The Auditor's Responsibilities To Detect Fraud: Recently Issued
Fraud, Waste, and Abuse Panel - HCCA Official Site€¦ · Fraud Awareness Training External Fraud...
Transcript of Fraud, Waste, and Abuse Panel - HCCA Official Site€¦ · Fraud Awareness Training External Fraud...
1/28/2014
1
Fraud, Waste, and Abuse Panel
February 9, 2014
HCCA Managed Care Compliance Conference
Today’s Panel Discussion
Summary of FWA requirements as part of an
effective compliance programJose Tabuena
Current trends and applicable takeaways in today’s
FWA environmentAdam Rattner
Applying culture change principles and a
proactive approach to FWA prevention through
Medicaid contract compliance
Jack Bevilacqua
1/28/2014
2
Summary of FWA Requirements as
part of a Compliance Program
Jose Tabuena, Concentra | Humana Inc.
Know Your History
Office of Inspector General, US Department of Health and Human Services
• Compliance Guidance– Compliance Program Guidance for Medicare+Choice Organizations (1999)
– Link: http://oig.hhs.gov/fraud/docs/complianceguidance/111599.pdf
Centers for Medicare and Medicaid Services – Medicare Prescription Drug, Improvement, and Modernization Act (2003)
o Guidance for Part D (Chapter 9) included the FWA component as part of a plan sponsors overall compliance plan | program requirements (2006)
o FWA program could be separate and in addition to compliance program, or integrated
– Medicare Managed Care Manual (Chapter 21, Pub. 100-16) and Prescription
Drug Benefit Manual (Chapter 9, Pub. 100-18): These guidelines are identical and allow organizations offering both Medicare Advantage (MA) and
Prescription Drug Plans (PDP) to reference one document for guidance(Revised 01-11-2013)
– Link: http://www.cms.gov/Regulations-and-
Guidance/Guidance/Manuals/Downloads/mc86c21.pdf
1/28/2014
3
Chapter 21 and 9 Compliance Program Guidelines
Section in Guidelines Element of an Effective Compliance Program
50.1 Written Policies, Procedures, and Standards of Conduct
50.2 Compliance Officer, Compliance Committee, and High Level Oversight
50.3 Effective Training and Education (50.3.2 – FWA Training)
50.4 Effective Lines of Communication
50.5 Well Publicized Disciplinary Guidelines
50.6
Effective System for Routine Monitoring, Auditing and Identification of
Compliance Risks (50.6.9 – Use of Data Analysis for FWA Prevention
and Detection; 50.6.10 – Special Investigation Units (SIUs)
50.7
Procedures and System for Prompt Response to Compliance Issues
(50.7.3 – Procedures for Self-Reporting Potential FWA and Significant
Non-Compliance; 50.7.6 – Responding to CMS-Issued Fraud Alerts)
Each sponsor must implement an effective compliance program that
meets the regulatory requirements set forth in Chapter 42, Parts 422 and
423 of the Code of Federal Regulations.
Definitions – In the Compliance Program Guidelines
• Fraud– “Is knowingly and willfully executing or attempting to execute, a scheme or
artifice to defraud any health care benefit program or to obtain (by means of
false or fraudulent pretenses, representations, or promises) any of the
money or property owned by, or under the custody or control of, any health
care benefit program. 18 U.S.C. § 1347.”
– Fraud is a deliberate misrepresentation or deception intended to result in
financial gain. It is a criminal act.
• Abuse– “Includes actions that may, directly or indirectly, result in: unnecessary costs
to the Medicare Program, improper payment, payment for services that fail to
meet professionally recognized standards of care, or services that are
medically unnecessary. Abuse involves payment for items or services where
there is no legal entitlement to that payment and the provider has not
knowingly and/or intentionally misrepresented facts to obtain payment.”
– Abuse includes actions similar to fraud but not proven to be criminal.
FWA means fraud, waste and abuse.
