A client received a letter requesting a wide range of billing and coding information, and copies of variety of medical records before it concluded “please note that data regarding active investigations is classified as confidential and I request that you treat all communication on this matter accordingly.”
A request from an investigator to keep their contact confidential is quite common, whether it happens in a letter or in an oral communication from a government agent. The agent has every right to make the request. From their perspective, the request is smart. The agents are better off when they can surprise people.
But it is essential that everyone in your organization understand that it is a request and not a requirement.
Why is this distinction so important?
It has been quite common in my career that as I assist a client responding to an investigation, we discover that someone, be it a current or former employee, learned about the investigation weeks or even months before it was brought to my attention. Typically, the person who first learned of the investigation took the request for confidentiality to heart, and felt it was improper to tell a compliance officer, legal counsel, or their supervisor about the communication.
I get it.
People in the healthcare industry are trained at length about HIPAA and the need to keep a variety of information close to the vest. We are told that we cannot share information with our spouse, colleagues, or close friends. In the healthcare world, when someone says keep something confidential, we are trained to listen. But an investigation is not like medical information. There is no federal or state law that requires someone who knows about a government investigation to keep the information to themselves. While I would not recommend it, it is perfectly legal to rent the Goodyear Blimp to fly above a stadium people and declare Glaser Hospital is under investigation. And while I would not put the message on a dirigible, I do think it should go to the right director. Whether it is compliance or legal, someone needs to hear about an investigation as soon as it starts.
Obviously training people about this after the investigation commences is useless. You need to make sure that your entire organization knows that if they are contacted by a government agent, they should be on the horn to legal or compliance in a matter of minutes. A well-run healthcare organization has at least annual compliance training.
I strongly encourage devoting a portion of that training to how to respond when a government agent shows up. While most healthcare employees will never deal with a government agent, over the course of a decade, most healthcare organizations will have someone in the organization who is interacting with a government agent.
Whether it’s a police officer looking for a patient or an employee, or a fraud investigator seeking information to pursue a patient or the entity itself, someone in the organization will be dealing with government investigators.
And since you can’t know who will draw that short straw, you need to train everyone. Taking five or ten minutes to prepare employees for that eventuality greatly reduces the risk that it will go off the rails.
Contact from the government is important, and should be taken seriously, but all employees should know that it needn’t be, and shouldn’t be, kept confidential from the compliance and legal team.