Margaret Scavotto (mcs@healthcareperformance.com) is President, Management Performance Associates in St. Louis, MO.
This article is not about Lori Loughlin, nor is it about Felicity Huffman. Our purpose is to learn from the compliance shortcomings and corrective actions of the universities involved in the college admissions scandal. Many have asserted that fault should be assigned to the institutions that participated in the scandal. My position is that these schools should also receive credit for their solutions to this problem, and healthcare providers could learn from these solutions.
A scandal brings change
Stanford; University of California, Los Angeles; University of Southern California; Yale; and other elite universities occupied the headlines for months when the Department of Justice (DOJ) indicted 52 individuals, including 32 parents (some celebrities), coaches, and test proctors in a college admissions fraud scheme that shook America’s faith in the admissions process: Operation Varsity Blues (OVB).
The parents are accused of paying standardized-test officials to secure extended testing time or having a third party take the test or correct their child’s test answers. Parents are also accused of bribing university athletic coaches and administrators to portray their children as athletic recruits, often with falsified applications using “Photoshop and stuff,”[1] often when their children did not even play the sport at issue.[2] Sentences are still being issued for those who pleaded guilty, but so far, they range from one day to six months’ incarceration, plus supervised release, fines, and community service.[3]
For example, Elizabeth and Manuel Henriquez paid a $400,000 bribe to enroll their daughter at Georgetown as a tennis recruit, plus additional funds to manipulate standardized tests. This scheme involved Rick Singer, a college admissions “consultant” who drafted a fabricated tennis profile for the Henriquezes’ daughter. The daughter’s application also included false statistics, such as a “Top 50” ranking in the United States Tennis Association (USTA) Junior Girls Tennis for her sophomore through senior years. In fact, this applicant did not play a single USTA high school tournament and ranked 207th in the Northern California under-12 girls’ division.[4]
The Henriquezes’ daughter was admitted to Georgetown, and her parents pleaded guilty to conspiracy to commit mail fraud and wire fraud, honest services mail and wire fraud, and conspiracy to commit money laundering.[5]
In a twist that hits home for the healthcare industry, nursing home mogul Philip Esformes was recently sentenced to 20 years in prison[6] for his role in a $1.3 billion healthcare fraud scheme. Esformes used $300,000 of the proceeds from the fraud scheme to bribe the University of Pennsylvania basketball coach to admit Esformes’s son as a basketball recruit.[7] Esformes’s son, despite never having played basketball at Penn, was admitted to and graduated from Wharton.
The universities took actions in response to this scandal to prevent similar fraudulent activity and public relations fallout. When their approaches are looked at collectively, a trend emerges: The schools took steps to implement a compliance program structure in the form of policies, documentation, controls, and audits.
Establish policies and standards
Policies and procedures establish your organization’s expectations for ethical conduct and broadcast these expectations to your workforce. When accompanied by appropriate training and enforcement, these policies become the foundation of compliant behavior.
In the wake of OVB, multiple universities—some that were part of OVB, plus schools that were not—announced new policies designed to prevent admission fraud. In June 2019, the University of California (UC) released a report summarizing findings and recommendations from an audit of admissions processes and controls.[8] Many of the recommendations made in the UC report involve creating or documenting policies that are aimed at limiting the type of conduct exposed in the scandal.