1/28/2014
4
FWA Definitions, continued
• Fraud versus Abuse
– “Abuse cannot be differentiated categorically from fraud, because the
distinction between ‘fraud’ and ‘abuse’ depends on specific facts and
circumstances, intent and prior knowledge, and available evidence, among
other factors.”
• Waste
– “Is the overutilization of services, or other practices that, directly or indirectly,
result in unnecessary costs to the Medicare program. Waste is generally not
considered to be caused by criminally negligent actions but rather the
misuse of resources.”
FWA means fraud, waste and abuse.
Chapter 21 and 9 Guidelines – Evolving Thoughts
• “It is worth noting that for many Sponsors, traditional fraud, waste, and
abuse programs have been aimed at the conduct of third parties…”
• “. . . whereas their compliance programs typically encompass the
organization’s efforts to monitor itself and its subcontractors with respect
to contract regulations and compliance with applicable laws and
regulations.”
• “CMS believes that, under this requirement, Sponsors must have
policies in place to identify and address fraud, waste and abuse at both
the Sponsor and third-party levels . . .”
“Specifically, the chapter provides recommendations and requirements
for Sponsors to implement a program to control fraud, waste, and abuse
as part of an effective Part D compliance program.”
1/28/2014
5
Two Perspectives
• Compliance – Risk of Non-compliance and Misconduct (including fraud)
by the organization.
– For most compliance program activities, the audience is primarily internal
and draws more on education and protecting the organization from legal
actions brought by others.
• Fraud Control – Risk of External Fraud against the Organization
– For most antifraud activities, the target audience is primarily external and
draws heavily from data mining, investigations, law enforcement, and legal
actions initiated by the organization.
Compliance and Fraud control programs should not be looked at in a “silo”
Ethics and Compliance
Program
Antifraud Program &
ControlsCode of Conduct
Whistleblower Helpline
Hiring and Promotion Standards
Oversight – BOD & AC
Incentives & Discipline
Evaluate Effectiveness
Policies
Training & Education
Investigations
Enterprise Risk Assessments
Auditing and Monitoring
Technology & Metrics
Compliance Policies
and Procedures
Compliance & Ethics
Training
Internal Misconduct
Compliance
Risk Assessment
To Detect
Non-compliance
Regulatory
Requirements
Antifraud Policies
and Procedures
Fraud Awareness Training
External Fraud
Fraud Risk Assessment
To Detect Criminal Conduct
Fraud Detection
Data Analysis
Compliance and FWA leverage many of the same principles
1/28/2014
6
Compliance and Antifraud Programs leverage many of the same technologies
For many companies, technology to support the Compliance and Antifraud
Programs can be implemented primarily using software solutions with
existing footprints in their application architectures
Antifraud
Program Activity Functionality
Control
Environment
Whistleblower/compliance hotline; employee training and tracking; supporting and documenting
background checks; data analytics; electronic data recovery and preservation.
Risk Assessment
Identifying and documenting compliance and fraud risks and the related controls; identifying and
documenting related policies, procedures and system protocols; template test plans for relevant
controls, issue documentation and tracking; documenting results of control testing; reporting.
Control ActivitiesSystem and process related security and controls; manage user access and segregation of
duties; automated monitoring tools.
Information and
Communication
E-Learning system to managing content and provide online training; documentation on who has
completed training and when.
Monitor
Monitoring changes in the parameters in control configuration tables; monitoring who has
accessed transactions, financial system modules, and content; analyzing transactions for
anomalies; journal entry testing; monitoring manual processes;.
Compliance versus FWA Risk
• Do fraud specialists | SIU and internal auditors have a common interest
with compliance and ethics professionals?
• Could compliance officers enhance compliance by working more closely
with their organization’s antifraud professionals?
• Is there an effective way to integrate the required infrastructures?
