Tag Archives: compliance

Feds Bring Heat of Culture of Compliance Into Fight Against Opioid Epidemic

The other day we wrote about the importance of treatment programs hiring educated and trained (and preferably “certified”) compliance professionals into the ranks of management, in order to identify and address non-compliant activities and to make corrections.  While not mandatory, government regulators and prosecutors often look to the implementation of an effective compliance program as a mitigating factor when it comes to penalties and punishment for otherwise non-compliant behavior.

However, merely hiring anyone and naming them as “compliance officer” is both dangerous, and in the case of Rochester Drug Co-Operative Inc,. one such “compliance officer” has been criminally charged for sticking his head in the sand while ownership was distributing millions of doses of opioids to alleged pill mills.

Rochester Drug Co-Op acted as a middleman between laboratories and pharmacie and grew to be one of the nation’s largest drug distributors at the height of its opioid push, supplying 1,300 pharmacies in the northeastern U.S., according to the DOJ. The DOJ claims sales soared from 2012 to 2017 as the company took on pharmacy clients that other distributors refused to service.

Law360 is reporting that William Pietruszewski a “logistics specialist” at Rochester, who was only later “handed” the role of Compliance Officer with little direction and no training, has also been charged with conspiracy to distribute narcotics, conspiracy to defraud and failing to tell the Drug Enforcement Agency about suspicious pharmacy orders. He has agreed to plead guilty.

DOJ said Pietruszewski was managing the warehouse and tracking inventory at Rochester Drug Co-Op when he took on a second role as chief compliance officer. The document suggested compliance was established as an afterthought to profit.

“This historic investigation unveiled a criminal element of denial in RDC’s compliance practices and holds them accountable for their egregious noncompliance according to the law,” DEA special agent Ray Donovan said after the charges were unsealed.

Pietruszewski was charged alongside the company’s chief executive, the role historically liable for business failings. Prosecutors stressed Pietruszewski’s compliance position in public statements and weaved his “woefully inadequate due diligence program” throughout the charging documents filed last week.

“One of the lessons here, certainly, is that one of the first things the government is going to look at is the compliance program,” Tom Hill of Pillsbury Winthrop Shaw Pittman LLP said. “They want to see if it’s designed in an effective way and implemented with the appropriate degree of seriousness and rigor, as opposed to being there for window dressing purposes.”

The weight that prosecutors place on corporate compliance programs has only grown in the quarter-century since the DOJ established expectations for them in criminal sentencing guidelines. Pietruszewski’s case is a shining example, attorneys said, that compliance structure and effectiveness can determine the outcome of a government investigation.

“It continues to seep into the fabric of corporate America,” said Margaret Cassidy, chair of the American Bar Association’s compliance committee. “Even in smaller companies, they’re beginning to realize the vulnerability they have, the risk they have if they don’t develop some sort of ethics and compliance program.”

Experts said compliance programs should be designed to deal with situations like the one alleged at Rochester Drug, where CEO Laurence Doud and another executive — who remained unidentified and uncharged as of Tuesday — are said to have bred a culture of noncompliance.

“The question is if you have enough checks and balances so that, when mistakes happen, you are likely to catch them,” Hill said. He suggested, for starters, that companies must take every internal complaint seriously. Rochester Drug Co-Op failed on that front too, prosecutors claimed.

Read more at: https://www.law360.com/compliance/articles/1154054/with-opioid-charges-doj-signals-compliance-fixation?nl_pk=3926f25e-f017-4ab5-bd96-c6f73d2dab12&utm_source=newsletter&utm_medium=email&utm_campaign=compliance?copied=1

Why Having a Certified Compliance Professional in Addiction Treatment is Critical

The health care law world has been buzzing over the weekend about the release by HHS of its Notice of Enforcement Discretion, regarding a reduction and cap of Civil Monetary Penalties (CMP) for violations of both HIPAA’s Privacy Rule and its corollary Security Rule.

The new system sets annual limits for these fines based on the organization’s “level of culpability” associated with the HIPAA violation. That means organizations that have taken measures to meet HIPAA’s requirements will face a much smaller maximum penalty than those who are found neglectful.

Many are not aware that HIPAA has both a “privacy” component and a “security” component, the former pertains to use of Protected Health Information (PHI) and the latter of which speaks to the how such information is to be securely stored both in paper form and digitally.

