ACC Health Law Committee July Newsletter
IN THIS ISSUE...
Message from the Chair  
ACC Health Law Committee Leadership  
ACC Health Law Committee Upcoming Events and Quick Hits  
ACC Upcoming Events  
ACC Health Law Committee Previous Events - Webinars and Quick Hits  
HIPAA Compliance Best Practices  
Resource Guide on Measuring Compliance Program Effectiveness  
Sponsor’s Corner – Foley & Lardner, LLP  
Reminder About eGroups  
Job Listings  
Aspiring Writers  
Networks
Virtual Library
Renew Your Membership
Update Your Records
Upcoming ACC Programs
Search Back Issues

Webcasts
Updates From ACC Committees

Message from the Chair
Kenny Johnson

Greetings - it is hard to believe that we have already reached the mid-point of 2017, which reminds me of the popular saying “time flies when you are having fun!” That certainly applies to your Health Law Committee (HLC) leadership team, and I hope the same can be said for all of you, in both your professional and personal endeavors. 

Since last year’s annual meeting in San Francisco, the HLC has been “flying high” as far as the quality and number of programs and events offered. Specifically, the HLC has presented 11 Legal Quick Hit programs, a record six webcasts, and published a large number of written materials, including sample policies, procedures, and the comprehensive guidebook: Cybersecurity in the Pharma, Biotech and Medical Devices Industries. In particular, the recent webcasts on “US MACRA: What It Is, What It Does, What It Means,” the “Anatomy of a Self-Disclosure: From Concern, to Disclosure, to Closure, and Everything In Between,” and “Care in the Palm of Your Hand: Mobile Devices and Healthcare” were very well received and attended. As in prior years, the HLC has partnered with several other committees and chapters to develop many of these programs and events, including collaborating with the ITPEC Committee to offer the Privacy in a Box webcast series and the Compliance Committee to develop programming for the upcoming ACC Annual Meeting, in Washington DC on October 15-18. 

The HLC has also continued to collaborate with Wills For Heroes (WFH), a truly wonderful organization dedicated to providing certain legal services to our nation’s first responders and their families. If you have not had a chance to work with WFH, I would highly encourage you to do so. In addition, the HLC, in collaboration with the NJ and NY chapters, is working on establishing a strategic relationship with the New York Legal Assistance Group (NYLAG). NYLAG offers legal assistance in a variety areas, including healthcare and non-healthcare issues. The HLC is excited about collaborating with our ACC chapter colleagues on these pro bono opportunities.  Lastly, with the support of our national sponsor, Foley & Lardner, has been invaluable an invaluable partner allowing us to offer all the quality programs and events I am able to share with you in this message, and for the many to come.      

I would like to take this opportunity to announce that as of September 1, 2017, the Hong Kong Corporate Counsel Association Limited, the pioneer association representing over 800 in-house lawyers in Hong Kong will become members of ACC Hong Kong, benefitting from the global resources and connectivity of the ACC global network across six continents. The alliance will deliver enhanced value to ACC Hong Kong members through access to the extensive ACC resource library containing regional and global-focused content developed specifically for in-house lawyers.

In addition, ACC has launched a new third-party cyber due diligence service, Vendor Risk Service, to help law department leaders identify and mitigate risks among their organizations' third-party vendors. Powered by Jordan Lawrence, an ACC Alliance Partner of more than 10 years, the ACC Vendor Risk Service is a cloud-based platform that identifies and monitors vulnerabilities related to the protection of company data. ACC members receive exclusive discount pricing. Request a demo.

I also wanted to provide a brief update on the status of the next Regulatory Summit. Last year, the HLC successfully hosted its second annual regulatory summit in Washington DC. Although the HLC had planned to host a third regulatory summit this past Spring, doing so became a significant challenge with the unexpected election of President Donald Trump. His election created significant upheaval and turnover at a variety federal agencies, which made scheduling productive meetings almost impossible. In addition, given that Washington, DC is the site of the 2017 Annual Meeting, the HLC leadership team, after careful consideration, decided to postpone hosting a third summit this year.  The HLC leadership team is currently evaluating future advocacy opportunities, including the possibility of a 2018 summit, and will provide an update soon.

Lastly, and as a segue to the paragraphs above, I wanted to remind everyone that it is not too late to register for the ACC Annual Meeting.  The ACC Annual Meeting will occur October 15-18 in the fabulous headquarters city of the Association of Corporate Counsel - Washington DC. As we have done for several years,  the HLC will offer a dedicated health law track on Tuesday, October 17. The track has been specifically designed to provide health-care centric CLE programming to meet your needs.  Also on October 17, the HLC will also offer a networking breakfast and an evening social event, to be held at a venue within walking distance of the convention center.   I hope to see you in Washington!

