Highlights

Navigating Today’s Health Care Compliance Challenges

Proskauer Rose LLP | Prior results do not guarantee a similar outcome | Attorney Advertising

highlights Navigating Today’s Health Care Compliance Challenges Health care is one of the fastest growing and most heavily regulated industries in the world. This summary includes highlights from Proskauer’s Health Care Compliance Forum, where Proskauer lawyers and leaders in the health care industry discussed the latest developments in fraud and abuse; issues in compliance management; corporate governance and liability; and hacker attacks on health care institutions.

Latest Developments in Health Care Fraud Enforcement Prosecuting health care fraud is a major focus of the federal government, with the False Claims Act (FCA) as its principal vehicle for bringing actions related to fraud. Several recent developments in FCA legislation will have tremendous impact on the ability for health care companies to defend fraud cases. Our first panel, featuring Steven P. Lehotsky of the U.S. Chamber Litigation Center and Proskauer’s Sigal Mandelker, Roger Cohen and Ellen Moskowitz discussed these developments, which include: A case to be decided by the Supreme Court that will determine whether the statute of limitations for the FCA has been effectively eliminated by the Wartime Suspension of Limitations Act of 1942, a statute that delays the statute of limitations permanently for certain “offenses” committed while the country is at war, making it extremely difficult to successfully litigate cases

complaint must identify specific false claims for payment to satisfy the Federal Rules of Civil Procedure requirement for fraud to be pled with “particularity” A new emphasis by the Department of Justice on reviewing whistleblower complaints under the False Claims Act to determine whether criminal charges are warranted Sigal Mandelker, White Collar Defense & Investigations Partner at Proskauer, pointed out that Leslie Caldwell, new head of the Criminal Division of the Department of Justice, has as one of her priorities to increase the criminal prosecutions that result from leads obtained through False Claims Act complaints. “What Leslie is saying is that we’re not leaving this to chance. Every time a qui tam complaint is filed, we’ve asked the Civil Division to send us that complaint so that we can scour through it to determine whether or not it is worthy of criminal prosecution.”

The current split among the United States Court of Appeals and within certain Circuits concerning whether a

“Our goal today is to help practitioners on the frontline of health care operations learn more about the most important health care compliance challenges and how to respond to them effectively from a legal, regulatory and strategic perspective.” Richard J. Zall Partner and Chair of Health Care Department, Proskauer

Corporate Governance and Liability With tightening restrictions over false claims in the health care industry, it is important for companies to know who is actually liable. This panel, moderated by Litigation Partner Peter Duffy Doyle, examined issues of liability, as well as advice on measures companies should put into place to ensure that they are properly addressing issues of compliance and providing adequate transparency. Peter Duffy Doyle, Litigation Partner, Proskauer: “The question I always get is: am I personally liable? Yes, you may be, as a Director or Senior Officer you may be personally liable; and under Delaware Law, public policy and statute bar indemnification and exculpation for disloyalty.” When addressing issues of compliance, especially if director liability is a risk, board composition is extremely important.

The panel explained that health care organizations need to review their boards and evaluate the role of each member and what skill sets each brings to the organization. When issues arise, particularly government investigations, it is critically important that the Board is clear who’s advising whom and in what regard. Peter Urbanowicz, Managing Director, Alvarez & Marsal: “Most people on the board are not lawyers. The traditional formula for public companies has been to get CEOs or former CEOs of companies; the local banker; the local head of the largest company or manufacturing plant; or longtime financial supporters of the hospital. However, people with a number of skill sets are needed. Not only did we need someone who was a CEO or a former CEO, but who also knew how to run complicated organizations, had financial and banking expertise, had been at investment banks, and individuals who had marketing skills.”

“The old head in the sand is never going to fly; and is going to set up both corporate and personal liability, claims for bad faith, breaches of duty of loyalty.” Peter Duffy Doyle Partner, Proskauer

Issues in Compliance Management This panel looked further into compliance management and discussed the roles of compliance officers, general counsel, company executives and the board in dealing with issues of compliance and investigations. Edward Kornreich, Health Care Partner, Proskauer: “The Office of Inspector General noted that in the sentencing guidelines, where the responsibility for the compliance program is assigned to the general counsel or a distinct compliance officer or individuals with day-to-day responsibilities, they must have appropriate authority and direct access to the Board of Directors. As a result of that, in most entities, the compliance officer will have at least a dotted line relationship to the Board, independent of whether or not they report as a programmatic matter or as a functional matter to the general counsel. They will be given that independent access.” Scott Landau, Assistant General Counsel, Mount Sinai Health System, described his experience with investigations where compliance officers did not necessarily understand the rules and regulations with which they were attempting to comply. “I think one of the most important things to have in a compliance program is to have people who are actually involved and understand the regulatory issues… someone who is able to spot legal issues and make determinations as to when attorneys need to get involved and essentially drive the investigatory process.”

