Skip to main content

Healthcare Entrepreneurship Must-Have:
Putting Compliance Front & Center

Miranda Hooker

Here’s the heart of it, for those who are entering the healthcare market: you’re thinking about how to grow your business and your common sense of what you can usually do is not necessarily going to translate. And that’s a hard lesson for very smart, ambitious, driven entrepreneurs, and companies who have really fantastic and great products to offer. It’s often the case that compliance is not top of mind.

Intro:

Hello, and welcome to Integrity Through Compliance: AMI’s Business Success Series. This podcast was created by seasoned compliance experts at Affiliated Monitors to speak practically to your business needs. During this series you will hear from AMI’s experts who will provide their observations on industry trends, geared to raise your awareness and to protect your brand. So grab a cup of coffee and join us as we guide you and your business to integrity through compliance.

Jesse Caplan

Hello everyone. My name is Jesse Caplan, and I’m Managing Director of Corporate Oversight at Affiliated Monitors. I’m joined today by Miranda Hooker, a partner in the Boston office of Troutman Pepper. And I’m also joined by my colleague, Jim Anliot, who is Affiliated Monitors’ Director of Healthcare Compliance Services. In our last podcast episode, Jim, myself, and our colleague Dionne Lomax talked about the opportunities for entrepreneurs in the growing healthcare sector and some of the regulatory risks these opportunities pose today. We’re going to expand on that theme with Miranda Hooker, who represents venture capital firms and other companies, many of whom are relatively new to the rewards and the risks of participating in the healthcare sector. Miranda and Jim will be discussing the growing opportunities, the significant compliance risks, the available compliance guidance (and the limits to that guidance), and how to mitigate the potential for government investigations and enforcement actions. But first I’d like Miranda and Jim to introduce themselves. Miranda?

Miranda Hooker

Thanks, Jesse. It’s great to be here with you and Jim today, and I’m looking forward to our discussion. So a little bit of background on me: I’ve been working in the healthcare space as a white-collar attorney for the majority of my roughly 20-year legal career, to date. I’ve been on both the private side of things, defending companies in government investigations and other government-facing inquiries, representing companies in internal investigations, and individuals and employees in government investigations as well. I’m also formerly a federal healthcare fraud prosecutor. So for some period of time, I switched sides and was investigating and prosecuting companies and individuals in the healthcare space. I’m now, as you mentioned at Troutman Pepper, and represent a variety of different companies from pharmaceutical manufacturers, medical device manufacturers, payers, hospitals, providers, and laboratories in all types of government basing inquiries and internal investigations. And I also do a lot of advising and compliance matters for those clients.

Jesse Caplan

Well, welcome Miranda, nd thanks for joining. Jim, why don’t you introduce yourself?

Jim Anliot

Jesse, thank you. It’s been a pleasure to be with both you and Miranda today, and looking forward to this discussion myself. I’m the Director of Healthcare Compliance Services at Affiliated Monitors. I’ve been with the company since we started in January of 2004, and most of my responsibilities involve overseeing our monitoring of healthcare practices that get into trouble with regulatory agencies, and also helping healthcare practices develop internal compliance programs and evaluate the effectiveness of those programs. Prior to that, I had been counsel to a number of professional licensing boards here in Massachusetts for about 16 years. So I’ve had about 35 years now, working in the healthcare regulatory space.

Jesse Caplan

Great, thank you, Jim. So I’m going to start things off with Miranda. Miranda, you represent different types of healthcare companies. What are you seeing in terms of opportunities for expansion in healthcare, and what seems to be driving the expansion of these opportunities?

