There are several priorities for a healthcare compliance officer and their Compliance Committee. These include updating compliance policies, supervising compliance program education and training, and reporting compliance concerns to the Board, just to name a few. But none are more important than conducting internal investigations when reports or findings from a source indicate possible compliance issues. So today we will explore the issues involved in an effective compliance investigation process.
In this Article …
When is a Healthcare Compliance Investigation Indicated?
We would argue that there should be a low threshold for initiating compliance investigations. Compliance professionals should rely on a wide variety of sources for information on compliance concerns. Hotlines for employees reporting compliance concerns can be valuable sources of information. Results from auditing and monitoring activities may also indicate issues that require attention.
Even patient or visitor complaints or comments can suggest the need to commence compliance investigations. And of course, notice from an attorney representing a whistleblower is a big red flag that an investigation is needed!
The compliance officer should establish a log or other similar record-keeping system as part of the routine documentation maintained by the Compliance Department. It may turn out that many issues identified by employees or others do not indicate potential compliance violations. But for those issues that do require compliance investigations, having this documentation can be valuable when something serious comes along. A log of routine compliance investigations should include:
- The date reported
- Source of report (Hotline, email, etc.)
- Issues involved, including the name of the reporter, if available/date of occurrence, etc.
- Findings/Actions/Results (e.g., corrective action plan, expanded investigation, referral to other committees, etc.)
- Status (Open/Closed)
- Category (e.g., billing, medical record documentation, other risk areas defined in the compliance program.)
This level of tracking documentation is sufficient for recording the receipt of information on potential compliance concerns. When internal investigations become more extensive or involve more than just employee mistakes, the investigation plan will be much more detailed. The investigative process will also become more thorough.
When Should Reported Issues be Referred Out Within the Organization?
There can be confusion about the scope of organizational activities subject to the jurisdiction of the Compliance Committee. Issues involving the quality of patient care or human resource issues may be reported on the compliance hotline or otherwise to the Compliance Department. After all, there is a requirement to “comply” with clinical policies and human resource practices, too. The Compliance Committee can address this issue by carefully defining the compliance risks it needs to address.
The policy should cover the scope of the compliance program, including the responsibility to conduct investigations. It should include the duties of the compliance officer and the role of the Compliance Committee. Additionally, it should address the compliance risks relevant to the organization.
The compliance log may still record such issues. However, they should be referred to the appropriate body in the organization, such as a Quality Committee or a Safety Committee.
Compliance Investigations Not Involving Legal Counsel and/or Misconduct
Fortunately, most compliance investigations reveal there was no violation of laws or regulations or even of organizational policies. A small percentage may involve mistakes made in billing government programs. In this type of compliance issue, it is important to promptly investigate the source of the mistakes. This ensures they do not represent an actual intent to defraud a government or private payer.
Everyone conducting an internal investigation must keep an important fact in mind. Government payers expect to be repaid within 60 days after the scope of amounts billed in error is established. There is no published time frame in federal law for completing such an investigation. However, some healthcare legal counsel advise that the federal government would expect a healthcare organization to complete an investigation to establish the amount of repayment within six months of becoming aware of the issue.
Other examples of issues that must be investigated but may not involve misconduct include Stark Law violations. Such violations include overpayments to physicians for professional or administrative services. Of course, this presumes the over-payment will be recouped at some point. Occasionally, a licensed employee may allow their license to expire. This requires investigating the services provided to patients with federal healthcare program coverage. The goal is to see if refunds must be made. Medication diversion issues may also result in incorrect claims if a patient was billed for medication not actually administered.
It can be very useful to have an attorney representing the organization on the Compliance Committee. This provides attorney-client privilege for legal advice on all compliance reports and investigations.
Compliance Investigations Involving Suspected Misconduct
At some point during internal investigations, a compliance officer may realize there is potential misconduct. Based on the relevant facts uncovered, this could lead to legal liability for false claims or Anti-kickback violations. If there is a general rule about compliance programs, it’s that investigations uncovering misconduct should include legal counsel. That may be internal legal counsel, or outside counsel with more experience in conducting investigations where witnesses may be required.
As mentioned previously, the investigative plan under these circumstances will be much more detailed. Your policy on compliance investigations should include these additional considerations when you conduct internal investigations:
- Who may be involved in the activities or have information about certain circumstances that took place during the activities under investigation? Have these individuals been interviewed as part of the preliminary investigation? Do they need to be interviewed again? Do you have a list of open-ended questions to ask?
- Were documents generated during the original investigation? What further document evidence should be gathered? Do investigators need to identify to staff the need for securing certain types of critical documents, including emails or other forms of communication?
- What are the roles and responsibilities of the Compliance Committee, in-house Counsel, and/or outside counsel in the investigative process and addressing the allegations? Is there likely to be privileged information, e.g., the identity of a whistleblower, that must be protected during the investigation?
- Are there any staff members who should be placed on leave during the investigation? How will the confidentiality of communication be maintained during the investigation?
- Has the organization received notices from outside parties, such as subpoenas or search warrants? Is an outside entity requesting or even seizing a critical document or documents?
- It will be important to keep a detailed diary of all activities during this type of investigation. This allows you to recreate a timeline of discoveries and discussions as the investigation proceeds. Legal counsel can also advise on issues such as protection for whistleblowers or persons implicated in wrongdoing.
Eventually, all the information gathered must be reviewed and summarized into a narrative of the nature of the activities, the process of dealing with the activities, and the final findings. At the end, it is important to advise the governing body of the outcome of the investigation. You should make recommendations for repayment or determine other remedies for the misconduct the investigator was able to prove. And finally, it is important to disclose misconduct that resulted in over-payments from Federal government programs via the Inspector General Self Disclosure Reporting Protocol.
Investigations of misconduct involving compliance risks do not come up very often. But when they do, take a breath, review your policy, and remember to document everything that comes up during the process!