In closing, and on behalf of the leadership team, I want to thank all of you for making the HLC the best ACC committee and helping us win “Best Small Committee” for the last three years. As always, if you have any suggestions, feedback, or are interested in becoming more involved, please let me, or a member of the HLC leadership team, know. You can contact us directly or e-mail: healthlaw@accglobal.com   

Kenny Johnson

Chair, Health Law Committee

 


[ Return to Top ]


ACC Health Law Committee Leadership

Position

Name

Chair

Kenny A. Johnson, Senior Corporate Counsel. Quest Diagnostics Incorporated

Co-Vice-Chair

K Royal, General Counsel, Aridessa

Co-Vice – Chair

Erich Drotleff, Director, Healthcare Legal Counsel, Sutherland Healthcare Solutions

Secretary

Debra Bromson, Assistant General Counsel, AAA Club Alliance, Inc.

Advocacy Chair

Gavin Galimi, Executive Vice President, General Counsel, and Chief Compliance Officer, March Vision Care, Inc.

Advocacy Chair

Laurie Weinstein, Deputy General Counsel, The Permanente Medical Group, Inc

Program Chair – Legal Quick Hits

Erich Drotleff, Director, Healthcare Legal Counsel, Sutherland Healthcare Solutions

Program Chair – Annual Meeting

K Royal, General Counsel, Aridessa

Pharmaceutical Industry Subcommittee Chair

Michele Atchison, Chief Compliance Officer & Corporate Counsel, TrialCard

International Subcommittee Chair

Mark Tatelbaum, Vice President & General Counsel, Ameritox, LLC

Medical Device Industry Subcommittee Chair

Lisa Castleton, Senior Counsel, St. Jude Medical, Inc.

Privacy Subcommittee Chair

Jason Stevens, Vice President and Deputy General Counsel, Wellstar Health System, Inc.

Communications Chair

Keith L. Henderson, Chief Compliance Officer, Morehouse School of Medicine & Morehouse Healthcare, Inc.

Immediate Past Chair

Gavin Galimi, Executive Vice President, General Counsel, and Chief Compliance Officer, March Vision Care, Inc.



[ Return to Top ]


ACC Health Law Committee Upcoming Events and Quick Hits

Aug 1, 2017 – Privacy & Security Jennifer Mitchell, Director, Navigant, Jen Rathburn, Foley & Lardner LLP, Jennifer Hennessey, Foley & Lardner, LLP

September 12, 2017 – For Profit or Not-For Profit Healthcare Entities Robin McCaffrey, Associate Legal Counsel, Cedar-Sinai Medical Center, Mark Schieble, Foley & Lardner LLP

September 26, 2017 – (Webcast) Health Care Cybersecurity Hot Topics: Ransomware, Cloud Storage, the Health Care Industry Cybersecurity Task Force Report, and Enforcement Jennifer Rathburn, Partner, Foley & Lardner LLP

October 15-18, 2017 – Annual Meeting Washington, DC

November 7, 2017 – Healthcare M & A Roger Strode, Foley & Lardner LLP, Ralph Wilson, Vice President & Associate General Counsel, Humana, Inc.

December 5, 2017 – Healthcare Regulatory Primer Ginger Appleberry, Associate General Counsel, Caris Life Sciences, Larry Vernaglia, Foley & Lardner, LLP
[ Return to Top ]


ACC Upcoming Events

Corporate Counsel University
Executive Leadership Institute

July 25-28, 2017
The Gwen Hotel
Chicago, IL

2017 ACC Annual Meeting

October 15-18, 2017
Walter E. Washington Convention Center
601 Mt Vernon Place, NW
Washington, D.C. 20001

To register, please visit: (http://www.acc.com/committees/hlc/index.cfm
[ Return to Top ]


ACC Health Law Committee Previous Events - Webinars and Quick Hits

Employment Law for Healthcare Attorneys Mark Neuberger, Foley & Lardner LLP, David Comeaux, Chief Counsel-Employment Law, McKesson (April 4, 2017)

US MACRA: What it is, What it Does, What it means Don Romano, Foley & Lardner LLP, Mark Herbers, Director AlixPartners (April 26, 2017)