Miranda Hooker

So I think there’s always been great opportunities for growth, development, and innovation in the healthcare industry, and that certainly remains true today. And I think in many respects, there are different areas of opportunity today than we would have even predicted a year ago, as a result of the global pandemic. We’ve seen tremendous growth and tremendous opportunity, and I’m not even thinking about things like vaccine development (which is what’s been on everybody’s mind), or manufacturing of PPE (which was a huge issue nine months ago), or other medical supplies. But what we’ve learned in the last year is that there is huge opportunity for improvement in the enhancement of the infrastructure of our healthcare system, and that is not necessarily something that was on everyone’s radar a year ago. And while we’ve made incredible strides in the past decade at integration through the adoption of electronic health records, generally the national efforts at collecting COVID data over the past year have demonstrated for all that there’s tremendous room for improvement there. So I think that’s going to be a big area where people are going to be able to dedicate some resources and see dramatic improvements. We’ve also seen, in the past year, a rapid increase brought about by necessity in telehealth, and many people predict that that’s here to stay — I know Jim can speak at greater length on that — but with the widespread adoption of telehealth services come additional opportunities to improve upon those services. And I think we’ll also create a lot of opportunity for those in the healthcare industry to think about how to better operationalize the way in which healthcare is delivered to patients, and also to innovate around how patients receive and experience healthcare, which I think has been a focus of the past few years in any event. And this includes innovation around even basic things about how to communicate with patients and providers about their healthcare needs, how to view healthcare from a more holistic perspective than simply treating one specific condition, and then how to ensure that information about drugs, products, and tests that exist in the marketplace and that are coming to the marketplace, are known to all. Those are some of the big issues that I think everyone’s going to be looking at and thinking about in the years to come, in terms of what’s driving that expansion. I think the government is, in part, a player in driving that expansion, and the opportunities that are existing in healthcare right now. Because in some respects, it’s encouraging what I think will be a slow shift — but nonetheless a shift — away from the typical fee-for-service payment models that we’ve always operated under, in favor of alternative payment models that include value-based care, or models that allow for incentive payments based on patient outcomes. All of this comes down to the point that the government is sort of catching up to the innovation that’s already existed in the industry, and it’s creating a lot of opportunities for venture capitalists, private equity, and others to enter the healthcare market.

Jesse Caplan

It really sounds like this is a great opportunity — a market for opportunity — we’ll also talk about some of the risks involved. But Jim, let me ask you. You do a lot of work with licensed healthcare professionals. Are you also seeing greater flexibility and opportunities for physicians, for instance, and other direct care givers?

Jim Anliot

Absolutely. I mean, as Miranda has already mentioned, we’re seeing a great expansion of telehealth services, and specifically, the scope of services which could be delivered through telehealth technology has been expanded exponentially in the last year — year and a half — principally in response to the COVID-19 pandemic, and the need for those services to be delivered by methods other than in-person delivery. We’ve equalized the payment rates for services, so the service that is provided via telehealth technology gets paid essentially at the same rate as the same service would be, if it were delivered in person. And one of the things that the pandemic has really forced at the state licensing board level is new approaches to flexibility of licensure requirements in a telehealth services environment. You need to be able to have a doctor in Massachusetts (for example) be able to provide services to a patient in New Hampshire. Under the system that existed up until a few years ago, the question is, did you have to have a license in New Hampshire to provide the service to that patient, because that’s where they were located. The pandemic has really forced state licensing boards to accelerate the process towards interstate flexibility in licensure so that these individuals can provide services to patients across state lines, and that is obviously going to continue in the future. Miranda made reference to the changes in payment models too, We’ve seen accountable care organizations, for example, are clearly here to stay. There is some promise for direct pay primary care models in which a patient pays an annual sum directly to a doctor — it’s sometimes called concierge medicine — in which the patient pays the doctor a certain amount per year for a certain array of services, and they pay that amount whether they use the services or not. And that works very much like the accountable care organization model at a larger level.

We’re also seeing new options for billing by physicians and other providers. Physicians now can bill for their basic evaluation and management services for a patient, based entirely on the amount of time they spent with the patient. But there’s a cautionary note there, and a very important one, to be sounded: there is an assumption by some that if you’re billing on the basis of the amount of time you’re spending with the patient, you don’t have to worry as much about how much you document in the patient’s medical record. Be careful to avoid that particular landmine, because state medical boards and state licensing boards have their own clinical documentation requirements for providers, and those are not being changed; there’s no evidence that those are shifting. So there’s a lot of opportunity out there, but it’s very important not to assume that the regulatory framework has disappeared entirely. Healthcare is still a very highly regulated industry, and there are a lot of landmines that you can step on, accidentally, if you don’t know where they are.

Jesse Caplan

Yeah. I like that analogy, and we’re going to talk a little bit more about those landmines in just a minute. But Miranda, let me ask you this. Many of your clients are sophisticated investors; experienced business people with truly innovative services and products. The three of us know how challenging the healthcare regulatory environment can be. How about these entrepreneurial companies and professionals who are really entering the world of government healthcare programs like Medicare/Medicaid, maybe for the first time?

Miranda Hooker

Here’s the heart of it for those who are entering the healthcare market: first and foremost, there are tremendous challenges in bringing a product or service to the market, and that exercise, in and of itself, is time consuming and incredibly expensive. And oftentimes you’re going into it with really just the hope that there will be adoption in the market, and that users will recognize the value. So that’s all to say that there are many, many things that entrepreneurs, and people bringing products and services to the healthcare market are thinking about, and dealing with, and worrying about in the first instance. And it’s often the case that compliance — and particularly with respect to regulatory compliance, or fraud and abuse compliance — is not top of mind. And to the extent there is an emphasis on compliance, it’s really around regulatory compliance relating to product safety — or if you’re a laboratory or provider, protecting patient data — things that are really sort of critical in the first instances, and it’s less about fraud and abuse issues.

