code elements defined in the respective manuals, and regulatory

and compliance guidelines.

• The objective is to develop and implement a robust set of controls

that prevent compliance compromising situations from occurring in

the first place, or detect them on a real time basis.

Plans should begin to think about how to move their Compliance/FWA

programs from “reactionary” to “proactive”

1/28/2014

10

What are Internal Controls?

In accounting and auditing, internal control is defined as a process

affected by an organization's structure, work and authority flows, people

and management information systems, designed to help the organization

accomplish specific goals or objectives.

• Risks: Uncertain events that could adversely impact compliance with

the MA and PDP Requirements.

• Control Objectives: Management's goals which, if achieved, reduce

the identified risks to an acceptable level.

• Control Activities: Processes or sub-processes that provide

reasonable assurance regarding the reliability and integrity of the

control objective.

Fraud and Internal Control

Internal control plays an important role in the prevention and detection of

fraud.

• Under Sarbanes-Oxley, companies are required to perform a fraud risk

assessment and assess related controls. This involves identifying

scenarios in which theft or loss could occur and determining if existing

control procedures effectively manage the risk to an acceptable level.

• The risk that senior management might override important financial

controls to manipulate financial reporting is a key area of focus in a

fraud risk assessment.

• The AICPA, IIA, and ACFE sponsored a guide that includes a

framework for helping organizations manage their fraud risk.

– Managing the Business Risk of Fraud: A Practical Guide (2008)

– http://www.aicpa.org/Press/PressReleases/2008/DownloadableDocuments/

Managing_the_Business_Risk_of_Fraud.pdf

1/28/2014

11

Types of Control Activities

• Preventive control activities:

– Designed to avert problems rather than identify them

– Examples include cost report model, access restrictions, etc.

• Detective control activities:

– Meant to identify errors or irregularities after the fact

– Examples include reviews, reconciliations, and analyses

A good internal control structure includes an appropriate blend of preventive and detective controls.

Types of Control Activities (continued)

• Manual control activities:

– Carried out by people

– Examples include management approvals, review of reports, reconciliations

performed by hand, etc.

• Automated control activities:

– Are configured or programmed into systems and are executed by a system

automatically

– Examples include access restrictions, edit and validation checks, etc.

Automated control activities are more consistent than manual control

activities, however they are reliable only if the related general computer controls are effective (e.g., security).

1/28/2014

12

What are control activities?

Know Available Resources

Office of Inspector General, US Department of Health and Human Services

• Managed Care Web Page: – Home>Fraud>Enforcement>CMP>Managed Care

– https://oig.hhs.gov/fraud/enforcement/cmp/managed_care.asp

• Office of Evaluation and Inspections Reports– Home>Reports & Publications>Office of Evaluations and Inspections>Reports

– Medicare Advantage Organizations’ Identification of Potential Fraud and

Abuse (02-24-2012)

– Link: https://oig.hhs.gov/oei/reports/oei-03-10-00310.asp

• Special Fraud Alerts

– Home>Compliance>Special Fraud Alerts

– Link: https://oig.hhs.gov/compliance/alerts/index.asp

• Corporate Integrity Agreements (and corresponding press coverage)

– Home>Compliance>Corporate Integrity Agreements

– Link: https://oig.hhs.gov/compliance/corporate-integrity-agreements/index.asp

1/28/2014

13

The Current State and

Recent Trends in FWABY: Adam Rattner, Esq.

The views herein are solely of the

presenter and do not represent

those of any company or person

other than the presenter.

25

• The US Department of health and Human

Services – Office of the Inspector General

(“HHS-OIG”) conservatively estimates that

$100 billion is lost to healthcare fraud each

year ($273 million per day).

The Current Estimated Cost to the System of FWA

26

1/28/2014

14

FWA DETECTION, PREVETION AND PROSECUTION IS CURRENTLY ON THE RISE:

• Government agencies have formed partnerships to fight fraud and abuse, as well as to protect taxpayer funds, and maintain health care costs and quality of care.

