Scandal at medical institution yields lessons for risk managers

Multiple suits, accusations suggest need for better compliance oversight

It would be bad enough to be the risk manager at a large medical institution facing multiple lawsuits and allegations of kickbacks, retaliation against a whistle-blower, and violations of various federal regulations. But it could be even worse if investigators trace all the problems back to your office and ask why you didn't prevent the wrongdoing or stop it before it got out of hand.

That could happen when a scandal permeates a health care institution as thoroughly as it has at the University of Medicine and Dentistry of New Jersey (UMDNJ) in Newark, warns Paul English Smith, JD, FASHRM, CPHRM, vice president and general counsel at Cabell Huntington (WV) Hospital in Huntington. Smith is the president of the American Society for Healthcare Risk Management (ASHRM).

Risk managers at UMDNJ have not been implicated in any wrongdoing, but the head of the legal department has. UMDNJ is widely respected as a top producer of minority health professionals, but it has been embroiled in a chain of scandalous events over the past year. UMDNJ is the nation's largest freestanding public health sciences university with more than 5,500 students attending the state's three medical schools, its only dental school, a graduate school of biomedical sciences, and a school of health-related professions. The university is under the close scrutiny of a federal monitor, former federal judge Herbert J. Stern, JD, who was appointed by U.S. Attorney Christopher J. Christie after the first allegations of Medicaid fraud surfaced in December 2005.

Smith says the situation at UMDNJ should hold many lessons for health care risk managers. Some executives at UMDNJ may have found themselves in one of the most difficult situations you can encounter in risk management, he says. "One of the most difficult things you can face is when you go to your boss and say, 'What are we going to do about this problem?' and they say 'Don't worry about it,'" Smith says. "It can be very difficult to keep banging the drum when your boss is telling you to let it go."

But Smith says risk managers must sometimes take a stand. "It sometimes takes a lot of courage to be a risk manager," he says. For that reason, have a structure in place to minimize how much that situation can arise, Smith says. "Having an ethical code of conduct in place is one thing, but actually living up to it can be very difficult," he says.

Whistle-blower files suit

In December 2006, the institution was hit with a lawsuit from a former executive who claims he was forced out because he helped uncover allegedly illegal financial practices. Five other lawsuits already had been filed against UMDNJ in 2006, all of them disputed by the university.

The latest plaintiff is James Lawler, former chief financial officer at UMDNJ's University Hospital in Newark, who claims that university officials tried to coerce him into signing a fraudulent and illegal Medicare report and forced him to quit his job when he refused to cooperate. Lawler is seeking unspecified damages along with severance pay and legal fees. Lawler's resignation a year ago was one of the key moments in the run-up to the filing of charges by federal prosecutors against UMDNJ as part of a multimillion-dollar Medicare fraud case. The charges and financial problems at the medical center led to a series of firings and the appointment of a federal monitor to oversee the scandal-plagued institution.

Lawler "was put in the position of either signing the report, which had the potential of exposing him to criminal charges, or leaving his position," according to a statement issued by Lawler's attorney, Bruce McMoran, JD, of Manasquan, NJ. "He felt he had no alternative but to leave rather than signing a fraudulent report."

UMDNJ spokeswoman Anna Farneski says the institution denies the claims in Lawler's lawsuit. "James Lawler voluntarily resigned his position as CFO of University Hospital, and we will dispute any assertion to the contrary," Farneski tells Healthcare Risk Management.

Compliance program is key

The troubles at UMDNJ could happen at any health care institution unless there are sufficient safeguards in the form of a compliance program, Smith says. Farneski says UMDNJ leaders admit that the institution's compliance program was inadequate. An important part of the compliance program is a reporting and complaint system that people trust, Smith says. (See below for Smith's outline of a good compliance program.)

"In this situation, if someone had called on an anonymous hotline and if the problem had been taken care of through that process, that would have been a part of the checks and balances that kept the program from going as far as it did," Smith says. His hospital has an outside hotline run by National Hotline Services in Fredericksburg, VA. (See the resources list for more information on the company.) "People can call and give an anonymous report, and we're obligated to follow up on those reports," Smith says.

He notes, however, that it is not enough to declare that fraud will not be tolerated and set up the mechanism for reporting. You also have to create a culture in which employees are not afraid to report wrongdoing and supervisors do not punish them for it. That atmosphere comes only over time and by setting examples, Smith says.

"We have to remind department heads that you can't take scalps when someone makes a report," he says. "That is very hard to do and a constant challenge for me to get that message across. For a staff person who wants to do the right thing, they sometimes don't want to get involved because they think only bad things can happen to them."

The compliance program also must ensure that reports receive proper attention. Smith frequently calls on outside counsel or an accounting firm to investigate problem reports because they can involve coding and billing issues that are quite complicated.

Pre-emptive compliance also can be a good idea. When Cabell Huntington Hospital wanted to provide physicians with personal digital assistants (PDAs) to improve communication, Smith first checked with outside compliance counsel to make sure that the arrangement did not violate any rules. When the PDAs were handed out, Smith made it clear to the physicians they were to facilitate accessing lab results and other patient information.

"We made sure people understood from the outset that this was being done to improve patient care and streamline some work processes, that these weren't just a gift to physicians," he says. "We wanted that clear to the physicians, but also to the employees who might otherwise think we were just handing out some nice gifts to the doctors."

Audits also are important to ensuring compliance and avoiding impropriety, Smith says. When a new service is offered at his hospital, compliance officers often perform an audit a few months later just to make sure all the safeguards are working as planned. "A lot of people flip the switch on a new program, and then it just goes on autopilot. People move on to the next issue and no one bothers to check in on the one that's up and running," Smith says. "It's easy to think that someone else is going to take care of it, so you need a system that calls for you to go back and check on how things are actually working."

Risk managers should watch for any indication that some people get favorable treatment in the compliance program, Smith advises. A good system will treat everyone the same — from the newly hired housekeeper to the CEO.

"The thing that will kill a compliance program is when you see people treated differently depending on who they are," he says. "The first time you kind of turn a blind eye to someone who is important to you, like a high-admitting physician, and say you know they didn't really mean to do wrong, then everyone gets the message that this is just a paper plan. You see that in a lot of institutions, with people deciding that it's all talk."


  • As part of the oversight by a federal monitor, information concerning UMDNJ's troubles and ongoing efforts to improve compliance is posted on the institution's web site at Click on the "federal monitor" tab at the bottom of the home page.
  • For information on implementing an outside hotline, contact:
  • National Hotline Services, 620-B Kenmore Ave., Fredericksburg, VA 22401. Telephone: (877) 267-1930. Web: