Author Archives: Camille Cohen

A Culture of Openness Pays Off

When I read the results of a recent survey on helpline calls completed by the two prominent compliance associations, the Society of Corporate Compliance and Ethics (SCCE) and the Health Care Compliance Association (HCCA), I started to think about the organizations I’ve worked for in the past. What made me comfortable telling the organization of a perceived situation requiring change? How was the report received?

As noted in the survey results, employees are mainly reporting through internal means. While a company may not know for years of a whistleblower lawsuit, the survey respondents did not indicate a significant rise in these reports made outside of the organization even with the increased attention being paid to whistleblowers and the incentives involved.

What can we do to create an environment where employees are willing to report to their organization? Continue reading

Listen so we don’t have to Drop, Cover, and Hold On

Each region of the country has emergency preparedness according to the area’s potential natural disasters. Living in Utah, we have to be prepared for a possible earthquake and there was the recent Drop, Cover and Hold On efforts to test our readiness. In the workplace, we also have to prepare for situations that may arise suddenly and unexpectedly. It’s the way we prepare in advance that will determine if we have to drop, cover, and hold on or are able to systematically handle the situation.

The tool at the heart of good management is to listen to those around you. Sometimes that means hearing what a customer is saying, picking up on the complaint of an employee, or learning about something new in the organization. We have to listen beyond what is being said, focusing on the nonverbal communication as well as how this issue could impact others. Years ago my manager told me to stop and listen to the people who you dread the most. You know the type, the person who is always complaining, who seems to drain you of all your energy. Continue reading

Employees as the Teachers: What an Organization Can Learn

As a compliance officer I have the opportunity to publish training on various compliance topics to our workforce. We just completed a required training and I think I learned as much about how the organization works as the workforce may have learned from the training.

From an employee’s perspective, completing a required compliance training course may be the last thing they want to do, yet from the organization’s standpoint, it’s one of the most important things for them to do. Protecting the privacy and security of patient data is of utmost concern for any compliance officer in health care. The Ponemon Institute just published its Fourth Annual Benchmark Study on Patient Privacy and Data Security which emphasized the role employees have in detecting data breaches, while at the same time noted that employee negligence is considered a worry by many of the respondents to their survey. Organizations in the Ponemon study reported that they rely upon policies and procedures to achieve compliance and secure data. What this tells us is that training employees on proper security methods, policies and our code of conduct, as well as guidelines for how to report an issue is paramount. Continue reading

Goals Gone Wild: Setting the Wrong Tone at the Top

When I recently read that a former hospital Chief Financial Officer (CFO) had been charged with health care fraud for falsely attesting to Meaningful Use, I could not believe the corners that he decided to cut. My first thought was that he had not been aware of the Centers for Medicare and Medicaid Services (CMS) track record for auditing to stop improper payments. In fact within a few months of his alleged fraud, CMS announced their pre-payment audits for the Medicare Electronic Health Records Incentive Program which would audit the meaningful use attestations. (See my April 2013 blog on CMS Follows the Money with New Audits.)

Then I wondered, “What must his Chief Executive Officer be thinking of such behavior?” Continue reading

Can EHR Convenience Features Lead to Fraud?

Well, it appears that the convenience features in Electronic Health Records (EHRs) can be perceived as a method to cheat the government. In a new report issued by the Office of Inspector General (OIG) on January 8, 2014, the function of copy-paste was highlighted as an area of concern. To conduct the study the OIG surveyed CMS administrative and program integrity contractors about their review methods related to EHRs and reviewed guidance provided by the contractors and CMS related to EHRs and possible vulnerabilities. The OIG found that little had changed in contractors’ practices since the shift to EHRs.

The OIG cited copy-paste functions and overdocumentation as two EHR practices that can be used to commit fraud. The issue with the copy-paste function was that it may be used without updating the information, leading to inaccuracies in the record and inflated payments. Continue reading

Searching for the OIG Work Plan

In November I was reviewing a report by the Office of Inspector General for the Department of Health and Human Services (OIG) and I started to wonder, where is the annual Work Plan? The one slated for 2014? Did the government shutdown have anything to do with the delay? I had not heard any buzz about it so I went looking and found that the OIG released a Strategic Plan in advance of the Work Plan. My curiosity was aroused: Why would they do this?

The OIG website described the delay as necessary to better align with priorities in a time of continuing fiscal challenges and the Work Plan is to be released in January 2014. Is the OIG worried about funding being cut for fraud and abuse activities? Continue reading

Can an organization’s culture help to shape decisions?

Recent events have reminded me that most of the time people want to do the right thing. Some examples include the bus driver in Buffalo, New York who stopped his bus and calmly encouraged a woman to come with him instead of jumping off a bridge. Although he was later rewarded, his actions were independent of any personal gain. Another event was the Connecticut Rabbi who had bought a desk from Craigslist, found $98,000 that had fallen behind the drawers and returned it to the former owner of the desk. He too was rewarded, although he accepted the reward reluctantly. His actions were based upon motives to do the right thing, not for a potential gain.

If people are willing to extend themselves to others in these ways, why not extend themselves to their organization where they spend the bulk of their time? This is a follow up to my blog on Why Unethical Behavior Goes Unchecked in which I discussed how studies have shown that employees are reluctant to report misconduct because they fear retaliation or expect no follow through on their concerns. How can organizations change to help employees decide to not only report misconduct, but offer recommendations for a better workplace? Continue reading

The Perfect is the Enemy of the Good – a Tale of Improving Accounting for Disclosures

This is a tale that begins in 2009 and has yet to have a successful ending. The government must have determined that with the adoption of EHRs the health care industry no longer needed an exemption for treatment, payment, and health care operations when providing the HIPAA required accounting for disclosures of patient information. In 2009 the HITECH Act introduced the new requirement that technologies as part of a qualified EHR are to provide an accounting for disclosures to include those for the purposes of treatment, payment and health care operations. HITECH listed two things to keep in mind in relation to this change, which are:

1. The interests of the patients and

2. The administrative burden for such an accounting. Continue reading

Striking the Right Balance with Oversight of Health IT

Strides seem to have been made towards a moderate approach to the oversight of Health IT. When I read recently that the Health Information Technology Policy Committee (HITPC) of the Office of the National Coordinator (ONC) approved the recommendations of its workgroup related to oversight of Health IT, I was intrigued. It seems that the Food and Drug Administration (FDA) has been increasingly interested in regulating Health IT. It is understandable that when software is directly linked to patient safety, regulation may be necessary to prevent unintended consequences. But where did that leave the rest of the software that managed administrative and other functions that providers rely upon? Does the non-patient care software require the same level of overhead and oversight as software that functions with a medical device? Continue reading

Making Bad News Work in Your Favor

Have you ever noticed that when a sensational news article emerges everyone is attuned to the topic? And the more negative the subject matter, the more people are interested? It happened this week as the Office of Civil Rights (OCR) announced that Affinity Health Plan is being fined over $1.2 million. This fine is part of the settlement for alleged HIPAA violations such as neglecting to remove all patient identifiable information from leased photocopiers before returning them to the leasing agent.

Although the issue arose out of actions that took place in 2010, some people seem to be noticing the issue for the first time due to the size of the fine. I wondered why that is, that negative news garners more attention than neutral or positive messages. Continue reading