• The Center For Medicaid and Medicare (CMS) which administers the Medicare and Medicaid programs partners with the following entities to prevent and detect fraud and abuse:

• Program Safeguard Contractors (P-S-Cs)/Zone Program Integrity Contractors (Z-PICs),

• Medicare Drug Integrity Contractors (MEDICs),

• State and Federal law enforcement agencies,

• Medicare beneficiaries and caregivers,

• Senior Medicare Patrol (S-M-P) program,

• Physicians, suppliers, and other providers,

• Medicare Carriers, Fiscal Intermediaries (F-Is), and Medicare Administrative Contractors (MACs) who pay claims and enroll providers and suppliers;

• Recovery Audit Program Recovery Auditors; and

• Comprehensive Error Rate Testing (CERT) Contractors.

27

The Battle Royale: The current fight

against FWA• The Center for Program Integrity (CPI), within CMS, promotes the integrity of

Medicare by:

• • conducting audits and policy reviews;

• • identifying and monitoring program vulnerabilities; and

• • providing assistance to states.

• The OIG primarily audits, investigations, inspections, and other functions. The Inspector General may prohibit individuals and entities who have engaged in fraud or abuse from participating in Medicare, Medicaid, and other Federal health care programs. The Inspector General may also impose CMPs for certain misconduct related to Federal health care programs.

• The Department of Justice and HHS established Health Care Fraud Prevention and Enforcement Action Team (HEAT) to strengthen existing programs to combat Medicare fraud while investing in new resources and technology to prevent fraud and abuse.

• Excluded Parties List System (E-P-L-S). This list includes information on entities debarred, suspended, or proposed for debarment. The list also includes those entities that have been excluded, or disqualified from receiving Federal contracts, certain subcontracts, and certain types of Federal assistance and benefits.

28

1/28/2014

15

Current Recommended guidelines to

Prevent FWA

• Monthly checks for excluded individuals among employees and first tier, downstream, and related entities

• Processes to identify, deny, prevent payment of claims from excluded providers at point of sale

• Requires disclosure by employees and first tier, downstream or related entities of new exclusions

• Establish SIU unit or perform SIU functions through compliance

• Many state and Federal Contracts make the detection and prevention of FWA (through SIU, Exclusion checks, and others) a mandatory contractual requirement.

29

False Claims Act Bolstered by PPACA

Civil False Claims Act

• Prohibits knowingly presenting a false claim or knowingly making a

false record or statement material to a false claim

• “Knowingly” includes acting in reckless disregard or deliberate ignorance of the truth or falsity of the information

• Penalties include treble damages and civil penalties

• Qui tam provisions allow individuals (e.g., employees, contractors,

providers) to sue and share in ultimate recovery

• Overpayment Amendments (FERA & PPACA)

FERA expanded FCA liability by including knowing retention of overpayments (same definition of “knowledge” as above)

PPACA requires that overpayments be reported and repaid within 60 days after identification

30

1/28/2014

16

Civil and Administrative Enforcement

• The OIG reported that it obtained expected recoveries of $3.8 billion (including both audit receivables and investigative receivables) in the first half of FY 2013.

• During the same time period, over 1,500 individuals were excluded from participation in the federal health care programs and 240 civil actions were undertaken by OIG, including false claims and unjust enrichment cases, civil monetary penalties settlement and administrative recoveries related to provider self-disclosure matters.

31

FWA Civil and Administrative

Enforcements 2013FCA violations in 2013

• $350 million settlement with generic drug manufacturer Ranbaxy Laboratories Limited for False Claims Act violations related to the manufacture and distribution of adulterated drugs at its facilities in India. The government intervened in the whistleblower suit alleging that the strength, purity or quality of several drugs manufactured at two facilities differed from the drug’s specifications or that the drugs were not manufactured according to the FDA-approved formulation.

• Kan-Di-Ki, doing business as Diagnostic Laboratories and Radiology, agreed to pay $17.5 million to resolve allegations it submitted false claims to Medicare and Medi-Cal by engaging in an illegal kickback scheme known as a “swapping arrangement” by charging skilled nursing facilities below-cost rates for Medicare Part A business, in exchange for the facilities’ provision of Medicare Part B and Medi-Cal business.

• Omnicare announced an expected $120 million settlement with the DOJ for a swapping arrangement involving discounts for Part A drugs provided to nursing homes in exchange for the nursing homes’ Part D referrals.

Stark Law violations in 2013.

• United States ex rel. Baklid-Kunz v. Halifax Hospital Medical Center, et al.,- a hospital violated the Stark Law by paying oncology physicians illegal productivity bonuses.