Compliance and Fraud control programs should not be looked at in a “silo”
1/28/2014
7
A look at Antifraud Program Controls
1. Reactive strategies, proactive scanning, and prevention within
functional scopes of responsibilities
2. Utilizing a range of tools and methods, including investigations,
inspections, audit, data mining, and policy and systems development
3. Creative use of data-analysis and pattern recognition systems; a
serious appetite for integrating data from disparate sources to provide
the opportunity to conduct more sophisticated analyses and searches
4. Covering a a considerable range of risks and developing over time the
program’s own sense of the relevant risk-profile
The fraud control strategy includes 4 key paradigms
The Fraud Risk Assessment
• Considers the ways that fraud and misconduct can occur
• Is systematic and recurring
• Considers possible internal and external fraud schemes and scenarios
• Assesses risk at entity-wide, significant business unit and significant
account levels
• Evaluates likelihood, significance and pervasiveness of each risk
• Is performed with the involvement of appropriate personnel
• Considers management override
• Is dynamic and should be updated when new or unique circumstances
arise (e.g., changed operating and regulatory environments) at least
annually
A fraud risk assessment is crucial part of an entity’s broader risk
assessment process
1/28/2014
8
Where money flows, fraud is likely to follow
Identify Possible Fraud Schemes
• A scheme is the mechanism, scenario, or sequence of actions by which;
– The financial statements may be improperly manipulated or misstated;
– Assets may be misappropriated;
– Improper or unauthorized expenditures may be made;
– Self-dealings may occur; and
– Laws and regulations may be violated.
• One or more related fraud schemes may exist for each fraud risk,
consider the following;
– Past fraud within the organization, actual and alleged
– The industry in which the organization operates
– The geographies in which the organization operates
Determine specific fraud schemes without consideration of existing
controls
1/28/2014
9
Compliance and FWA Risk
• Enrollment Accuracy – LIS, Duals, late penalty, effective dates
• Billing Accuracy – Premiums (direct & SSA), refunds, cost sharing
• Bids and Reconciliation – cost allocations, assumptions
• Formulary Development/Management and Beneficiary Notifications
• COB Data Collection
• TrOOP Accumulation
• Cherry picking of healthy patients
• Inflation of expenses
• Data that misrepresents the medical condition of patients and treatments
received; manipulating Risk Adjustment payment system
• Rebates and Arrangements with pharmacies and manufacturers
Examples of Areas of Exposure for Plan Sponsors
Implementing Relevant Internal Controls
• The value proposition of this approach is to provide plans with a
real-time, Sarbanes-Oxley like control design, testing and remediation.
– Automated and independent of a Mock Audit and other internal monitoring
and auditing procedures.
• Multi-phased approach for developing and implementing internal
controls for MA plans, MA-PDs and PDPs.
– Based on code elements defined in the respective manuals, and regulatory
and compliance guidelines.
• The objective is to develop and implement a robust set of controls
that prevent compliance compromising situations from occurring in
the first place, or detect them on a real time basis.
Plans should begin to think about how to move their Compliance/FWA
programs from “reactionary” to “proactive”
1/28/2014
10
What are Internal Controls?
In accounting and auditing, internal control is defined as a process
affected by an organization's structure, work and authority flows, people
and management information systems, designed to help the organization
accomplish specific goals or objectives.
• Risks: Uncertain events that could adversely impact compliance with
the MA and PDP Requirements.
• Control Objectives: Management's goals which, if achieved, reduce
the identified risks to an acceptable level.
• Control Activities: Processes or sub-processes that provide
reasonable assurance regarding the reliability and integrity of the
control objective.
Fraud and Internal Control
Internal control plays an important role in the prevention and detection of
fraud.
• Under Sarbanes-Oxley, companies are required to perform a fraud risk
assessment and assess related controls. This involves identifying
scenarios in which theft or loss could occur and determining if existing
control procedures effectively manage the risk to an acceptable level.
• The risk that senior management might override important financial
controls to manipulate financial reporting is a key area of focus in a
fraud risk assessment.
• The AICPA, IIA, and ACFE sponsored a guide that includes a
framework for helping organizations manage their fraud risk.
