Emails, voicemails, messages, and social media—how many ways can a healthcare manager get into trouble?
By Robert Liles
The risks associated with poor or improper communications in healthcare compliance cannot be understated as they permeate virtually every aspect of a healthcare provider’s organization and operations. For example, whether a regulatory violation or a simple mistake is viewed as an overpayment or a crime may well turn on the communications behind the action. Similarly, whether a patient brings a professional liability claim or an employee brings an EEO action will often be predicated on how something is communicated.
“Intent” is a critical element that is often examined in criminal and civil healthcare fraud cases and in other white collar criminal prosecutions. A U.S. Attorney’s Office will typically look for evidence of bad intent in the healthcare fraud matters it evaluates. It may find evidence of bad intent in emails, text messages, voicemail messages, memos, diaries, notes to self, cheat sheets, and in a provider’s billing practices. To be clear, the government recognizes that everyone makes mistakes. Nevertheless, when a healthcare provider alleges that incidents of improper conduct are mere mistakes, prosecutors are much less likely to accept a provider’s assertion when collateral evidence suggests otherwise. This is especially important in light of the current enforcement landscape. As you may recall, in September 2015, Deputy Attorney General Sally Yates issued a memorandum entitled “Individual Accountability for Corporate Wrongdoing.” This important document instructs DOJ prosecutors to stop resolving corporate cases that release individuals from personal liability, absent extraordinary circumstances. What are some of the “communication risks” that can get you into trouble?
Practically every project you work on and everywhere you physically go, or visit online, leaves a digital footprint. There are no more secrets. Several of the points we will be discussing the September presentation at the 2018 Healthcare Revenue Cycle Conference are outlined below:
Cellular service providers retain records of when a text was sent and received, and the parties to a text message, for periods of 60 days to seven years. Notably, law enforcement has a number of tools that it can use to gain access to text messages on your phone that were erased long ago. It is very difficult to truly erase a text message or other file on your phone. In the following two examples, state law enforcement executed a search warrant on a provider’s office. Here’s what they found:
- A licensed dentist videotaped himself on a “hoverboard” while extracting a tooth from a sedated patient. He then sent the video by text to an individual, jokingly referring to the procedure as the “New Standard of Care.” When investigating the case, law enforcement found copies of the text and video on the phones of both the dentist and his office manager.
- An office manager in a dentist’s office was indicted, in part, based on a text message. The office manager (not a licensed medical practitioner) in this case text messaged her mother and told her that she “pulled out two teeth on a guy yesterday” and that “He was asleep. He didn’t know I did it.” This text was used against both the office manager (practicing dentistry without a license) and the dentist (allowing a non-licensed individual to perform duties that are restricted to a licensed dentist).
Recordings of Patient Exams
Most states, including Texas, New York, and New Jersey, have “one-party consent” laws that require that only the party taping a conversation be aware that it is being recorded. As a result, a physician’s consent isn’t needed if a patient wants to record an examination and fails to tell the physician that he or she is being recorded. Some practices have implemented written policies regarding the use of recording devices during office visits and have either posted the policy or given a copy of the policy to patients. Physician concerns are multifold:
- The surreptitious recording of an office exam or visit is a direct affront on the “trust” between a physician and the patient.
- The recording may be subsequently used in a malpractice case against the physician. Perhaps the most famous recent case involved a Vienna, Virginia, patient who had pressed “record” on his smartphone before undergoing a colonoscopy. A number of inflammatory comments were made by the physician and members of his staff during the procedure. The patient sued and was awarded $500,000. This amount included $100,000 for defamation, $200,000 for medical malpractice, and $200,000 in punitive damages.
Metadata is essentially the “digital DNA” of electronic records. Both law enforcement and plaintiffs in a medical malpractice case can tap into this otherwise-unseen information and find out the name or initials of the creator of a file, along with the identification of the computer used to create or alter the file. In the case of a document, forensic auditors may also be able to determine when revisions to a document were made and the nature of the changes. Metadata is now routinely sought in law enforcement investigations, medical malpractice, and product liability cases.
- In the case of law enforcement, subpoenas in healthcare fraud investigations now typically specify the production protocol and format including Electronically Stored Information (ESI) and metadata. Be careful; you need to tell your staff and IT personnel to preserve responsive files. If the government thinks you have destroyed or tried to make revisions to the documents, you could be facing an obstruction charge.
- In the medical malpractice context, last year a Pennsylvania State Court issued an opinion of first impression holding that a plaintiff suing a hospital over treatment that allegedly caused brain damage should be allowed to access “audit trail” information outlining which healthcare providers viewed her medical records and whether those records were manipulated.
- In a product liability case, a large pharmaceutical company was alleged to have falsified test results for one of its drugs. Plaintiffs’ counsel was able to prove that the company had edited out negative test results from an earlier drug study. Plaintiffs’ counsel was also to track changes accidently left in a company internal document that indicated the pharmaceutical company knew of potential dangerous side effects, including heart attacks two years before placing the drug on the market.
Reducing Your Level of Risk
The risk areas above are just a few of the problem areas that will be discussed at the September conference. What can you do to reduce your liability exposure? Perhaps the single most important step you can take to reduce your level of regulatory risk is to develop and implement an effective compliance program. The Department of Health and Human Services, Office of Inspector General (OIG) has identified seven fundamental elements to an effective compliance program. Your efforts to comply with these elements will be essential in the event that you or your practice is investigated for civil or criminal fraud. Join us in September and we will discuss the various ways that your compliance program can assist in keeping you and your practice within the four corners of the law. In the meantime, should you have questions about compliance, please feel free to contact us. Visit our website at www.lilesparker.com or give us a call at 1-800-475-1906.
Robert Liles’ background is unique. In addition to a law degree, he holds both an MBA and an MS in healthcare administration. Liles has worked on the provider side as a federal prosecutor and now represents physician practices and other healthcare providers around the country in connection with Medicare/Medicaid/private payor audits, state board of licensure actions, and False Claims Act cases. He also currently serves as an IRO on Corporate Integrity Agreements for the Office of Inspector General.