Truthiness and Alternative Facts in the FDA Environment: Off-Labeled Promotion, Data Integrity and Staying Clear of the OIG’s Radar Screen Nate Beaver, Foley & Lardner LLP, Andrea Chamblee, Adjunct Professor, GW University School of Medicine and Health Sciences, Adjunct Professor, Johns Hopkins University Krieger School of Arts and Sciences, and Senior Regulatory Counsel, FDA, CDER (May 2, 2017)

Anatomy of a Self-Disclosure: From Concern, to Disclosure, to Closure, and Everything in Between Torrey K Young, Foley & Lardner LLP (May 17, 2017)

Telemedicine: Its Promise, Its Uses, and Practical and Legal Considerations Torrey K Young, Foley & Lardner LLP (June 6, 2017)

WEBCAST: Care in the Palm of Your Hand: Mobile Devices and Healthcare Monica R. Chmielewski, Partner, Foley & Lardner LLP and Jennifer Mitchell, Director, Navigant (June 7, 2017)

Government Contracting David Reiter, Associate General Counsel, UnitedHealth Group Incorporated, Frank Murray, Foley & Lardner LLP (July 11, 2017)

Meeting Agendas & Minutes can be found at: http://www.acc.com/committees/hlc/agendasminutes.cfm 


[ Return to Top ]


HIPAA Compliance Best Practices
Author: Bill Becker, Technical Director, SafeNet Assured Technologies

Questions and Answers to Improve Security and Avoid Penalties

Even after 14 years, public and private sector organizations are still routinely found out of compliance with the Health Insurance Portability and Accountability Act (HIPAA). Security management processes are among the weakest links in compliance. In this article, we’ll look at some of the basics that covered entities and their business partners need to follow to ensure that they are not hit with financial or other penalties.

For the uninitiated, HIPAA regulates the use and disclosure of certain information held by health plans, health insurers, and medical service providers that engage in many types of transactions.

Enforcement of HIPAA Privacy and Security Rules falls to the Department of Health and Human Services’ Office for Civil Rights (OCR). Enforcement of compliance began in 2005, with OCR becoming responsible for Security Rule enforcement four years later. Since April 2003, over 150,000 HIPAA Privacy Rule complaints have been investigated by OCR. 98% (or 147,826) of the complaints have been resolved.

OCR enforces HIPAA Rules by applying “corrective measures,” including either settlement or a civil cash penalty.

Only 47 cases have resulted in a settlement, although the total monetary penalty is still an eye-opening $67,210,982.00.  Most compliance issues, OCR reports, stem from improper use or disclosure of electronic protected health information (ePHI); poor health information safeguards; inadequate patient access to their ePHI; and the absence of administrative safeguard for such information.

In other words, there is a fundamental failure in developing and maintaining appropriate security management processes. Which is ironic because one of the very first stipulations in HIPAA § 164.308 (a)(1) calls for organizations to implement policies and procedures to prevent, detect, contain, and correct security violations.

There are several required specifications to implement these management safeguards. These include the following:

Risk analysis – Accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity (or its business associate/s).

Risk management – Security measures to reduce risks and vulnerabilities to a “reasonable and appropriate level.”

Sanction policy – Workforce members who do not comply with the security policies and procedures must be sanctioned according to a standard policy applied to violations.

Information system activity review – Procedures to review records of information system activity, including audit logs, access reports, and security incident tracking reports.

Before any of that, however, organizations must use best practices to get their arms around the protected information under their control, and to apply some common sense thinking to managing access to that information.

Let’s look at some of these best practices.

Identify relevant information systems – It seems obvious, but here’s where many organizations fail. You have to be able to identify all information systems that house ePHI. Moreover, you have to be able to analyze business functions and verify the ownership and control of those information systems.

Ask yourself the following questions:

  • Does the hardware and software in your information systems include removable media and remote access devices?
  • Have you identified the types of information you manage?
  • Have you identified and evaluated the sensitivity of each type of information?

Conduct a risk assessment – You have to have an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI.

To ensure accuracy and thoroughness, ask yourself the following questions:

  • Is the facility located in a region prone to any natural disasters?
  • Have you assigned responsibility to check all hardware?
  • Have you analyzed current safeguards and identifiable risks?
  • Have you considered all processes involving ePHI — including creating, receiving, maintaining, and transmitting protected information?