– Managing the Business Risk of Fraud: A Practical Guide (2008)
– http://www.aicpa.org/Press/PressReleases/2008/DownloadableDocuments/
Managing_the_Business_Risk_of_Fraud.pdf
1/28/2014
11
Types of Control Activities
• Preventive control activities:
– Designed to avert problems rather than identify them
– Examples include cost report model, access restrictions, etc.
• Detective control activities:
– Meant to identify errors or irregularities after the fact
– Examples include reviews, reconciliations, and analyses
A good internal control structure includes an appropriate blend of preventive and detective controls.
Types of Control Activities (continued)
• Manual control activities:
– Carried out by people
– Examples include management approvals, review of reports, reconciliations
performed by hand, etc.
• Automated control activities:
– Are configured or programmed into systems and are executed by a system
automatically
– Examples include access restrictions, edit and validation checks, etc.
Automated control activities are more consistent than manual control
activities, however they are reliable only if the related general computer controls are effective (e.g., security).
1/28/2014
12
What are control activities?
Know Available Resources
Office of Inspector General, US Department of Health and Human Services
• Managed Care Web Page: – Home>Fraud>Enforcement>CMP>Managed Care
– https://oig.hhs.gov/fraud/enforcement/cmp/managed_care.asp
• Office of Evaluation and Inspections Reports– Home>Reports & Publications>Office of Evaluations and Inspections>Reports
– Medicare Advantage Organizations’ Identification of Potential Fraud and
Abuse (02-24-2012)
– Link: https://oig.hhs.gov/oei/reports/oei-03-10-00310.asp
• Special Fraud Alerts
– Home>Compliance>Special Fraud Alerts
– Link: https://oig.hhs.gov/compliance/alerts/index.asp
• Corporate Integrity Agreements (and corresponding press coverage)
– Home>Compliance>Corporate Integrity Agreements
– Link: https://oig.hhs.gov/compliance/corporate-integrity-agreements/index.asp
1/28/2014
13
The Current State and
Recent Trends in FWABY: Adam Rattner, Esq.
The views herein are solely of the
presenter and do not represent
those of any company or person
other than the presenter.
25
• The US Department of health and Human
Services – Office of the Inspector General
(“HHS-OIG”) conservatively estimates that
$100 billion is lost to healthcare fraud each
year ($273 million per day).
The Current Estimated Cost to the System of FWA
26
1/28/2014
14
FWA DETECTION, PREVETION AND PROSECUTION IS CURRENTLY ON THE RISE:
• Government agencies have formed partnerships to fight fraud and abuse, as well as to protect taxpayer funds, and maintain health care costs and quality of care.
• The Center For Medicaid and Medicare (CMS) which administers the Medicare and Medicaid programs partners with the following entities to prevent and detect fraud and abuse:
• Program Safeguard Contractors (P-S-Cs)/Zone Program Integrity Contractors (Z-PICs),
• Medicare Drug Integrity Contractors (MEDICs),
• State and Federal law enforcement agencies,
• Medicare beneficiaries and caregivers,
• Senior Medicare Patrol (S-M-P) program,
• Physicians, suppliers, and other providers,
• Medicare Carriers, Fiscal Intermediaries (F-Is), and Medicare Administrative Contractors (MACs) who pay claims and enroll providers and suppliers;
• Recovery Audit Program Recovery Auditors; and
• Comprehensive Error Rate Testing (CERT) Contractors.
27
The Battle Royale: The current fight
against FWA• The Center for Program Integrity (CPI), within CMS, promotes the integrity of
Medicare by:
• • conducting audits and policy reviews;
• • identifying and monitoring program vulnerabilities; and
• • providing assistance to states.
• The OIG primarily audits, investigations, inspections, and other functions. The Inspector General may prohibit individuals and entities who have engaged in fraud or abuse from participating in Medicare, Medicaid, and other Federal health care programs. The Inspector General may also impose CMPs for certain misconduct related to Federal health care programs.