So that’s the sticky area for those who are entering this marketplace, because you’re thinking about how to grow your business, how to educate users and customers, how to generate interest and support for your product, or whatever service you’re offering. And when you think about that in the context of any other industry, there are things that you can do. There are ways in which you can share information about your product and you can generate interest, and you can’t do that necessarily in the healthcare industry without potentially running the risk of enforcement under various fraud and abuse statutes. So it’s a tricky area for people, because you can come into the industry with common sense, and your common sense of what you can usually do is not necessarily going to translate. And that’s a hard lesson for very smart, ambitious, driven entrepreneurs and companies, who have really fantastic and great products to offer.

So that’s all to say, I have clients who are entering this space who just don’t necessarily fully appreciate that there are these landmines that you can trip upon, especially if it’s anywhere in the chain. Whether it’s a product, a drug, or a service is being paid for by a federal payer in some way, there are just certain rules you’re going to have to abide by, and if you don’t know that (or if you don’t fully appreciate the risk), you can find yourself in a little bit of trouble down the road. And oftentimes (with good intentions), these companies are coming into the marketplace from a perspective of, ‘what can I do to make my customer happy?’, whether your customer is a physician or a patient. And that’s tough, because that’s an appropriate perspective to come by when you’re thinking about enhanced patient service and yet, from a regulator’s perspective, that can be viewed with some skepticism; that there’s something troubling afoot, and you’re trying to improperly induce or create demand for your product. So that’s the risk that I think people and companies come by, and it’s why — certainly in the VC and private equity space — having a really strong healthcare regulatory counsel that guides you through these investments and acquisitions is critical. Because a lot of what I’ve been seeing in recent years is companies that buy healthcare companies with all sorts of hidden compliance issues that don’t come out in diligence, and so years later, you are the owner of a company that finds itself trying to navigate these worlds.

Jesse Caplan

Yeah. And Jim, I understand you’ve got some examples of companies or practitioners taking advantage of the increased business opportunities in the healthcare sector, but then running afoul of the challenging regulatory environment. Could you maybe share some of your insights and experiences?

Jim Anliot

Yeah. In the telehealth space, for example, we saw a case recently from Tennessee in which a company had set up call centers, and the people who were on the call center staff were impersonating medical professionals, and obtaining health information and prescription information from patients in an effort to try and encourage those patients to buy services that they didn’t actually need, but which could be billed to federal Medicare or Medicaid healthcare programs. And they got into a lot of difficulty with the justice department over that issue. They’ve signed down to a settlement agreement with those folks. In that case, I’m reminded, too, of entrepreneurial approaches. We had a client several years ago that came up with an interesting idea. They were seeing a situation in which nursing home patients who were having swallowing difficulties needed to be evaluated that way, and rather than sending the patients out of the nursing home to a hospital for that testing, they decided that they would create a company in which they would bring a van with fluoroscopy equipment to the nursing home, test the patient right there on the premises, and submit the results to the nursing company. They ran into two problems. One, they never understood that they needed to have a physician on the van overseeing the performance of the fluoroscopy procedure to see whether this patient had a swallowing problem. And the second thing was, they didn’t understand how they could bill for those services. They were trying to bill Medicare Part B for it, and they in fact had to bill the skilled nursing facility and get reimbursement directly from the nursing home. When they realized that they were faced with these regulatory requirements, they discovered that the business model they had devised for themselves simply didn’t work; they couldn’t get paid enough money to be able to stay in business. So part of the importance of understanding this regulatory framework is figuring out whether your business model can even work within that regulatory structure.

Jesse Caplan

So let me follow up with you Miranda. So, we’ve talked about the landmines and some of the unfortunate practices or examples. Are companies on their own, or is there guidance they can follow to help identify and mitigate these regulatory risks we’ve been talking about when they’re operating in the healthcare space?

Miranda Hooker

Yeah. So, for many, many years, I would say manufacturers and providers were educating themselves on the rules of the road through settlement agreements, or enforcement actions, and other compliance directives that existed in things like corporate integrity agreements. That’s a very hard way to learn lessons, because what it means is that some company has to find itself in a position it never wants to be in, in order for others to glean any learnings. And we saw a lot of that through the first ten years of the two-thousands from it. That’s just been — for many years — how it is that the industry learns of like, what are the enforcement priorities, activities, and parameters. On the compliance side of things — and compliance is a relatively emerging field still, if you think of it in a sense that we didn’t see robust compliance programs twenty years ago, and they’ve been growing and continuing to evolve and grow — there was never really any guidance from the government on that.

