Medical Offices Need Compliance Chiefs ‘Now More Than Ever’

Share Article

Even smaller practices need someone to head up their compliance programs in light of the ongoing healthcare fraud crackdown, writes LeClairRyan attorney Michael F. Ruggio

Given that federal agencies have declared an all-out war on healthcare fraud and other regulatory violations, even smaller medical offices should have the likes of a chief compliance officer on the payroll, writes LeClairRyan shareholder Michael F. Ruggio in the October 31 edition of online publication Medical Office Today.

Does this require shelling out for highly paid, c-suite-level executives who spend all day mulling arcane topics? Not exactly. “But make no mistake about it—every medical practice and healthcare organization, no matter how small, does indeed need at least one person whose responsibilities include being the official point person on compliance,” writes the Washington-based attorney, who leads the national law firm’s Healthcare Investigation and Litigation practice team. “Every office should designate this responsibility to someone, even if it is John or Jane at the front desk, because failure to do so can expose the business to tremendous liability.”

In the column, Ruggio notes that chief compliance officers (CCOs) or execs carrying similar titles are part and parcel of the nation’s largest medical practices and healthcare organizations. However, offices with just a few doctors, nurses and support staff frequently have no single individual in charge of coordinating the practice’s compliance strategy. Such an approach is particularly unwise in today’s regulatory environment, the attorney writes. “Consider that the number of investigations and reviews by the Department of Justice and the HHS Office of Inspector General has grown by more than 500 percent in the past three years alone,” Ruggio explains. In addition to ramped-up enforcement, healthcare regulations are a moving target as well. “If the office fails to refresh its policies and procedures and to pay attention to the ever-shifting regulatory environment, liability exposure is inevitable,” Ruggio writes.

Training of employees on the likes of HIPAA’s privacy requirements is absolutely critical, he notes, and it is the CCO’s responsibility to make sure everyone in the office understands the gravity of these issues. In the column, he cites a recent case that well illustrates what can happen in the absence of this kind of training. A smaller medical office had hired some young women from the neighborhood to review medical records. “Under HIPAA, the confidentiality of such records is sacrosanct,” Ruggio explains, “but one of the staffers made the error of getting drunk at a party and saying to her fellow celebrants, ‘Those girls over there have Chlamydia. I know, because I work at Dr. So-and-So’s office!’ As you can imagine, the young women who had their privacy violated were none too pleased. One of their fathers just happened to be an attorney, who immediately began threatening the office with embarrassing and potentially costly litigation.”

By failing to have a designated point person on compliance with a documented and thorough training program for all employees, the aforementioned, three-physician office exposed itself to potentially millions of dollars in liability. “And, by the way, under HIPAA rules, federal penalties and litigation exposure were a potential double-whammy here as well,” Ruggio writes. “Attorneys who focus on healthcare compliance get cases like these every week.”

In the column, the veteran attorney urges medical offices to name as CCO a smart, responsible and thorough employee, and to memorialize this person’s training and responsibilities on paper. Typically, medical offices will bring in a compliance legal team to evaluate the office’s risk profile and to update or create appropriate policies and procedures, Ruggio writes. “The team will work directly with the compliance point person to make sure all policies and procedures are reviewed, and signed off on, by all employees,” he explains.

The typical investment here—$2,000 or $3,000—is miniscule relative to the risks. “The Justice Department’s healthcare fraud initiative, which primarily focuses on Medicare and Medicaid fraud and off-label marketing cases, is one of the highest priorities of the current administration,” Ruggio notes. “It is part of an unprecedented, coordinated effort involving DOJ, HHS and other agencies, which have teamed up to execute a multipronged strategy aimed at identifying, investigating and prosecuting healthcare fraud.”

To read the full article, visit
About LeClairRyan
LeClairRyan provides business counsel and client representation in corporate law and litigation. With offices in California, Connecticut, Massachusetts, Michigan, New Jersey, New York, Pennsylvania, Virginia and Washington, D.C., the firm has approximately 350 attorneys representing a wide variety of clients throughout the nation. For more information, visit
Press Contacts: At Parness & Associates Public Relations, Marty Gitlin (631) 765-8519, or Bill Parness, (732) 290-0121,

Share article on social media or email:

View article via:

Pdf Print

Contact Author

William Parness
Parness & Associates
(732) 290-0121
Email >
Visit website