• The Department of Justice and HHS established Health Care Fraud Prevention and Enforcement Action Team (HEAT) to strengthen existing programs to combat Medicare fraud while investing in new resources and technology to prevent fraud and abuse.
• Excluded Parties List System (E-P-L-S). This list includes information on entities debarred, suspended, or proposed for debarment. The list also includes those entities that have been excluded, or disqualified from receiving Federal contracts, certain subcontracts, and certain types of Federal assistance and benefits.
28
1/28/2014
15
Current Recommended guidelines to
Prevent FWA
• Monthly checks for excluded individuals among employees and first tier, downstream, and related entities
• Processes to identify, deny, prevent payment of claims from excluded providers at point of sale
• Requires disclosure by employees and first tier, downstream or related entities of new exclusions
• Establish SIU unit or perform SIU functions through compliance
• Many state and Federal Contracts make the detection and prevention of FWA (through SIU, Exclusion checks, and others) a mandatory contractual requirement.
29
False Claims Act Bolstered by PPACA
Civil False Claims Act
• Prohibits knowingly presenting a false claim or knowingly making a
false record or statement material to a false claim
• “Knowingly” includes acting in reckless disregard or deliberate ignorance of the truth or falsity of the information
• Penalties include treble damages and civil penalties
• Qui tam provisions allow individuals (e.g., employees, contractors,
providers) to sue and share in ultimate recovery
• Overpayment Amendments (FERA & PPACA)
FERA expanded FCA liability by including knowing retention of overpayments (same definition of “knowledge” as above)
PPACA requires that overpayments be reported and repaid within 60 days after identification
30
1/28/2014
16
Civil and Administrative Enforcement
• The OIG reported that it obtained expected recoveries of $3.8 billion (including both audit receivables and investigative receivables) in the first half of FY 2013.
• During the same time period, over 1,500 individuals were excluded from participation in the federal health care programs and 240 civil actions were undertaken by OIG, including false claims and unjust enrichment cases, civil monetary penalties settlement and administrative recoveries related to provider self-disclosure matters.
31
FWA Civil and Administrative
Enforcements 2013FCA violations in 2013
• $350 million settlement with generic drug manufacturer Ranbaxy Laboratories Limited for False Claims Act violations related to the manufacture and distribution of adulterated drugs at its facilities in India. The government intervened in the whistleblower suit alleging that the strength, purity or quality of several drugs manufactured at two facilities differed from the drug’s specifications or that the drugs were not manufactured according to the FDA-approved formulation.
• Kan-Di-Ki, doing business as Diagnostic Laboratories and Radiology, agreed to pay $17.5 million to resolve allegations it submitted false claims to Medicare and Medi-Cal by engaging in an illegal kickback scheme known as a “swapping arrangement” by charging skilled nursing facilities below-cost rates for Medicare Part A business, in exchange for the facilities’ provision of Medicare Part B and Medi-Cal business.
• Omnicare announced an expected $120 million settlement with the DOJ for a swapping arrangement involving discounts for Part A drugs provided to nursing homes in exchange for the nursing homes’ Part D referrals.
Stark Law violations in 2013.
• United States ex rel. Baklid-Kunz v. Halifax Hospital Medical Center, et al.,- a hospital violated the Stark Law by paying oncology physicians illegal productivity bonuses.
• U.S. ex rel. Drakeford v. Tuomey Healthcare System Inc. -$237 million in damages and fines in a whistleblower case after a jury determined that Tuomey had violated the Stark Law because the compensation paid to several specialty physicians under part-time employment agreements varied with or took into account the volume or value of referrals to the hospital.
32
1/28/2014
17
FWA Criminal Prosecutions 2013
• Nov. 2013, DOJ announced a significant settlement with Johnson & Johnson
2.2 billion will be paid for criminal and civil liability arising from allegations of off-label marketing and AKS allegations. The criminal fines and forfeiture alone totaled $485 million.
American Therapeutic Corporation and the American Sleep Institute submitted false and fraudulent claims to Medicare for services that were medically unnecessary, were not eligible for Medicare reimbursement or were never provided.