But beginning in 2017, the Department of Justice started issuing pretty substantive guidance to prosecutors on how to evaluate corporate compliance programs, and this is guidance that the industry can use to shape their programs. Since 2017, DOJ has updated and amended that guidance twice: once in 2019, and then again in June of 2020. And it’s actually, at this point, pretty substantive, and gives a lot of direction to industry to think about how it is you want to create a compliance program. And the most recent guidance from June of 2020 goes a step further than prior guidance to say: we’re not asking you to create a paper, or cookie cutter program, and we recognize that not one size fits all. We are recognizing that this is an evolving industry, and that we want companies to evolve their compliance programs as well.

So what we really want companies to be doing is assessing, ‘what are my risk areas?’, and then developing a program that addresses those specific risk areas, and then monitoring the programs to make sure that they’re working, and then really — this is a new piece — ensuring that the companies are putting resources into the program, both in terms of financial resources to ensure that you can verify that it’s effective and working. But also, from a corporate culture perspective, they want to make sure there’s the tone from the top and the middle of the organizations; that it’s really carried throughout, so that there really is an overall culture of compliance. These are the fundamental pieces that DOJ is giving industry, in terms of a guidance of how it is you should be modeling the program. And there’s a lot to unpack in the guidance, but I think it really does provide a substantive roadmap for companies who are looking to ensure that they have a compliance program that keeps them on the straight and narrow.

Jim Anliot

So Miranda, I’m the Chief Compliance Officer for a healthcare company. I’ve established a compliance program; developed a whole set of written policies and procedures. I have monitoring provisions in place, and I’m auditing things, and doing all the kinds of stuff that I’m supposed to be doing. I’ve still got a problem. Now, what do I do?

Miranda Hooker

Right. So in some respect, you can say, well if you’ve discovered the problem, that’s evidence that your compliance program works, so I think you can view that as a positive. But, what I want to say is that DOJ is now assessing the effectiveness of compliance programs, both at the time of the alleged misconduct that occurs, and then at the time that DOJ is making its decisions on how it wants to address its investigation — whether by charging, or a resolution of some nature. And I think that timing speaks to DOJ’s understanding that there is an evolution in the development of compliance programs in a way that I think can be helpful to companies in this respect. So what it’s ultimately saying is, I think DOJ is recognizing that there can be a compliance program that’s effective, and yet there can be misconduct in the organization. Misconduct can occur.

And I think it’s in these instances that DOJ is putting out there into the industry that it wants to incentivize compliance. There’s a strong opportunity to advocate to DOJ that if you are a company with an effective compliance program — you’ve identified misconduct and you’re addressing it, investigating it, and taking appropriate steps — that you don’t have the requisite corporate intent to commit fraud, and therefore shouldn’t be held liable for it. And I think there are even further arguments that, to the extent — DOJ wants to encourage an evolving compliance program. Even if your compliance program isn’t at the exact place you want it to be when you discover this quote-unquote misconduct, if you’re taking steps in the aftermath of discovering it to ensure that it doesn’t happen again, and to put in place greater controls to discover this type of misconduct going forward (or prevent it from happening), I think there’s still an argument to be made to DOJ that you have undertaken your obligations to evolve, and shouldn’t be held liable with the same level of intent that maybe DOJ could be looking at.

So, I say this all — it’s admittedly untested — but if a company is following the guidance to create, assess, and enhance compliance programs on an ongoing basis, I think there are very good arguments that if something goes wrong along the line — which happens, mistakes happen — that there’s still no corporate intent for any type of misconduct, and that should be something that DOJ is evaluating very carefully in the context of its investigations.

Jesse Caplan

So Jim, you’ve developed compliance programs for healthcare companies. What would you say an effective compliance program would look like?

Jim Anliot

Well, I think there are several essential elements to it. First off is a set of written policies and procedures for operating the company, particularly in smaller healthcare practices. I have been almost astounded by the extent to which the healthcare practices and smaller healthcare organizations have virtually nothing in writing about how they operate; about the governing policies and procedures of the company. And I’m surprised by that, because you go walk into one of these practices, and you might see a bare bones employee handbook, which describes for people what their employee benefits are, and so forth. But there’s almost nothing about how they operate, and you really need those policies and procedures, because you need to be able to establish clear lines of accountability within the company (Who’s responsible for what? What functions can be delegated to what staff members?), so that you create those lines of accountability, and an understanding so that everybody knows what they’re supposed to be doing.