Acquire IT systems and services – After identifying your systems and exposure to risk, you may find that you’ll need additional hardware, software or services to adequately protect information such as:

  • Multi-Factor Authentication
  • Data-at-Rest Encryption
  • Data-in-Transit Encryption
  • Cryptographic Key Management

When planning for new systems or services, ask yourself the following questions:

  • Will new security controls work with the existing IT architecture?
  • Have you conducted a cost-benefit analysis to make sure the investment is reasonable when measured against potential security risks?

Create and deploy policies and procedures – This is the crux of any working set of management processes. You have to have policies that clearly establish roles and responsibilities and assign ultimate responsibility for the implementation of each control to particular individuals or offices. Does your formal system security and contingency plan stand up to that kind of scrutiny?

In both the public and private sectors, hospitals, clinics, and other health care providers that manage private health information today must adhere to strict policies for ensuring that data is secure at all times. The best practices presented here can help ensure that data isn’t stolen or compromised, and that your organization doesn’t face steep fines for being out of compliance.
[ Return to Top ]


Resource Guide on Measuring Compliance Program Effectiveness

On March 27, 2017, the Department of Health & Human Services, Office of the Inspector General (OIG) released “Measuring Compliance Program Effectiveness – A Resource Guide.” The Resource Guide is a product of an OIG roundtable held on January 17, 2017 with a group of health care compliance professionals and OIG staff to discuss several ideas for measuring various elements for an effective compliance program. The group incorporated the United States Sentencing Guidelines along with guidance from the Health Care Compliance Association’s “CHC Candidate Handbook: Detailed Content Outline,” to develop a resource for compliance professionals to measure effectiveness. The group reviewed “what to measure” and “how to measure” with respect to all seven elements of a compliance program. The Resource Guide set forth seven key elements for an effective compliance program. The seven compliance program elements are as follows:

1.     Standards, Policies, and Procedures

2.     Compliance Program Administration

3.     Screening and Evaluation of Employees, Physicians, Vendors and other Agents

4.     Communication, Education, and Training on Compliance Issues

5.     Monitoring, Auditing, and Internal Reporting Systems

6.     Discipline for Non‐Compliance

7.     Investigations and Remedial Measures

The OIG Resource Guide is a great resource tool for health care compliance professionals by providing a detailed outline of the legal requirements and best practices for measuring compliance programs effectiveness.   

OIG Resource Guide can be found at: https://oig.hhs.gov/compliance/101/files/HCCA-OIG-Resource-Guide.pdf
[ Return to Top ]


Sponsor’s Corner – Foley & Lardner, LLP

The Best Defense is a Good Offense:

The DOJ’s Compliance Initiative and What It Means for Your Organization

Lindsey Gabrielsen, Foley & Lardner LLP

 “How thoughtful is your design? How operational is your program? How well [do] your stakeholders communicate with each other?”[1]  These questions, posed by Hui Chen, the Department of Justice’s (DOJ’s) Compliance Counsel Expert during a 2015 roundtable discussion, depicted the types of questions the DOJ would ask as it began to magnify its focus on the effectiveness of corporate compliance programs.  The creation of the Compliance Counsel Expert position, and the appointment of Chen to that role in November 2015, reflected the DOJ’s “effort to place greater resources and expertise to separate out the companies that really don’t get it—those with sham or paper programs—from those who do get it,”[2] according to Andrew Weissmann, Chief of the Justice Department’s Fraud Section.  The Compliance Counsel Expert would be involved in more than just sentencing decisions, she would provide her analysis of the robustness of a company’s compliance program as an element for consideration when prosecutors make determinations whether to investigate or prosecute a company.

The Evaluation of Corporate Compliance Programs (Compliance Guidance) issued by the Fraud Section of the DOJ’s Civil Division on February 8, 2017, provides formal guidance outlining the DOJ’s expectations for effective corporate compliance programs,[3] and puts corporate compliance officers on notice that the DOJ’s so-called “Compliance Initiative” is here to stay.[4]  Now more than ever, organizations should be assessing the breadth and effectiveness of their compliance programs, as an organization with a robust compliance program may receive credit with the DOJ if it ever falls under investigation for potential misconduct.  The role of compliance programs to date, and an outline of the Compliance Guidance, is described below.