For example, UC Audit Recommendation 3.1 relates to Special Talent Admissions (special admissions) and defines applicants that are subject to “special” admission requirements. At UC, special admissions are granted to athletes or applicants to academic units or specialty schools who have athletic qualifications or special talents, such as a debate coach. Recommendation 3.1 calls on UC to: “Develop and issue guidance to clarify the definition of special talent to ensure that campuses consistently identify and track the population of applicants the departments recommend on the basis of special talent.”[9]
Other universities announced policy recommendations in response to the scandal. Yale reported that coaches will be required to report “athletic related income” paid by parties other than Yale; and coaches must give three references verifying each applicant’s status as an athlete.[10] Similarly, the University of Texas at Austin announced a new policy requiring admissions decisions for student-athletes to include a written assessment of athletic accomplishments, written by coaches, and reviewed by athletic leaders and the admissions office.[11]
These new policies—with corresponding training—should make the universities’ expectations for special admissions clear, and help employees recognize conduct that is contrary to these policies. In healthcare, this kind of accountability can be seen in the context of social media use. Social media involves multiple risks for providers: potential HIPAA violations, of course, but also infection if smartphones are brought into the operating room, and resident abuse in nursing homes. Rampant use of smartphones makes social media use very challenging to monitor. Clearly communicated policies with training can have a profound effect on social media compliance. Over time, as employees recognize the risks of social media use, internal reporting by co-workers is more likely, and policy violations may decrease.
Keep good documentation
When policies establishing clear standards are implemented, documentation must be created that can be audited to show adherence to, or variance from, your policies. Taking our UC special admissions example, Recommendation 3.2 calls for the University to: “Clearly identify and track all applicants that departments recommend on the basis of special talent.”[12]
Similarly, UC Audit Recommendation 3.3, also for special admissions, requires specific documentation requirements for these applicants. The recommendation suggests that the University: “Establish and document the minimum requirements for documented verification of special talents for each department. These minimum requirements should identify the types of information and trusted sources that can be used to confirm qualifications or credentials for a specific sport or talent….”[13]
By requiring this documentation, the university is creating auditable data (i.e., a paper trail). This data can be used to measure adherence to policies. For example, a sample of special talent applicants who are admitted could be reviewed to evaluate whether these applicants satisfied admissions criteria.
The advantages of documentation in the healthcare setting are seen with payments to contracted physicians. Written agreements with physicians often require the physician to work a certain number of hours a month, and/or perform enumerated tasks. These requirements help ensure the physician’s compensation constitutes fair market value. Documentation of these requirements is essential to measuring compliance with the agreements, and assuring that compensation remains at fair market value. For example, physicians may be required to submit a time log prior to payment. This documentation allows the provider to audit these logs and verify that they conform to contract guidelines.
Establish controls to limit abuse of your policies and standards
Decision-making authority unchecked by oversight and quantitative standards creates the opportunity for fraud. Controls are necessary to prevent policy variations and violations of the law. After the college admissions scandal made headlines, multiple schools developed controls to require third-party review and/or verification of applicant credentials. Each of the following examples of controls involves third-party approval.
UC recommended a two-step verification procedure to curb special admissions fraud:
-
The initiator of the recommendation must document and attest, under penalty of disciplinary action, that they have performed an assessment and determined that the level of special talent warrants a recommendation for admission.
-
An individual in a supervisory capacity must approve the recommendation….[14]
UC also recommended that special admissions require approval by the admissions director or a member of senior leadership who is separate from the department recommending the admission.[15]
Yale also introduced third-party review as a control: Student-athletes applying to Yale will have their athletic credentials verified by both the admissions office and athletic offices; and the athletic director started a new process whereby “sports administrators” review student-athlete qualifications. The sports administrators are not affiliated with a specific sports team.[16]
Finally, Wanda Austin, USC’s interim president, announced in April 2019 that athletic applications for admission cannot be considered until reviewed by: (1) the head coach, (2) the senior sports administrator, and (3) the Office of Athletics Compliance. In addition, the head coach must provide written certification that the student “is being recruited for athletic abilities.” USC will also audit athletic rosters annually and compare them to lists of incoming students to identify variances and potential fraud.[17] (Note: The University of Southern California is a private institution that is not part of UC.)
Each of these university policies requires another employee, supervisor, or department to review athletic admissions decisions. There are numerous examples of similar controls in healthcare. For example, an audit of the billing department should be conducted by someone other than the biller. Contracts might be reviewed by parties other than the drafter, such as the CFO or COO and the legal department, before the CEO signs. These controls provide the added protection of an independent review that minimizes the risk of misconduct and increases the likelihood of detecting misconduct when it does occur.