The Health Information Technology for Economic and Clinical Health Act, (the HITECH Act) outlines minimum and maximum civil money penalties for HIPAA enforcement based on four tiers, which take into account whether the organization in question was aware of the violation and whether it had taken steps to abide by HIPAA’s rules. The tiers escalate in severity, from an organization that is unaware of the violation to one that demonstrated “willful neglect” in not correcting violations.

Violation of the HIPAA requirements mandates “self-reporting,” meaning that a health care provider (which includes in this instance addiction treatment providers) must report themselves to HHS of any such breach. Depending on the “level of culpability” there is a fine that is imposed. If a provider does not self-report, the fines are much more punitive and steep.

Last year marked a record year for HIPAA enforcements, as HHS collected an all-time high of $28.7 million from HIPAA-covered entities and their business associates. That surpassed the previous record of $23.5 million, which HHS doled out in 2016.

To avoid all of the pitfalls and landmines that permeate health care generally, a well-trained and experienced Compliance Officer who works with ownership and staff (and preferably a Compliance Committee) is a strong and wise investment. Such persons are tasked with primary responsibility to oversee and coordinate relevant and timely information pertaining to laws, rules and regulations governing matters such HIPAA; billing & coding; employee & vendor compensation; insurance audits; working with investigators; and patient financial responsibility.

A Certified Compliance Officer (CHC or “Certified in Healthcare Compliance”) is a recognized professional in this space who is trained to develop, implement and regularly update arecognized compliance program, which in many instances is viewed as a mitigating factor when determining whether a regulatory breach has occurred, as opposed to criminal activity.

The Health Care Compliance Association (HCCA) is the pre-eminent membership organization for all persons certified in health care compliance to share “best practices” and to network as to the latest trends and news in health care compliance. This organization worked extensively with the Compliance Certification Board (CCB) to develop criteria to determine competence in the practice of compliance, in this instance, in the health care sector.

According to the CCB:

“The healthcare world can be a high-risk and challenging environment that demands a proactive compliance approach. Being certified in this dynamic, changing profession can help mitigate compliance-related risks. An individual who actively holds the Certified in Healthcare Compliance (CHC)® is someone with knowledge of relevant regulations and expertise in compliance processes sufficient to assist the healthcare industry organizations in understanding and addressing legal obligations, and promote organizational integrity through the operation of effective compliance programs.”

The time is right for the addiction treatment and recovery residence industries to elevate what it means to have a “Compliance Officer” on staff, to be more than simply someone who ensures DCF licensure is up-to-date. Specific training and qualifications should be sought for such important positions within a program, no differently than in medical health care.

In my 9+ years of working extensively within the addiction treatment space, I have often met persons identified as a client’s “Compliance Officer” but came to realize many did not have the full scope of training to be able to anticipate and navigate the daily landmines and pitfalls that operating a health care business brings. Hiring a staff member who is certified in health care compliance should be viewed as an essential hire in addiction treatment to begin to lift this segment out of the shadows and into respectable health care as well as within the larger “recovery community” of service providers.

Hiring a competent certified compliance officer is but a small investment to make in exchange for the peace of mind that all aspects of a treatment provider’s operations, including any recovery residential services, meet the both the letter and the intent of the law.

For more information, visit the HCCA’s website at https://www.hcca-info.org/.

Florida DCF Releases Final Draft of Changes to Chapter 65D-30

The Florida Department of Children and Families (DCF) released today its Notice of Hearing relating to further proposed revisions made to Chapter 65D-30 of the Florida Administrative Code. These rules govern the licensure, management, regulation, as well as service delivery of care relating to Substance Use Disorders.

A copy of the revisions made to the initial rule change proposed in January 2018 is attached.

The hearing on the proposed changes is taking place at DCF’s office in Tallahassee on November 7, 2018, 10:00 a.m. – 12:00 p.m.  There will not be live-streamed videoconferencing across the state as had been offered in January 2018.  Considering the very large turnout at those prior gatherings, this comes across as somewhat of a surprise, and disappointing that input is somewhat limited.