Role of Compliance Programs to Date

The origin of corporate compliance programs is the U.S. Federal Sentencing Guidelines for Organizations (FSGO), enacted by the U.S. Sentencing Commission (Sentencing Commission) in 1991, with the goal of imposing sanctions upon organizations and their agents that, “taken together, will provide just punishment, adequate deterrence, and incentives for organizations to maintain internal mechanisms for preventing, detecting, and reporting criminal conduct.”[5]  An “effective compliance program” under the FSGO must be “reasonably designed, implemented, and enforced so that the program is generally effective in preventing and detecting criminal conduct” and, at minimum, such a program must meet seven elements provided in the U.S. Sentencing Guidelines Manual.[6]

In the healthcare space, the U.S. Department of Health and Human Services, Office of Inspector General (“OIG”) embraced the concept of corporate compliance programs in 1998 by creating “compliance program guidance” (CPGs) for many of the healthcare sectors, including hospitals, physician practices, nursing facilities, and pharmaceutical companies.[7] Modeled after the FSGO’s “effective” compliance program, all CPGs include seven basic elements for an effective compliance program, such as the development of written standards of conduct and policies and procedures, the designation of a chief compliance officer, the development of regular education and training programs, and the development of a system to respond to allegations of improper or illegal activities.[8] 

The CPGs are necessarily vague, however, because they apply to broad industry segments and not individual providers, and although the OIG has encouraged healthcare providers to voluntarily develop and implement corporate compliance programs as a prophylactic means to monitor their adherence to (and help ensure compliance with) applicable statutes, regulations, and program requirements, the absence of more “directive” guidance has, in many instances, contributed to the development of compliance programs that fail to achieve their goals.  Historically, it has only been in the settlement process and negotiation of corporate integrity agreements (CIAs) that the federal government has played any active role in assessing the “effectiveness” of a healthcare organization’s corporate compliance program.  OIG often requires healthcare providers to enter into a CIA as a condition of settling investigations arising under a variety of false claims statutes.  Generally, healthcare providers agree to the CIA obligations, which include a number of obligations pertaining to the company’s compliance program, as a means to avoid being suspended or excluded by OIG from participation in Medicare, Medicaid, or other Federal health care programs. Even with execution of CIAs, however, it has not been clear what the government requires or expects of a corporate compliance program.  CIAs only provide general guidance on the required elements of such programs; they do not include any templates, checklists, sample compliance programs to use as models. 

It is not surprising, then, that when federal prosecutors have selected which cases to investigate or prosecute, the sufficiency of a provider’s compliance program has generally played little, if any, role in the determination.  Since the FSGO were enacted in 1991, very few healthcare organizations have received sentencing credit for having an “effective” compliance program.  Instead, federal prosecutors typically consider factors such as relevant conduct, statutes implicated, intent, current and possible evidence, magnitude or impact of conduct on individuals, entities, or healthcare programs, financial loss to the federal and/or state government, and financial gain to the healthcare organization.  In light of this background, the creation of the Compliance Counsel position, and the issuance of the Compliance Guidance, may help providers adopt more effective compliance programs, and may yield a significant positive shift in the federal government’s treatment of providers as a result of the adoption of such programs.

DOJ’s Compliance Guidance

The Compliance Guidance acknowledges that compliance programs must be evaluated in light of the individual institution and the specific context of the investigation; accordingly, the DOJ does not set forth “any rigid formula” to assess a compliance program. Instead, the Compliance Guidance emphasizes eleven topics, providing sample questions for each topic, that may be relevant when reviewing (or adopting/modifying) a compliance program:

1. Analysis and Remediation of Underlying Misconduct.

The questions focus on identifying the root cause of the misconduct, whether the misconduct was systemic in nature and whether there were prior opportunities to detect it, and how the company handled the remediation.

2. Senior and Middle Management

These questions look at the overall culture of the company – is the conduct at the top that of proper, compliant behavior and does there appear to be a shared commitment to compliance throughout different departments and levels of management? The questions also pertain to the role of the board of directors, and how the board has exercised its oversight.

3. Autonomy and Resources

This topic focuses on the independence, experience, allocation of resources, and presence of the compliance function within the organization.

4. Policies and Procedures

The Compliance Guidance includes two categories of consideration within this topic: design and accessibility, and operational integration.  The former investigates the process and personnel involved in designing policies and procedures, as well as relevant training about and accessibility to the policies and procedures. The latter focuses on how the policies and procedures are implemented within the system, and whether controls failed or were absent that could have prevented the misconduct.

5. Risk Assessment

These questions review the company’s risk management process, including its information gathering procedures and how such processes have informed the compliance program.

6. Training and Communications

This topic focuses on the content of trainings and their availability to employees. The questions indicate that tailored training should be provided to high-risk and control employees, and that the effectiveness of such trainings should be monitored.  The questions also examine, more broadly, the guidance available to employees regarding compliance processes.