• U.S. ex rel. Drakeford v. Tuomey Healthcare System Inc. -$237 million in damages and fines in a whistleblower case after a jury determined that Tuomey had violated the Stark Law because the compensation paid to several specialty physicians under part-time employment agreements varied with or took into account the volume or value of referrals to the hospital.

32

1/28/2014

17

FWA Criminal Prosecutions 2013

• Nov. 2013, DOJ announced a significant settlement with Johnson & Johnson

2.2 billion will be paid for criminal and civil liability arising from allegations of off-label marketing and AKS allegations. The criminal fines and forfeiture alone totaled $485 million.

American Therapeutic Corporation and the American Sleep Institute submitted false and fraudulent claims to Medicare for services that were medically unnecessary, were not eligible for Medicare reimbursement or were never provided.

-24 individuals charged and 15 convictions for a combined 183 years in prison to date.

-The 15 defendants also were ordered to pay $87 million in restitution and $37,000 in fines.

33

FWA development-HHS declares QHP’s

not within Scope of AKS

It is anticipated that enforcement will remain active in 2014, however, industry opinion suggests the recent legal interpretation by the Obama administration related to QHPs could weaken government efforts.

– At issue is whether QHPs available on the health insurance exchanges, to become effective on Jan. 1, 2014, are considered “federal health care programs” and thus subject to the AKS, which prohibits the offer, payment, solicitation or receipt of remuneration intended to influence the referral of services to be paid for by a federal health care program.

• The government still has broad authority to pursue fraud and abuse involving QHPs under program integrity rules, civil money penalties, the False Claims Act and a variety of federal criminal laws.

QHP’s are still a “ Health Care Benefit”, and thus subject to Federal Criminal Law and prosecution for violation of federal criminal healthcare laws.

34

1/28/2014

18

The rising shift to Managed Care

• More and More, States have attempted to contain costs of

Medicaid programs by shifting Medicaid payments for health

care services for recipients from fee for service based cost

reimbursement to capitated rates paid to managed care

plans

• FWA May include both fraud by the MCO and fraud against

the MCO by providers

35

Managed Care Plan Fraud

• Contract procurement fraud (provider credentials, financial

solvency, inadequate network, bid-rigging)

• Marketing and enrollment fraud (slamming, enrolling

ineligible or non-existent recipients, cherry-picking, kickbacks,

lemon-dropping)

• Underutilization (delays, denials, unreasonable prior auth

requirements, gag orders to providers)

• Claims submission and billing fraud (misrepresent MLR, dual

eligible scams, cost-shifting to carve-outs, misrepresent kick-

eligible services or incentivized services, encounter data

fraud)36

1/28/2014

19

Recent findings/trends in FWA

Hospital Post acute Discharges and Transfers. Medicare overpaid millions to hospitals for claims subject to the post acute care transfer policy reduced rate.

Hospital Claims for Mechanical Ventilation. Medicare overpaid millions to hospitals that used the incorrect procedure code for mechanical ventilation.

Hospital Claims for Canceled Elective Surgeries. Medicare overpaid millions to hospitals for canceled elective surgeries.

Hospital Inpatient and Outpatient Claims in Risk Areas. Hospitals that appear to be at risk of submitting significant noncompliant claims to Medicare are subject to OIG review; risk areas are identified through data mining and analysis.

Outpatient Therapy Services—An outpatient therapy supplier improperly billed most of its claims to Medicare; the supplier did not have a thorough understanding of Medicare’s requirements and did not have adequate policies and procedures in place to ensure correct billing.

37

Recent findings/trends in FWA

Hospitals—Early Discharges to Hospice Care. Medicare pays hospitals more for early discharges to hospice care than it pays for early discharges to certain other care settings;

Critical Access Hospitals (CAHs). Medicare and its beneficiaries pay more for care in CAH-certified hospitals, but most CAHs would not meet the location requirements if required to re-enroll in Medicare.

Laboratory Tests. Medicare paid more for lab tests than did the State Medicaid programs and Federal Employee Health Benefit (FEHB) plans that the OIG reviewed; better aligning payments with Medicaid and FEHB could yield substantial savings.

Medical Equipment/Supplies—Continuous Positive Airway Pressure (CPAP) Therapy. Medicare’s replacement schedule for CPAP supplies has remained largely the same for the past 20 years and may not align with current payers and professional recommendations.

