Lessons Learned – How compliance officers can better protect their organizations (Part 1)


This is the first in a series of bulletins discussing some of the challenges compliance officers face and offers best practices to show how health care providers and their compliance officers can work cooperatively to establish and maintain effective compliance programs and avoid False Claims Act whistleblower lawsuits.

In today’s environment of increased scrutiny of the corporate conduct of health care providers by regulators, it is imperative for compliance officers to establish and maintain effective compliance programs in order to protect their organizations. Of course, doing this is much easier said than done! Consequently, the role of the compliance officer has become increasingly challenging.1 Several whistleblower lawsuits under the False Claims Act have brought these challenges and their potential consequences to light.2 Notably, the Halifax whistleblower lawsuit under the False Claims Act demonstrates that compliance officers and other compliance personnel must have the respect, trust, and attention of their organization’s leaders, and the organization – from the very top on down – must actively promote and embrace a culture of compliance in order to spot potential compliance issues and address employee compliance concerns in a way that prevents them from becoming whistleblowers.

Compliance Officer Challenges

Being a compliance officer is not easy. A 2012 study of compliance professionals revealed the following:3

  1. 58% often wake up in the middle of the night worrying about job-related stress.
  2. 60% have considered quitting their jobs in the past 12 months due to work-related stress.
  3. 58% are either in an adversarial situation or isolated from their coworkers in other departments.
  4. Only 54% claim to have a good relationship with peers from the legal department (or health care attorney).
  5. 73% say they have either “nowhere near enough budget” or that their budget is “not quite enough”

In addition, when asked what is the greatest cause of stress, the reasons cited by compliance professionals include: keeping up with new laws and regulations, identifying compliance and ethics risks, preventing compliance and ethics violations, detecting compliance and ethics violations, and remediating compliance and ethics violations.4

The Halifax Decision Increases the Stakes for Compliance Officers and Their Employers

A recent federal False Claims Act settlement shines a light on the challenges of being a compliance officer. In Halifax, the Halifax Hospital Medical Center and Halifax Staffing Inc. (collectively Halifax) agreed to pay $85 million to resolve allegations that Halifax violated the False Claims Act by submitting claims to the Medicare program that were tainted by arrangements with referring physicians that violated the Stark Law.5 The lawsuit asserted that Halifax knowingly violated the Stark Law by executing contracts with several oncologists in which an incentive bonus improperly included the value of prescription drugs and tests the oncologists ordered and Halifax billed to Medicare. The government also alleged that Halifax knowingly violated the Stark Law by paying three neurosurgeons more than the fair market value of their work.

While not the largest recovery for Stark and False Claims Act violations to date,6 The Halifax case is noteworthy because a Halifax employee who worked in compliance at the organization brought the case to the government’s attention. Elin Baklid-Kunz worked at Halifax for over 15 years, including having spent over 3 years in Halifax’s compliance department. During her employment with Halifax, Ms. Baklid-Kunz found evidence that Halifax was committing Stark and False Claims Act violations and first reported it to her superiors internally at Halifax. According to the Second Amended Complaint filed by Ms. Baklid-Kunz,

[she] discussed the illegality of the physician contracts and relationships involving the medical oncology physicians with her superiors. Despite [her] concerns and her superior’s knowledge that these contracts violate the Stark laws, the Government has not been notified of this fact and no disclosures regarding the illegal incentives paid to the physicians have been made by Defendants to any Government Payor to the best of [Ms. Baklid-Kunz’s] knowledge.7

But her concerns went unaddressed and when she recommended that the hospital strengthen its compliance department and return the allegedly improper Medicare payments, Ms. Baklid-Kunz says she was told that it would cost the hospital millions and that it was not going to happen. Ms. Baklid-Kunz stated in an interview after the settlement was made public that, “I thought I could go to jail if someone else blew the whistle” and that she felt she did not have a choice.8 As her “reward” for bringing the allegations to the Government, Ms. Baklid-Kunz will receive at least 15% of the settlement amount - $20.8 million. There is a second part of the lawsuit Ms. Baklid-Kunz brought against Halifax pertaining to improper inpatient admissions. As of the date of this publication, Halifax and Ms. Baklid-Kunz had tentatively settled those allegations for an additional $1 million after the judge’s ruling in the case eviscerated most of Ms. Baklid-Kunz’s arguments.9 Once settled, Ms. Baklid-Kunz should be entitled to a share of that settlement as well as her reward for bringing the case in the first place.

Clearly, the “takeaway” from the Halifax lawsuit and the Halifax settlements is that both could have likely been avoided if Halifax had heeded the concerns Ms. Baklid-Kunz first raised internally instead of dismissing them.

Why Have a Compliance Program?

Compliance programs are not new. Compliance programs emerged as a key issue in the 1990s, when in response to a variety of corporate corruption scandals and to encourage greater self-governance efforts, the U.S. Federal Sentencing Guidelines were amended to provide credit to organizations with an effective program to prevent and detect violations of law.10 Additionally, since the mid-1990s, corporate integrity agreements (CIA) have been used by the Office of Inspector General (OIG) as an enforcement tool with health care providers to promote compliance to health care regulations. CIAs are agreements between health care providers and other entities with OIG, where the providers or entities agree to the CIA in exchange for OIG not seeking to exclude the providers or entities from participation in federal health care programs.11 OIG negotiates CIAs with health care providers and other entities as part of settlements that result from investigations of False Claims Act and Stark violations.12

Recognizing the need for better understanding of health care fraud and abuse laws and the consequences of violating them, OIG developed a series of voluntary compliance program guidance documents directed at various segments of the health care industry.13 But, in the absence of some legal action that led to the imposition of compliance measures on a health care entity by the government (such as a CIA required as part of a false claim act settlement in order for the entity to avoid exclusion from participation in federal health care programs), having a compliance program has historically been voluntary. Best practice? Yes. But still voluntary. That all changed in 2013.