That also promotes consistency and fairness in the management of the operation. I went into a physician practice recently, in which there was disagreement among the physicians about what the standards of conduct were for their employees, and how they were going to enforce them. And that led to inconsistency in enforcement and a lot of resentment amongst the staff, because they felt somebody was getting an advantage over somebody else unfairly. You need those clear standards of conduct. You need a compliance officer, and that compliance officer needs to be somebody who is visible. The compliance officer can’t be somebody who is stationed in a corner office, playing Super Cop in the company. That’s not their role. You need a compliance officer who is visible to everybody within the organization, from the frontline employees all the way up to the top, and who is seen by everybody in the company as a source of help; as a resource for making things better. And that compliance officer has to be out there and visible. You also need to make sure that people are being trained on their responsibilities in the compliance program — but not just in terms of what the rules are, but in terms of how the compliance program affects the way in which they do their particular jobs. The training program has to be designed to address how they do their work, and it has to help them, in essence, to make sure that they’re doing that work in appropriate ways. And you need effective communication systems. When problems arise, people have got to know that there is some place they can go to get help, and they also have to know that if they are reporting a problem, they will be protected against retaliation. I am reminded of a company — a clinical laboratory company for which we did some work a few years ago — in which the tone at the top from the Chief Executive Officer to his senior managers was: I don’t want to hear about anything bad that’s going on in the company. The only thing I want to hear is five pieces of good news at every staff meeting. Well, what that did was essentially suppress all the problems. And of course, when the problems erupted, they were in huge difficulty. So you need to create that kind of open communications line, so that you can identify problems proactively and take the appropriate corrective action that’s involved.

Jesse Caplan

So we’re coming up towards the end of our allotted time, but I’m going to ask — Miranda, I’m going to ask you a question. I know that you’re a big advocate that healthcare companies should regularly assess and reassess their compliance program, both the paper program, but also, you know, is it actually effective? And, do you have any examples where a company may have had what, on paper, looked like a strong program, but once it was assessed for effectiveness, there were some surprises?

Miranda Hooker

I actually think that the best way to answer this question is to get back to the point that Jim made a second ago about having the right tone come from the compliance officer or the Chief Compliance Officer. And where I’ve seen companies trip up is that they don’t have the right person in that position. And I think companies are becoming incredibly more sophisticated around who they put in that position, and what background and training they have, and when you have someone who is — you know, when you have an experienced compliance officer, I think they bring to bear the notion that their role is not to be the police, but rather to be a resource, and to help those in the organization understand how to best do their jobs. And that is actually really the right tone you want to strike. And that’s what creates an environment whereby people come to trust compliance, and recognize that it’s not there to stop you from doing your job, it’s actually there to help you do your job. And so where that gets back to your question is, where you see people get in trouble is, you have just a figurehead in compliance. You have someone who doesn’t know the role, doesn’t want to do the role, doesn’t have any background in the role. And it’s very clear when that’s the situation that, one: senior management isn’t valuing the role, middle management isn’t valuing the role, and people underneath it — the bottom levels of the sales organization — see that, to know not to value the role. And I think of various companies that I investigated as a prosecutor whereby the compliance officer would be outwardly mocked by the head of the organization in front of the entire sales force. And so, what’s the message you’re sending there about compliance? Sure, you have a manual. You have some auditing, you have some monitoring. But if the president of the company is mocking the Chief Compliance Officer in front of the entire sales organization, that’s not really creating a tone that’s going to bring about an effective compliance program.

Jesse Caplan

Well, I think that wraps up our time for this episode. I really want to thank you so much Miranda, and Jim, for sharing your expertise and insights, and hope to get this team together again shortly.

Outro

Thank you for joining Affiliated Monitors’ podcast, Integrity Through Compliance: AMI’s Business Success Series. Today’s segment is just a sample of the subject matter expertise captured by AMI’s compliance professionals. Go to our website at www.affiliatedmonitors.com to view the comprehensive list of industry and in-house talent AMI has available to enhance professional and business integrity programs and controls. Also, connect with us on LinkedIn to receive updates and trends in the areas of enforcement and compliance. If you have any questions about today’s podcast or would like to learn more, please contact us at podcast@affiliatedmonitors.com. Our Affiliated Monitors podcast production team of Deloris Saad, our compliance associate, and Dan Barton, our editor and podcast music composer, look forward to you joining us again for our next installment of Integrity Through Compliance: AMI’s Business Success Series.

Leave a Reply