What Keeps You Up at Night? Issues of Fraud and Abuse Compliance Series Proper Recordkeeping in a Heightened Enforcement Environment April 18, 2013 39 Offices in 19 Countries
Introductions Thomas E. Zeno Of Counsel Cincinnati, OH Emily E. Root Senior Associate Columbus, OH India K. Brim Associate Washington, DC Andrew G. Jack Associate Columbus, OH 2
Overview • Case Studies • Importance of Recordkeeping Policies • Types of Records • Format of Records • Legal Requirements for Recordkeeping • Components of an Effective Recordkeeping Policy • Collection and Destruction of Records • Security Issues • Common Pitfalls and Challenges 3
Case Studies 4 39 Offices in 19 Countries
Case Studies Synthes, Inc. • Manufactures devices like hip screws for spine/soft-tissue injury • Acquired by Johnson & Johnson in 2012 for $19.7 billion The FDA Warning Letter • Issued February 16, 2012 • Investigation Period: June-September 2011 • Problems: Failure to establish and maintain procedures for receiving, reviewing, and evaluating complaints Failure to maintain a record of the investigation of a complaint Failure to notify FDA within 30 days after receiving a report or otherwise becoming aware of a malfunctioning device 5
Case Studies Broward Health • Provides services in health system with more than 30 facilities The Office of Inspector General Subpoena • In 2011, OIG demanded records concerning contracts, negotiations, and agreements with 27 doctors • Kind of documents sought included: Tax returns Financial data Information regarding compensation, patient referrals, and hospital admissions since January 2000 • Required Broward Health to prove steps taken, like employee training, to ensure that anti-kickback laws were not violated 6
Case Studies CVS Pharmacy, Inc. • America’s leading retail pharmacy with more than 7,300 locations The Civil Settlement • On April 3, 2013, the U.S. Attorney’s Office in Oklahoma and the DEA announced a settlement with CVS for $11 million to resolve allegations of deficient record-keeping in regard to prescriptions for controlled substances • Allegations / Deficiencies Pharmacies filling prescriptions for physicians whose DEA number had expired Prescriptions filled using a valid DEA number, but the number belonged to a physician different than the prescriber 7
Importance of Recordkeeping Policies 8 39 Offices in 19 Countries
Importance of Recordkeeping Policies Be Prepared • Know what is available • Know who has it • Know who is responsible for maintaining it • Retain useful information about the document 9
Importance of Recordkeeping Policies Contain Expenses • Paper Facility space Storage costs • Electronic Storage costs Computer equipment costs Backup tapes/disks 10
Importance of Recordkeeping Policies Costs of Missing Evidence • Civil discovery sanctions Monetary sanctions Paying the other sides’ legal fees Adverse presumptions Adverse judgment • Incurring government’s disfavor What you can’t produce quickly, does not exist Loss of credibility Undermines position on the merits Adverse decision 11
Importance of Recordkeeping Policies Best Practices • Policy should be pre-defined • Policy should be standardized, with differences based on operational need • Different retention periods should be defined based on the function of the document • Explain in writing the bases for the document retention policy • Audit for compliance • Regularly review/update the policy 12
Types of Records 13 39 Offices in 19 Countries
Types of Records Patient-Related Corporate Information Legal Files Documents Records Services Financial Education and HR Records Records Training 14
Types of Records Patient-Related Documents: • Medical records • HIPAA notice of privacy practices; privacy and security policies and procedures; accounting of disclosures • Authorizations for use and disclosure of PHI • Patient requests for restrictions on use and disclosure • Patient requests for alternative means of communication • Patient requests for access and amendments to PHI • Medicaid and Medicare claim support documentation General Corporate Records: • Articles of Incorporation and organizational chart • Code of Regulations • Minute Books 15
Types of Records Legal Files: • Litigation files • Legal memoranda and opinions • IP registrations and records • Licensure • Accreditation • Business associate agreements • Compliance audit reports Information Services: • Email 16
Types of Records Financial Records: • Tax returns • 1099 Forms • Accounts payable records • Purchase orders, bills, invoices HR Records: • Employee personnel files • Employee medical files • Employee investigation files • Contracts for independent contractors • Citizenship and immigration records • Payroll records • Employee benefit plan documentation 17 • Summaries of occupational injuries and illnesses
Types of Records Education and Training: • Employee training records Agenda Handouts Sign-in sheets • Continuing Education program records Agenda Handout Sign-in sheets Evaluations Completion certificates 18
Format of Records 19 39 Offices in 19 Countries
Format of Records Paper Records Electronic Records • Easily accessible and transferable • Does not involve the use Pros of sophisticated • Take up less space technology • Legible and easy to read • Must keep up with • Filing errors changing technology • Limited accessibility (if Cons • Must ensure that off-site storage) disaster recovery system is constantly • Limited storage space tested/updated 20
Legal Requirements for Recordkeeping 21 39 Offices in 19 Countries
Legal Requirements OSHA CMS HIPAA ERISA FMLA 22
Medicare Conditions of Participation Hospital must have a medical record service that has administrative responsibility for medical records. - 42 C.F.R. § 482.24 - • Record maintained for every individual evaluated or treated • Accurate, promptly completed, properly filed and retained, and accessible • Personnel sufficient to keep the records as required • Containing information to justify admission and continue hospitalization, support the diagnosis, describe patient’s progress and response to medications and services 23
The Stark Law Exception to the referral prohibition related to compensation arrangements — the “personal services arrangements exception” - 42 C.F.R. § 411.357(d) - • Among other things, arrangement must cover all services furnished by physician (or family member) to the entity • Sufficient if all agreements between the entity and the physician (or family member) cross-referenced in master list of contracts • Master list: Maintained and updated centrally; Available for review by Health and Human Services upon request; and Maintained in a manner that preserves historical record of contracts 24
HIPAA Covered Entities must: Have appropriate administrative, technical, and physical safeguards to protect the privacy of Protected Health Information (PHI) Provide a process for individuals to make complaints regarding its policies and procedures Document all complaints received and their dispositions Document training provided to workforce on the policies and procedures with respect to PHI Provide individuals right of access to inspect and obtain a copy of PHI (limited exceptions) 25
The Physician Payments Sunshine Act • CMS issued Final Rule on February 1, 2013 • Manufacturers of drugs, devices, biologicals, or medical supplies covered under Medicare, Medicaid or CHIP Report annually to CMS Certain payment or other transfers of value made to physicians and teaching hospitals • Report must include: Name of the covered recipient Primary business address of the covered recipient Amount of the payment or other transfer of value Date of each payment or other transfer of value Form of each payment or other transfer of value Nature of each payment or other transfer of value If desired, a statement with additional context for the payment 26
State Laws Ohio Revised Code § 4731.228 [effective March 22, 2013] • “Health care entities” must notify each patient treated within two years preceding the date of a physician’s termination Statement that physician is no longer practicing as an employee Physician’s name and contact information Date of termination Contact information for alternative physicians Contact information regarding patient’s medical records • Entities must establish processes to: Track patient contact information Know which patients are seen by which physicians 27
Components of an Effective Recordkeeping Policy 28 39 Offices in 19 Countries
Recommend
More recommend