Michael Little, Senior Manager, Forensic Practice of Deloitte Financial Advisory Services: “When I was with the OIG, one of the things I would tell group settings is that effective compliance did not mean perfect compliance. There will be mistakes; there will be errors made. The key is that we go out and find them or, very importantly, listen to somebody who comes in and tells you there is a problem and to do the appropriate investigation.” The speakers noted that while there is often an inherent tension between general counsels and compliance officers, it is important for compliance officers to have access and be able to get ahead of any claims of wrongdoing.

Hacker Attacks and Health Care Institutions: Are You Ready? Health care institutions are affected by a unique set of data security issues. A shocking 40 percent of health care organizations reported a criminal cyber-attack in 2013. Head of Proskauer’s Privacy & Data Security Group, Kristen Mathews, presented on these issues, providing a number of examples of the surprising ways in which data can be hacked or unintentionally released, often with costly results for health care systems. “Thefts of health care information can go undetected, and that information can be used for a long time before it’s finally detected and made obsolete. And for that reason, hackers have identified health care information as data that is of a higher black market value than just a simple credit card number or Social Security card number.”

Suggestions: How can you protect against cyber threats? Monitor and implement National Institute of Standards and Technology (NIST) guidelines Consider ethical hacks and other ways to stay current on vulnerabilities Train personnel to understand and detect pretexting, social engineering, and phishing Educate patients to understand and detect phishing communications Ensure that key vendor contracts, employee agreements and internal policies contain robust security provisions; vet your vendors Consider data loss prevention and digital rights technologies Employ “checks and balances” for sensitive information access; audit internal access rights Revise employment contracts to include stern provisions prohibiting the unauthorized use or disclosure of data, coupled with deterring liquidated damages and injunctive relief provisions

Panelists Roger Cohen

Senior Counsel, Health Care Department

Proskauer

Peter Duffy Doyle

Partner, Litigation Department

Proskauer

Malcolm J. Harkins

Partner, Health Care Department

Proskauer

Paul Kaufman

Vice President, Legal Affairs

North Shore-Long Island Jewish Health System

Edward Kornreich

Partner, Health Care Department

Proskauer

Scott Landau

Assistant General Counsel

Mount Sinai Health System

Steven Lehotsky

Deputy Chief Counsel for Litigation

U.S. Chamber of Commerce

Michael Little

Senior Manager

Deloitte Financial Advisory Services

Sigal Mandelker

Partner, Litigation Department

Proskauer

Kristen Mathews

Head, Privacy & Data Security Group

Proskauer

Peter Urbanowicz

Managing Director

Alvarez & Marsal

Richard Zall

Chair, Health Care Department

Proskauer

Beijing Suite 5102, 51/F Beijing Yintai Centre Tower C 2 Jianguomenwai Avenue Chaoyang District Beijing 100022, China t: +86.10.8572.1800 f: +86.10.8572.1850 Boca Raton 2255 Glades Road Suite 421 Atrium Boca Raton, FL 33431-7360, USA t: +1.561.241.7400 f: +1.561.241.7145 Boston One International Place Boston, MA 02110-2600, USA t: +1.617.526.9600 f: +1.617.526.9899 Chicago Three First National Plaza 70 West Madison, Suite 3800 Chicago, IL 60602-4342, USA t: +1.312.962.3550 f: +1.312.962.3551 Hong Kong Suites 1701-1705, 17/F Two Exchange Square 8 Connaught Place Central, Hong Kong t: +852.3410.8000 f: +852.3410.8001 London 110 Bishopsgate London EC2N 4AY, United Kingdom t: +44.20.7280.2000 f: +44.20.7280.2001

www.proskauer.com 24563 - MAY 2015

Los Angeles 2049 Century Park East, 32nd Floor Los Angeles, CA 90067-3206, USA t: +1.310.557.2900 f: +1.310.557.2193 New Orleans Poydras Center 650 Poydras Street Suite 1800 New Orleans, LA 70130-6146, USA t: +1.504.310.4088 f: +1.504.310.2022 New York Eleven Times Square New York, NY 10036-8299, USA t: +1.212.969.3000 f: +1.212.969.2900 Newark One Newark Center Newark, NJ 07102-5211, USA t: +1.973.274.3200 f: +1.973.274.3299 Paris 374 rue Saint-Honoré 75001 Paris, France t: +33.(0)1.53.05.60.00 f: +33.(0)1.53.05.60.05 São Paulo Rua Funchal, 418 26º andar 04551-060 São Paulo, SP, Brasil t: +55.11.3045.1250 f: +55.11.3049.1259 Washington, D.C. 1001 Pennsylvania Avenue, NW Suite 600 South Washington, DC 20004-2533, USA t: +1.202.416.6800 f: +1.202.416.6899