1/26/2015

1

Mark Chilson - CareSourceKurt Lenhart - CareSource Jeff McFadden - Stradley Ronon Stevens & YoungChris Bennington - INCompliance Consulting

� Introductory Comments

� The Independence Watchword: Best Practices

� The Importance of Internal Enforcement

� The Flip-Side; or, How No Good Deed Goes Unpunished

� Separating a Whistleblower

� Your Worst Nightmare: Compliance Officers as Litigation and Prosecution Targets

1/26/2015

2

“In looking for people to hire, you look for three qualities: integrity,

intelligence, and energy.

And if they don't have the first, the other two will kill you.”

— Warren Buffet

1/26/2015

3

The compliance officer is required to investigate and coordinate a corporation’s response to compliance issues, while legal counsel must direct the corporation’s response to actual or potential violations.

1/26/2015

4

Specific individual(s) within the organization shall be delegated day-to-day operational responsibility for the compliance and ethics program. Individual(s) with operational responsibility shall report periodically to high-level personnel and, as appropriate, to the governing authority, or an appropriate subgroup of the governing authority, on the effectiveness of the compliance and ethics program. To carry out such operational responsibility, such individual(s) shall be given adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority. Sec. 8B2.1(b)(2).

In 2003 Tenet Healthcare's general counsel, Christi Sulzbach was forced to resign. She served as both the company's general counsel and chief compliance officer, raising concerns that Sulzbach had a conflict of interest to ensure both that Tenet was following federal guidelines and that the company was protected from charges of wrong-doing. Tenet officials agreed to pay $54 million to settle allegations that two physicians at Tenet-owned Redding Medical Center in California performed unnecessary heart surgeries and defrauded Medicare. This led to an investigation by Senate Finance Committee Chair Charles Grassley (R-Iowa) (and his famous comments) requesting documents related to corporate governance practices at the company, such as those related to the Redding physicians and the formula used by the company to calculate Medicare outlier payments.

1/26/2015

5

The Department of Health and Human Services ("HHS") has addressed conflicts of interest that exist when the legal officers oversee corporate compliance functions. Pfizer paid a $2.3 billion dollar settlement to the to the Department of Justice in a failure to comply with federal regulations including failure to set up a proper corporate compliance program. The Office of the Inspector General ("OIG") required Pfizer, as a part of the settlement, to not have the corporate compliance officer report directly to the general counsel. Instead the OIG in Pfizer's Corporate Integrity Agreement ("CIA") required the chief compliance officer report to the Chief Executive Officer. Chief Counsel for the OIG stated the "change is intended to eliminate the conflicts of interest, and prevent Pfizer's in-house counsel from reviewing or editing reports required by the [CIA]." Further the OIG stated that, " The lawyers tell you whether you can do something and compliance tells you whether you should. We think upper management should hear both arguments."

In 2012, HSBC agreed to pay $1.92 billion for anti-money laundering compliance failures. The Deferred Prosecution Agreement required the corporate compliance and legal functions be separated, giving the corporate compliance program direct reporting lines to the board of directors.

1/26/2015

6

In 2013, JP Morgan Chase, in a settlement with federal regulators agreed to divide its compliance and legal departments.

In 2013, Johnson & Johnson's $2.2 billion settlement with the DOJ 'n violation of the Stark Act and the Anti-Kickback Act. The Federal False Claims Act and the Federal Food, Drug and Cosmetic Act ("FDCA") required within the CIA for Johnson and Johnson to divide their corporate compliance program and legal department.

1/26/2015

7

� The Paradigm: Examine Every Step You Take, Every Decision You Make, Through the Eyes of a Third Party

◦ A Government Regulator or Investigator

◦ A Qui Tam Plaintiff’s Lawyer

◦ The Media

THE OVERARCHING QUESTION

In responding to the compliance issue, are BOTH the process and the resultfree of conflicting interests and undue influence?

1/26/2015

8

� Key Consideration:

◦ Should Compliance Officers supervise self-audits or internal investigations?

� Tensions – Objective consideration and acceptance of compliance weaknesses or failures

� Governance Structures Designed to Mitigate Those Tensions

� Attorney/Client Privilege and Work Product Problems

� Key Consideration:

◦ Should the Company retain outside counsel and/or other third-party experts?

� Regulatory counsel

� Litigation counsel

� Forensic accountants

� Compliance auditors

◦ NB!: Communications with the Company’s independent outside auditors are NOT privileged.

1/26/2015

9

◦ Have a hotline

� You must monitor it

◦ Have a policy on hotline protocol

� You must follow it

◦ Have a policy on government investigations

� You must communicate it

◦ Include employee expectations in your Compliance Plan and/ or Code of Conduct

� Non-retaliation is important

� You received a submission, now what?◦ Take every submission seriously

◦ Do you have a live witness?

� If yes, talk to them directly as soon as possible to validate the facts

� If no, submit a notice back through your hotline asking them to contact you

◦ Should you pursue Attorney-Client privilege?