-24 individuals charged and 15 convictions for a combined 183 years in prison to date.
-The 15 defendants also were ordered to pay $87 million in restitution and $37,000 in fines.
33
FWA development-HHS declares QHP’s
not within Scope of AKS
It is anticipated that enforcement will remain active in 2014, however, industry opinion suggests the recent legal interpretation by the Obama administration related to QHPs could weaken government efforts.
– At issue is whether QHPs available on the health insurance exchanges, to become effective on Jan. 1, 2014, are considered “federal health care programs” and thus subject to the AKS, which prohibits the offer, payment, solicitation or receipt of remuneration intended to influence the referral of services to be paid for by a federal health care program.
• The government still has broad authority to pursue fraud and abuse involving QHPs under program integrity rules, civil money penalties, the False Claims Act and a variety of federal criminal laws.
QHP’s are still a “ Health Care Benefit”, and thus subject to Federal Criminal Law and prosecution for violation of federal criminal healthcare laws.
34
1/28/2014
18
The rising shift to Managed Care
• More and More, States have attempted to contain costs of
Medicaid programs by shifting Medicaid payments for health
care services for recipients from fee for service based cost
reimbursement to capitated rates paid to managed care
plans
• FWA May include both fraud by the MCO and fraud against
the MCO by providers
35
Managed Care Plan Fraud
• Contract procurement fraud (provider credentials, financial
solvency, inadequate network, bid-rigging)
• Marketing and enrollment fraud (slamming, enrolling
ineligible or non-existent recipients, cherry-picking, kickbacks,
lemon-dropping)
• Underutilization (delays, denials, unreasonable prior auth
requirements, gag orders to providers)
• Claims submission and billing fraud (misrepresent MLR, dual
eligible scams, cost-shifting to carve-outs, misrepresent kick-
eligible services or incentivized services, encounter data
fraud)36
1/28/2014
19
Recent findings/trends in FWA
Hospital Post acute Discharges and Transfers. Medicare overpaid millions to hospitals for claims subject to the post acute care transfer policy reduced rate.
Hospital Claims for Mechanical Ventilation. Medicare overpaid millions to hospitals that used the incorrect procedure code for mechanical ventilation.
Hospital Claims for Canceled Elective Surgeries. Medicare overpaid millions to hospitals for canceled elective surgeries.
Hospital Inpatient and Outpatient Claims in Risk Areas. Hospitals that appear to be at risk of submitting significant noncompliant claims to Medicare are subject to OIG review; risk areas are identified through data mining and analysis.
Outpatient Therapy Services—An outpatient therapy supplier improperly billed most of its claims to Medicare; the supplier did not have a thorough understanding of Medicare’s requirements and did not have adequate policies and procedures in place to ensure correct billing.
37
Recent findings/trends in FWA
Hospitals—Early Discharges to Hospice Care. Medicare pays hospitals more for early discharges to hospice care than it pays for early discharges to certain other care settings;
Critical Access Hospitals (CAHs). Medicare and its beneficiaries pay more for care in CAH-certified hospitals, but most CAHs would not meet the location requirements if required to re-enroll in Medicare.
Laboratory Tests. Medicare paid more for lab tests than did the State Medicaid programs and Federal Employee Health Benefit (FEHB) plans that the OIG reviewed; better aligning payments with Medicaid and FEHB could yield substantial savings.
Medical Equipment/Supplies—Continuous Positive Airway Pressure (CPAP) Therapy. Medicare’s replacement schedule for CPAP supplies has remained largely the same for the past 20 years and may not align with current payers and professional recommendations.
Part B Prescription Drugs. Medicare could recoup billions on Part B drug costs if pharmaceutical manufacturers were required to pay rebates as they do for Medicaid drugs.
Dialysis—Anemia Management Drugs. Utilization of anemia management drugs in dialysis treatments in 2011 was generally significantly less than the utilization reflected in the base rate calculation; adjustments could yield savings for Medicare.