Part B Prescription Drugs. Medicare could recoup billions on Part B drug costs if pharmaceutical manufacturers were required to pay rebates as they do for Medicaid drugs.

Dialysis—Anemia Management Drugs. Utilization of anemia management drugs in dialysis treatments in 2011 was generally significantly less than the utilization reflected in the base rate calculation; adjustments could yield savings for Medicare.

Claims Processing—G Modifiers. Medicare contractors fail to consider billing codes that flag claims as being unallowable for payment; practice and procedure adjustments are needed.

38

1/28/2014

20

New FWA concerns:

MLR Requirements and FWA

MRI Scan Center, LLC v. Nat’l Imaging Assocs.,

Inc.

Filed early 2013.

• Alleges manipulation of Explanation of

Benefits and Remittance Advices to avoid

paying MLR rebates under ACA.

39

Final Thoughts on FWA

• Managed Care World- More and More moving towards the Prevent upfront rather than the pay and chase-this requires big data and information sharing- both of which are becoming huge in the fight against Fraud Waste and Abuse. Private-Public Partnerships are on the rise.

• Fraud, Waste and Abuse: much like the prevention and detection is ever evolving. The target moves often.

• The government is relying more and more on healthcare providers and payers to help with the detection and prevention of fraud, through regulations or contractual obligations.

40

1/28/2014

21

FWA PANEL: CULTURE CHANGE AND A

PROACTIVE APPROACH TO FWA PREVENTION

THROUGH MEDICAID CONTRACT COMPLIANCE

Jack Bevilacqua

Senior Compliance Oversight Specialist

WellCare Health Plans, Inc.

FRAUD, WASTE, AND ABUSE – GOALS OF OVERSIGHT

� Goals of Compliance Oversight Department as it relates to FWA:

• Proactive identification of areas particularly susceptible via risk

assessment

• Promotion of self-reported non-compliance by business units

• Culture change

• Increased transparency of business operations to compliance

• Frequent learning opportunities

• Consistent application of compliance via centralized approach

42

1/28/2014

22

FRAUD, WASTE, AND ABUSE – PREVENTION PROCESS

� Attestation Process

• Identification of obligations in contracts and regulations

• Identification of the people in business operations who are specifically

responsible for those obligations.

• Obtain accountability of the business units by asking them to attest to the

compliance or non-compliance of their obligations

� Benefit

• Documented accountability that results in management accountability in

processes and results.

43

FRAUD, WASTE, AND ABUSE – PREVENTION BY COLLABORATION

� Self-reported non-compliance (Collaboration process)

• Set face to face meeting with business owner that self reported non-

compliance to help them work through their issues of non-compliance.

� Benefits

• Branded as “collaboration” to assist in culture change; end goal would be

for operations personnel to proactively identify and come to compliance

unprovoked.

• Creation of metrics to show consistent areas of risk; mitigation of risk by

resolving issues prior to them becoming major areas of concern.

• Opportunity for compliance to learn business operations; business

operations to learn compliance.

44

1/28/2014

23

FRAUD, WASTE, AND ABUSE – PREVENTION BY VALIDATION

� Self-reported compliance (Validation process)

• Perform desk review based upon risk level of obligations – a combination of

impact, likelihood, and historical non-compliance, most notably external

findings more so than internal findings of non-compliance.

• Face to face meetings with management personnel from business

operations.

• Policies and Procedures, Process documents, Internal

Controls/Governance, and Data Set/business metrics that prove

compliance.

� Benefits

• Increased transparency of business operations to compliance

• Request of data/business operations metrics – more robust compliance

indicators.

• Opportunities for compliance to learn business; business to learn

compliance – with increased knowledge comes greater understanding of

each other’s roles and mutual respect. 45

FRAUD, WASTE AND ABUSE – CULTURE CHANGE

� Approach to culture change: Walking the Talk

• Basis for change to be more collaborative, so don’t initiate behind a computer screen.

• Go out and meet business owners face to face to explain the process and new direction.

• Requested feedback, incorporated feedback into approach.

• Elicited overt support from Chief Compliance Officer.

• Run process through “friends” of compliance within the business units – or people you have already connected with. This will enable you to attain some “wins.”

• Give positive feedback to the business units and to the managers of those who exhibited behaviors that you want to reinforce.

46