Our previous post explored how healthcare companies need to craft a thoughtful, effective policy to comply with laws about giving gifts to medical professionals. Today let’s turn to the other side of that coin: compliance with two U.S. laws that govern when and how healthcare professionals can accept such gifts.
Those laws are the Anti-Kickback Statute, which prohibits doctors from receiving any gifts or payments that might be an inducement to use certain products; and the Stark Law, which bars doctors from referring patients to other businesses where the doctor has a financial interest. That requires a strong conflicts-of-interest policy.
Successful compliance with either statute depends on a strong conflicts-of-interest program. That is, you’ll need to encourage employees to disclose their potential conflicts of interest (no easy task), and you’ll need a system to evaluate those conflicts and decide on a proper response (also not easy).
So as usual, compliance officers will need a deft touch with people and IT systems alike.
What the Anti-Kickback and Stark laws require
The Anti-Kickback Statute (AKS) prohibits medical professionals from accepting any payment, monetary or otherwise, that’s meant to induce a medical professional to prescribe or recommend certain services when federal healthcare dollars are at stake. For example, a doctor can’t accept luxury trips to a pharmaceutical conference in Hawaii, in exchange for prescribing that pharma company’s products to his or her customers.
Much like the Sunshine Act (which applies to pharma and medical device companies giving gifts), the Anti-Kickback Statute defines payments broadly. They could include money, trips, dinners, sports tickets, discounts on special services, or lots of other benefits.
The Stark Law (bars doctors from referring their patients to healthcare facilities or services in which the doctor (or an immediate family member) has a financial relationship. For example, a doctor couldn’t refer patients to a physical therapy clinic or a radiology lab in which the doctor had an ownership stake. That could be construed as misusing federal healthcare dollars.
Violating either law can lead to investigations by federal regulators, which in turn can lead to monetary penalties, costly “undertakings” to improve your compliance program.
At the same time, however, not all gifts and payments are automatic violations. Some arrangements are permissible (such as a doctor renting out office space), and others are permissible if the payment doesn’t influence medical decision-making or lead to overbilling of Medicare and Medicaid. Each arrangement should be analyzed against those criteria so your company can respond accordingly.
Hence conflicts-of-interest programs are so important: they allow your healthcare business to see what sort of conflicts might exist and then to rectify them as necessary, before worse consequences follow.
Building a strong ‘COI’ program
We can break down a conflicts-of-interest program into several smaller parts.
A risk assessment. Begin by studying your company’s operations to define the conflicts that concern you. (In our case today that’s straightforward: any gifts of other payments that medical professionals at your healthcare organization might receive.) Think expansively about what sort of conflicts might arise at your business based on the types of third parties your physicians typically encounter.
A conflicts-of-interest policy. Your policy should state that certain types of conflicts are not allowed, and that employees are required to report all potential conflicts to the compliance team. Be clear and specific about the information you want; consider whether you can use a standard form that collects basic information, and then allow employees to attach supporting documentation as necessary.
An internal reporting system. Per our last point, you’ll need a system to accept conflict-of-interest disclosures from employees. That system should be easy to use (and available in languages and formats that your workforce use, too). Also consider collecting annual certifications from all employees, where they attest that they’ve either disclosed all potential conflicts of interest or have none to declare.
Training. As we mentioned in our previous post, your policy will fall flat without proper training. Provide specific examples of gifts that are or aren’t permitted, and place those examples in scenarios that employees are likely to encounter. Demonstrate the reporting system employees are expected to use to submit COI disclosures, including any the documentation they’re expected to provide.
Review, audits, and monitoring. As employees submit potential conflicts, the compliance and legal teams will need to review those arrangements to see whether they truly are conflicts. Moreover, you’ll also need to conduct occasional audits to see whether employees have disclosed their conflicts properly (or even at all); and then monitor those financial arrangements over time to see whether they evolve into actual conflicts that need attention.
The true keys to compliance success
For all the importance of the mechanics of a good conflicts-of-interest program as discussed above, compliance officers should also keep two larger points in mind that often make the difference for a successful COI effort.
First, a successful COI program depends upon trust. Employee disclosures are the lifeblood of a COI program; employees need to trust that when they admit a potential issue, the company will not automatically pursue them for doing something wrong.
Indeed, plenty of compliance officers don’t even like the phrase “conflicts of interest program.” They prefer to emphasize it as “potential conflicts of interest,” to convey the sense that the company is there to help the employee navigate through a potential risk. You need to create an environment where employees feel comfortable engaging with the compliance team, so they’ll do the work of disclosing COIs for you.
So before you tackle specifics such as defining conflicts that should be reported or building investigation protocols, spend time on those fundamentals of corporate culture: a strong tone from senior management that encourages ethical conduct, anti-retaliation training, and other messages that build the trust you’ll need.
Second, a successful COI program also depends on case management. If you’ve done everything right on corporate culture and policy development, you’ll end up with lots of potential conflicts. Some will be quite serious, others not; all will need review, decisions, and documentation.
For example, review your list of potential conflicts. The more comprehensive the list is, the more precisely you can classify those conflicts. That, in turn, helps you route potential conflicts to the best people within your enterprise (HR, legal, procurement, and so forth) for investigation. It also lets you develop templates to help guide those investigations (say, what evidence to seek and what documentation to preserve) and to accelerate the resolution of cases.
Ideally, your COI program will integrate as seamlessly as possible with your internal reporting hotline and case management system. The more you can weave together one solid, effective system to hear employee concerns and resolve them promptly, the more effective your compliance posture will be.
Matt Kelly is an independent compliance consultant and the founder of Radical Compliance, which offers consulting and commentary on corporate compliance, audit, governance, and risk management. Radical Compliance also hosts Matt’s personal blog, where he discusses compliance and governance issues, and the Compliance Jobs Report, covering industry moves and news. Kelly was formerly the editor of Compliance Week. from 2006 to 2015. He was recognized as a "Rising Star of Corporate Governance" by the Millstein Center in 2008 and was listed among Ethisphere’s "Most Influential in Business Ethics" in 2011 (no. 91) and 2013 (no. 77). He resides in Boston, Mass.