However, DCF is offering interested persons to “attend” via conference call: Dial 1(888)670-3525; Code: 800 740 0450 #

Questions or concerns should be addressed to: Jodi Abramowitz at (850)717-4470 or Jodi.abramowitz@myflfamilies.com

A few comments on items that we gleaned from the changes:

  • Definition of “Best Practices” – DCF requires licensed service providers to implement “best practices” and had defined those previously to be the standards adopted by ASAM. The definition is now much more broad and not as specific, seemingly requiring a provider to select which “validation tool” it believes to be “best practices” and to implement same.  We were hoping that the State would require specific standards so that insurance carriers would then not be dictating health care in this space, but that discussion seems to have gone in a different direction.
  • Change of Ownership/Transfer of Licensure – While state statute prevents a transfer of ownership/licensure in the SUD treatment space (unlike medical health care), the proposed revisions to the rules now make it clear that the plain language of the statute controls – that a “transfer” occurs when 51% or more of ownership is sold/transferred/acquired. Anything less would likely continue to only require submittal of notice to DCF of the identification of the new owners/investors and a Level 2 background check (which has been the consistent interpretation of DCF for many years, until recently).
  • Medical Consultant – the term “Medical Consultant” has been created, we believe, to distinguish the term from a “Medical Director”, the latter of which is only required for inpatient treatment services.
  • Clinical Supervisor – the term had been proposed by DCF back in January but has been since proposed for exclusion from the new rules.
  • Licenses for Each Location – it is not clear from the revisions whether DCF is now eliminating the requirement that an existing licensed service provider must submit a complete license application to provide the same services at a second location. Specific language was struck from the rules revision requiring a separate license “for each facility that is maintained on separate premises even if operated under the same management.” We will seek further clarification as to this point, as well as the intended concept of “overlay services.”
  • License Fees – not proposed for significant change (DCF license fees are significantly less than AHCA licensed facilities).
  • Calculation of “Days” – The ways that the number of days from which an event must occur (such as a license renewal application) has been changed from “calendar days” to “business days.” This is a significant and impactful change, when it comes to license review by the Department, but also benefits in a way treatment providers. Renewals were required to be submitted no less than 60 days prior to expiration. That has now been proposed to be changed to “business” days, which is approximately 12 weeks.  On the flip side, the Department is now proposing that it have 30 business days to review a new application to determine initial completeness. So, what would have been a month would now be 6 weeks or more.
  • Medical Directors & Number of Facilities – DCF has endeavored to try to create a methodology for determining the maximum number of individuals a Medical Director may serve (noting that a “medical director” is only still required for addiction receiving facilities; detoxifications; intensive inpatient treatment; residential treatment; and methadone medication-assisted treatment). This methodology, found within proposed Rule 65D-30.004 (Common Licensing Standards), subsection (6), breaks down the maximum number of patients that can be under a single Medical Director’s supervision, based upon license type.  However, a Medical Director is still not required for outpatient services.
  • Critical Incident Reporting – it appears that DCF has attempted to incorporate into rule the IRAS critical incident reporting tool, CFOP 215-6, for ease of reference. It should be noted that a mandatory reporting incident now includes: “Events regarding individuals receiving services or providers that have led to or may lead to media reports.”
  • Delivery of Clinical Services – The proposed changes to the rules appear to continue to require that all clinical services now be provided by either the Qualified Professional or by persons with specific degrees or recognized certifications.  “Mental health counseling interns” have been added.  It currently remains unclear whether non-clinical staff may still provide therapy and counseling.

This information is intended simply to make the reader aware of the proposed changes, and the date for the DCF hearing. It is not intended to be an analysis of the proposed changes or to be a substitute for clinical, compliance and/or legal counsel to determine the impact any of these proposed changes may have upon ownership, management, operations and service delivery.

The proposed rule changes are not final and still must go through a process for final adoption. Therefore, any comments any reader may have regarding the proposed rules should be directed to Jodi Abramowitz at DCF prior to the hearing on November 7, 2018.

If you have received this post from someone else and are not a subscriber to our newsletter, please make sure to sign up at SoberLawNews.com, where you can also find other articles, editorials, and commentary of interest.


Consistent with the prior rule proposal back from January, DCF is continuing to propose the elimination of Residential Treatment Level 5.

“Day or Night Treatment with Community Housing” had been proposed for elimination but has been kept in the October 2018 proposed rules.

Click here to find out more