Along with all of the other health care reform measures that the Affordable Care Act (ACA) brought us, the ACA also brought us mandatory compliance programs.14 Specifically, the ACA states, “[A] provider of medical or other items or services or supplier . . . shall, as a condition of enrollment in the program under this title . . . establish a compliance program that contains the core elements . . . with respect to that provider or supplier and industry or category.15 The Centers for Medicare and Medicaid Services (CMS) has not yet established the core elements for these compliance programs or issued any regulations or guidance prescribing what these now-mandatory compliance programs must look like, nor has CMS set a compliance deadline for this new requirement (except for skilled nursing facilities and nursing facilities which were required to have an effective compliance and ethics program in place by March 23, 2013)16, therefore, we still look to the OIG‘s guidance to inform health care providers on how to craft their compliance programs.17 The OIG has published compliance program guidance for hospitals and most other provider types setting forth the best practices and risk factors to be considered in establishing and maintaining an effective program. This guidance is available to the public on the OIG website.18 The OIG has also published a document highlighting the features of an effective compliance program.19

The OIG guidance is helpful to organizations just getting started with a compliance program or that need to “beef up” their existing program. But to have an effective compliance program, more is needed.


  • See e.g. U.S. ex rel. Baklid-Kunz v. Halifax Hosp. Med. Ctr., No. 6:09-cv-1002-Orl-31DAB, 2011 U.S. Dist. LEXIS 59949 (M.D. Fla. June 6, 2011) The whistleblower, Ms. Baklid-Kunz, was an employee in Halifax’s compliance department; Sara Jane “Sally” Jones-McNamara v. Holzer Health Systems, Inc. No. 2:13-cv-616 (S.D. Ohio April 28, 2014) (Opinion and Order denying Defendant’s Motion for Judgment on the Pleadings). The whistleblower, Ms. Jones-McNamara, was Holzer’s Vice President of Corporate Compliance. This case is ongoing and there has been no finding on the merits of this case as of the date of publication of this article.

  • Stress, Compliance, and Ethics, supra note 1.

  • Id. at 3.

  • Department of Justice (Tuesday, Mar. 11, 2014).

  • That honor belongs to the Tuomey case, which as of the date this article went to publication, has a $237 million judgment against the hospital system, Tuomey Health Care System, Inc. See Judgment in a Civil Action at 1, U.S. ex rel. Drakeford v. Tuomey, 976 F. Supp. 2d. 776, (Sept. 30, 2013) (No. 3:05-2858-MBS).

  • Second Amended Complaint at 41, U.S. ex rel. Baklid-Kunz v. Halifax Hosp. Med. Ctr., No. 6:09-cv-1002-Orl-31DAB, 2011 U.S. Dist. LEXIS 59949 (M.D. Fla. June 6, 2011).

  • Joe Carlson, Halifax Whistle-blower Felt She Had No Choice, (Mar. 8, 2014, 12:01 AM EST)

  • Order, Baklid-Kunz v. Halifax Hosp. Med. Ctr., No. 6:09-cv-1002-Orl-31TBS, 2014 U.S. Dist. LEXIS 89357 (M.D. Fla. July 1, 2014); see also Joe Carlson, Halifax Ruling Supports Hospitals’ Defense in False-Claims Cases, (July, 16, 2014, 11:45 AM EST), Halifax Settles Whistleblower Lawsuit Alleging Improper Inpatient Admissions After Court Holds that Violation of Medicare Condition of Participation not a Basis for False Claims Liability (August 4, 2014) 

  • See U.S. Sentencing Commission, 2013 Guidelines Manual, (Effective Nov. 1, 2013); Office of Inspector General, Corporate Integrity Agreements, (last visited December 30, 2014).

  • Id.

  • See id.

  • See 42 U.S.C.S § 1395cc (j)(9)(A) (LEXIS through PL 113-125).

  • Id.

  • The ACA did establish the 8 core elements for skilled nursing facilities and nursing facilities compliance programs, which track relatively closely the OIG guidance discussed in this article and certainly provide a preview of what is likely to come for other provider types. See 42 U.S.C. § 1320a-7j(b)

  • Compliance programs have been mandatory for Medicare Part C and Part D programs since the beginning of these programs. See 42 C.F.R. § 422.503(b)(4)(vi) (Part C) and 42 C.F.R. § 423.504(b)(4)(vi) (Part D) . In addition, CMS has published guidance in the Medicare Managed Care Manual and Medicare Prescription Drug Benefit Manual that sets forth detailed requirements for Part C and Part D compliance programs. See Medicare Managed Care Manual, CMS Pub. 100-18, Chapter 9 (Internet-Only Manual) and Medicare Prescription Drug benefit Manual, CMS Pub. 100-16, Chapter 21 (Internet-Only Manual) While this guidance is certainly informative and helpful, due to the differences between these organizations and most other types of health care providers, much of the guidance in the manual provisions does not apply in other settings.

  • See id.

  • Office of Inspector General, Compliance Guidance, (last visited December 30, 2014).

  • Office of Inspector General, Operating an Effective Compliance Program (last visited December 30, 2014).

Industries & Practices

Media Contact

Subscribe to Receive Updates
Jump to Page

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.