7. Confidential Reporting and Investigation

These questions seek information regarding the availability of confidential reporting mechanisms for employees to report potential misconduct, the company’s investigative processes, and the company’s response to investigative results.

8. Incentives and Disciplinary Measures

Here, the Compliance Guidance suggests a review of the breadth of the disciplinary measures taken in response to the misconduct and the company’s history of responding to similar types of misconduct. The questions also explore whether compliance is considered when making decisions regarding incentives, such as promotions or bonuses, and whether the company applies its disciplinary actions and incentives consistently across the organization.

9. Continuous Improvement, Periodic Testing and Review

These questions examine the company’s audit protocols, including its reports to management and the board of audit findings, and whether specific audits have been conducted in the area relating to the misconduct. The Compliance Guidance also considers the extent to which risk assessments, compliance policies and procedures, and company processes have been reviewed and updated.

10. Third Party Management

This topic focuses on the engagement, diligence, monitoring, and discipline of third parties, with a focus on testing whether mechanisms are in place to ensure that work by third parties is actually performed and the compensation is commensurate with the services received.

11. Mergers and Acquisitions (M&A) 

Here, the Compliance Guidance evaluates the extent to which the compliance function is integrated in the M&A process, and how red flags identified during the diligence process are remedied and monitored.

            Ultimately, as noted by the DOJ in the Compliance Guidance, the eleven topics and relevant questions described above are not novel – they fit comfortably within the familiar landscape of the United States Sentencing Guidelines and the U.S. Attorney’s Manual requirements for evaluating whether to prosecute an organization. However, the promulgation of the Compliance Guidance, following the appointment of a Compliance Counsel Expert, signifies that now more than ever, companies should be evaluating the effectiveness of their compliance programs. Not only do effective compliance programs mitigate compliance issues that might result in a government investigation, but they may be a saving grace when the government chooses whether or not to prosecute an organization for such issues.


[1] NYU Program on Corp. Compliance and Enforcement, Roundtable Discussion (Nov. 13, 2015), available at  http://www.law.nyu.edu/corporatecompliance/events/roundtable-discussion.

[2] Joel Schectman, Compliance Counsel to Help DOJ Decide Whom to Prosecute, Wall Street Journal, Jul. 30, 2015, http://blogs.wsj.com/riskandcompliance/2015/07/30/compliance-counsel-to-help-doj-decide-whom-to-prosecute/.

[3] Evaluation of Corporate Compliance Programs, U.S. Dept. of Justice, https://www.justice.gov/criminal-fraud/page/file/937501/download (last accessed May 30, 2017).

[4] Compliance Initiative, U.S. Dept. of Justice, https://www.justice.gov/criminal-fraud/strategy-policy-and-training-unit/compliance-initiative (last accessed May 30, 2017).

[5] U.S. Sentencing Guidelines Manual ch. 8 (2001) [herinafter U.S.S.G.], available at  http://www.ussc.gov/guidelines-manual/2014/2014-chapter-8. For a brief overview of the Guidelines, see U.S. Setencing Comm’n, An Overview of the Federal Sentencing Guidelines, available at http://www.ussc.gov/pdf/glovrwb.pdf.

[6] U.S.S.G., § 8B1.1.

[7] See Compliance Guidance, Office of Inspector General, http://oig.hhs.gov/compliance/compliance-guidance/index.asp (last accessed Dec. 14, 2015).

[8] See, e.g., Compliance Program Guidance for Hospitals, 63 Fed. Reg. 8987 (Feb. 23, 1998).


[ Return to Top ]


Reminder About eGroups

The Health Law Committee is nearly 2,000 members strong, and one of our best resources is each other. The eGroup postings are a forum for members to exchange ideas, share best practices, template forms, and many other resources. Members may submit eGroup inquiries, and any member may respond. If you are concerned about using your name, you may post & respond anonymously. And eGroup responses are informational only, and are not considered legal advice or counsel. We highly recommend that you take advantage of this resource. Postings may be found at: (http://www.acc.com/committees/hlc/index.cfm). If you have questions or need assistance, contact Communications Chair Keith Henderson.
[ Return to Top ]


Job Listings

For current career opportunities in the in-house health care law, please click here: (http://www.acc.com/committees/hlc/jobs.cfm). 
[ Return to Top ]


Aspiring Writers

Health Law Committee members who are interested in authoring a blog post, an on-line article or an ACC Docket article are more than welcome. If you are interested, please contact our Communications Chair, Keith Henderson.
[ Return to Top ]