Audit adherence to policies and standards
Sometimes, individuals are motivated to commit fraud because of a significant personal benefit; in this case, admission to an elite university may have benefitted the parents, and hundreds of thousands of dollars probably benefitted Rick Singer and the university athletics officials. Audits are thus necessary to test your controls and obtain objective evidence whether your policies are being followed (or not). When unfettered by audit controls, potential fraud can go undetected, sometimes for years until identified by a whistleblower or the federal government. Although intentional fraud can be challenging to detect, audits of documented policies are the best way to both find fraud and deter it.
In OVB, one example of auditing lies in the use of limited admission spots. Some UC schools assign limited admissions for athletes. The UC Audit Recommendations include an audit process to determine whether these limits are followed: “Establish local procedures to annually monitor compliance with the campus percentage limits for admissions by exception established by Regental policy.”[18] UC also proposes a periodic evaluation of the number of athletic admission spots allotted, to determine if this number is excessive.[19]
This review can verify whether allotments exceed what is necessary to fill rosters. Excessive admissions could point to variations from policy, which could point to bribes or fraud. This scenario is highly relevant in the healthcare context. For example: Are you paying four medical directors when you only need one? When is the last time your organization assessed its need for medical directors, and compared it to its medical director contracts? An audit will tell you if something is awry.
But what about the good guys?
When organizations are hesitant to invest in compliance, I often hear: “We hire good people and trust them to do the right thing. Isn’t that enough?” There is some logic to this position, and we generally should trust our employees. My belief is that the overwhelming majority of employees at the OVB schools do the right thing. A compliance program with structure prevents and detects noncompliance involving the handful of people who are tempted or motivated to do the wrong thing. This compliance structure—policies, documentation, controls, and audits—also helps employees recognize right from wrong. For example, one of the UC audit recommendations identifies conflicts of interest facing admissions application readers who receive applications from students with whom they are acquainted.[20] Someone in that position, with the best intentions, could be motivated to give that application exceptionally high marks or flag the application for special review. Compliance policies, documentation, controls, and audits maximize your odds that all employees will do the right thing.
Protect your reputation with a culture of compliance
Your organization’s reputation is hard to build and easy to lose. Repeated policy variances can erode an organization’s culture and, inevitably, its reputation. Culture can be degraded even when the policy variations constitute a minority of the actions or decisions made. Most students were admitted to these universities on academic merit, but does the public see a culture of academic merit, or one of bribes and cheating?
University of Pennsylvania Admissions Dean Eric Furda recently described the calls he receives from parents who are displeased with the decisions made by Penn’s admissions office: “What do you all think you’re doing?” “You’re either incompetent or corrupt.”[21] Furda’s comments suggest that a lot of work is needed to improve the perception of the admissions process. Likewise, a survey conducted in March and April 2019 (after OVB was announced to the public) found that only 38% of Americans “regard the college admissions process as fair.”[22]
The corrective actions put in place by these universities are a first step toward rebuilding confidence in a “fair” admissions process, but it will take time and require constant upkeep. Consistent application of the recently announced policies, documentation, controls, and audits will be necessary to preserve ongoing compliance with a fair admissions process. The “good guys” will always strive to do the right thing. But your compliance program will help them recognize the right thing, and help your organization identify when someone strays from the policies and standards you set. By continuously practicing compliance, your institution can strengthen its adherence to ethical principles and project the reputation you deserve to the broader community.
Takeaways
-
Operation Varsity Blues holds valuable compliance lessons for the healthcare industry.
-
Policies and procedures supported by documentation lay the groundwork for ethical conduct.
-
Controls minimize the risk off fraud.
-
Audits are necessary to find misconduct.
-
An investment in compliance structure is also an investment in your culture and reputation.