Claims Processing—G Modifiers. Medicare contractors fail to consider billing codes that flag claims as being unallowable for payment; practice and procedure adjustments are needed.
38
1/28/2014
20
New FWA concerns:
MLR Requirements and FWA
MRI Scan Center, LLC v. Nat’l Imaging Assocs.,
Inc.
Filed early 2013.
• Alleges manipulation of Explanation of
Benefits and Remittance Advices to avoid
paying MLR rebates under ACA.
39
Final Thoughts on FWA
• Managed Care World- More and More moving towards the Prevent upfront rather than the pay and chase-this requires big data and information sharing- both of which are becoming huge in the fight against Fraud Waste and Abuse. Private-Public Partnerships are on the rise.
• Fraud, Waste and Abuse: much like the prevention and detection is ever evolving. The target moves often.
• The government is relying more and more on healthcare providers and payers to help with the detection and prevention of fraud, through regulations or contractual obligations.
40
1/28/2014
21
FWA PANEL: CULTURE CHANGE AND A
PROACTIVE APPROACH TO FWA PREVENTION
THROUGH MEDICAID CONTRACT COMPLIANCE
Jack Bevilacqua
Senior Compliance Oversight Specialist
WellCare Health Plans, Inc.
FRAUD, WASTE, AND ABUSE – GOALS OF OVERSIGHT
� Goals of Compliance Oversight Department as it relates to FWA:
• Proactive identification of areas particularly susceptible via risk
assessment
• Promotion of self-reported non-compliance by business units
• Culture change
• Increased transparency of business operations to compliance
• Frequent learning opportunities
• Consistent application of compliance via centralized approach
42
1/28/2014
22
FRAUD, WASTE, AND ABUSE – PREVENTION PROCESS
� Attestation Process
• Identification of obligations in contracts and regulations
• Identification of the people in business operations who are specifically
responsible for those obligations.
• Obtain accountability of the business units by asking them to attest to the
compliance or non-compliance of their obligations
� Benefit
• Documented accountability that results in management accountability in
processes and results.
43
FRAUD, WASTE, AND ABUSE – PREVENTION BY COLLABORATION
� Self-reported non-compliance (Collaboration process)
• Set face to face meeting with business owner that self reported non-
compliance to help them work through their issues of non-compliance.
� Benefits
• Branded as “collaboration” to assist in culture change; end goal would be
for operations personnel to proactively identify and come to compliance
unprovoked.
• Creation of metrics to show consistent areas of risk; mitigation of risk by
resolving issues prior to them becoming major areas of concern.
• Opportunity for compliance to learn business operations; business
operations to learn compliance.
44
1/28/2014
23
FRAUD, WASTE, AND ABUSE – PREVENTION BY VALIDATION
� Self-reported compliance (Validation process)
• Perform desk review based upon risk level of obligations – a combination of
impact, likelihood, and historical non-compliance, most notably external
findings more so than internal findings of non-compliance.
• Face to face meetings with management personnel from business
operations.
• Policies and Procedures, Process documents, Internal
Controls/Governance, and Data Set/business metrics that prove
compliance.
� Benefits
• Increased transparency of business operations to compliance
• Request of data/business operations metrics – more robust compliance
indicators.
• Opportunities for compliance to learn business; business to learn
compliance – with increased knowledge comes greater understanding of
each other’s roles and mutual respect. 45
FRAUD, WASTE AND ABUSE – CULTURE CHANGE
� Approach to culture change: Walking the Talk
• Basis for change to be more collaborative, so don’t initiate behind a computer screen.
• Go out and meet business owners face to face to explain the process and new direction.
• Requested feedback, incorporated feedback into approach.
• Elicited overt support from Chief Compliance Officer.
• Run process through “friends” of compliance within the business units – or people you have already connected with. This will enable you to attain some “wins.”
• Give positive feedback to the business units and to the managers of those who exhibited behaviors that you want to reinforce.
46