� Publicity, sensitive, severe, senior mgmt

� Not every case requires privilege, be judicious

◦ Develop an investigative plan

1/26/2015

10

� When someone has the courage to reach out:

◦ Always acknowledge with a response

◦ Be timely, word will get around if you’re slow

◦ Follow up during and after the investigation

◦ Zero tolerance for retaliation or intimidation

� An anonymous complaint comes into the Hotline. The Hotline is managed by the Compliance Department.

� The anonymous complaint indicates that employee’s boss requested a list of primary care physicians that were being paid in excess of 100% of Medicaid. The employee went ahead and generated the list for the boss.

� A few weeks went by. Thereafter, the boss had a conversation with the employee and wanted the employee to begin to move members to primary care physicians that are paid at or below the 100% of Medicaid fee schedule.

� The employee went home and began to think about this and has concerns. No other information has been provided.

1/26/2015

11

� What should the Compliance Officer do in response to this report?

� How would your response differ if the report was filed by a known individual?

� How would your response differ if the individual was able to provide more detail/documents?

� How would your response differ if multiple employees raised the same issue at the same time?

� How would your response differ if multiple employees raised the same issue over a period of several years?

� How unenforced compliance policies can turn into False Claims Act cases – U.S. ex. rel. Bilotta v Novartis

1/26/2015

12

� Investigative plan◦ Give me the facts, and only the facts

◦ Levels of credibility

� Records, including data, personnel records, e-mail, etc.

� Reports, understand how they were created

� Corroboration, multiple people with the same story

◦ Interview those with knowledge

� Start with complainant

� End with subject of investigation

◦ Keep in touch with Counsel, if privilege was granted

� Investigative Report includes the following◦ List of all personnel involved

◦ Copy of initial submission i.e. hotline complaint

◦ Summary of interviews

◦ List of records reviewed

◦ Conclusion; substantiated or unsubstantiated

◦ Recommendations, disciplinary actions, process or policy improvement, business owner of follow up action(s)

◦ Review report with Counsel

1/26/2015

13

� Close out Investigation

◦ Communicate back with complainant as specifically as

allowed

◦ Report activity to Compliance Committee

◦ Report activity to Governing Body or Governing Committee

◦ Use trends to work with business leaders

◦ Include general themes in training, or to identify where

product specific training may be required

� The employee who made the report calls back and is frustrated that there has been no resolution.

� The Compliance Officer states that he is reviewing the issue but has not had time to complete his review.

� Two weeks later, the employee hires an attorney.

� Human Resources learns that OIG investigators visited several employees’ homes, conducting interviews.

1/26/2015

14

� Is there a conflict at this point between the Compliance and Legal departments?

� From the perspective of the General Counsel, what are some strategies to ensure the employee’s complaint is addressed?

� What should the General Counsel do in response to the news regarding the OIG investigation?

� Is it time to hire outside counsel?

� How does the concept of independence impact the General Counsel’s decision-making?

� The Government’s Use of Self-Audits in False Claims Act Cases

◦ OmniCare, Lakeshore Medical, and Vitas

◦ Pushing Back

� Self-Evaluative Privilege

� Chilling Effect

� DOJ and OIG-HHS Cooperation Considerations

1/26/2015

15

Compliance Officers as Litigation and Prosecution Targets

� An outside law firm is hired.

� The firm investigates the matter and determines that six integrated hospital systems with primary care networks that previously had members assigned to them had those members reassigned without any correlated reason other than to lower compensation to primary care physicians.

1/26/2015

16

� Is this factual finding protected under the work product doctrine?

� What is the definition of the work done by the Compliance and Legal Departments?

� Assume the two departments review the issue and come to different conclusions, how is this resolved?

� What risks does this pose to the organization?

� What are the goals of the Compliance and Legal Departments at this point in the scenario?

� Avoiding Retaliation Claims

� The Enforceability of Pre-Filing Non-Cooperation Agreements and Releases of Qui Tam Actions Under the False Claims Act◦ Provisions seeking to obtain a departing employee’s binding agreement to

refrain from reporting possible employer misconduct to the government are unenforceable under any circumstances.

◦ Pre-filing releases can be enforced to bar a subsequent qui tam claim if

� The release can be fairly interpreted to encompass the qui tam claim and

� The government was generally aware of the circumstances underlying the qui tam claim before the release was entered into.

1/26/2015

17

� The CEO would like to terminate the employee who made the initial complaint.

� Human Resources approaches the Compliance Department and asks what happened, what was the nature of the complaint, and what were the findings.

� Meanwhile, the organization is considering whether to hire consultants to assist with the internal investigation.

� Should the employee be terminated?

� How should the organization protect against retaliation?

� Should the organization hire consultants, and if so, what type?

� If the internal investigation uncovers wrongdoing, what should be done?

� Should the investigation be expanded to operations in other states?

1/26/2015

18