Today, the Department of Health and Human Services’s Centers for Medicare and Medicaid Services (“CMS”) issued new proposed regulations under section 6411 of the Affordable Care Act for states who employ Medicaid Recovery Audit Contractors (“RACs”) under 42 CFR 455. Confused? Me too for a minute there.

Basically, a RAC is a contractor that a state is required to hire to identify over- and underpayments under Medicaid. According to the proposed rule, a previous RAC program identified some $1 billion in incorrect payments since CMS created a pilot program in 2005. The Affordable Care Act expands the program and this proposed rule explains how to implement it.

There were 37 other rulemaking regulations issued today.

photo © 2009 Steven Depolo | more info (via: Wylio)
There’s a really good article over at Law.com by Sue Reisinger of Corporate Counsel on the new Dodd-Frank whistle-blower provisions that you should read if you have the time. If you don’t, I think these are the highlights:

• The bare metal of the program is this: if the whistle-blower nets a recovery of over $1 million, the whistle-blower may be entitled 10-30% as a commission. If a company retaliates, the whistle-blower might collect double back pay. The SEC and CFTC are planning to hire 800 new people to receive complaints!
• Even though the SEC hasn’t finished the regulations, the legislation is already effective and the SEC is already getting tips.
• Not all the whistle-blower calls are coming in to the SEC–many are skipping the SEC and going to the plaintiff’s attorneys who are likely to be even more aggressive than individuals (try this site).
• The upshot for the enterprise? “Prepare.” “First, corporate counsel should get ready to spend more. They’ll have to sign more checks for training, enhanced compliance programs that must cover subsidiaries now, more internal investigations, more internal audits. And more litigation.”

Click here for the article.

(Of note, the article has some interesting ideas on how to work with the problem. I wonder if I could design a heat map for it.)

This was from today’s Gartner Symposium.

Hey Warren Buffet, pay attention. Now that you own Burlington Northern, you should know that the Federal Railroad Administration issued new changes to 49 CFR 225 (requiring monthly accident reports) under the 1910 Accident Reports Act, among other statutes, effective June 1, 2011. The new rule attempts to “clarify” a few reporting requirements, including requirements related to the reporting of attempted suicides-by-train.

There were 36 other new rulemaking regulations issued today.

The 2010 ARMA International Conference will likely dominate the headlines here at WLW for a while. The “premier event in the records and information management field” is being held at the Moscone Center in San Francisco, and it already started. It’s strange to start a conference on Sunday, but hey, it’s San Francisco. As long as you can make your case, it works.

There are already quite a few tweets coming out of the conference:

• @banjaxx #arma2010 customer quote @IBM_ECM booth 710 “… @PSS_Systems made our lawyers too efficient in ediscovery ..” #ibmecm #ilg #ediscovery
• @btblair #ARMA2010 Whew, now that was a packed day. Lots of excitement and action on the show floor. We are at a critical time in RIM history.
• @cchoksy #ARMA2010 Forrester Research session: records managers expect 50% growth in storage in 2011
• @PSS_Systems RT @btblair: #ARMA2010 So far I’ve learned: #InfoGov is hard. CEO should care more. Volume is growing. Cloud is…well, something

(Photo from TechNopal.)

Legal wants to know about insider trading (or bribery or selling Happy Meals) in one of your foreign subsidiaries before the Tokyo securities and exchange division announces an investigation. Can IT help?  Can today’s GRC software do it? Can it automatically monitor external and internal data to spot the risk?

While you’re feeling proactive… If you work in a highly regulated industry like banking, you should try–and I do mean just try–to see what kind of regulatory chaos will be coming out of Congress over the next few years after the recent elections. Still feeling proactive? Take a visit to this post on litigation trends.

The Editor is intentionally trying to avoid all the hoopla over the Ethics 20/20 issues from the ABA. It feels like just a bunch of lawyers doing a lot of hand wringing over social media, and it drives the Editor crazy. If you want to know about some of the concerns lawyers (not necessarily your legal department) have with social media, just Google it.

Speaking of driving people crazy, for an interesting cultural tidbit about the difference between the legal industry and your industry you should read this post. In a nutshell, some lawyers were really freaked out about merit-based pay. Sounds weird, huh?

(Happy Meal image courtesy of noodlepie.)

Autonomy is a strong leader in the eDiscovery space, all are agreed. So I thought I should spend some time with the Protect product because Autonomy is clearly trying to take advantage of the trend toward compliance solutions. What I saw makes me think the vendors are making the lines between compliance, eDiscovery, information governance, and GRC fuzzy, or I should say, fuzzier than they already were.

Here’s one simple reason: Autonomy declares that “compliance” means that you “know what information you have, can confirm its accuracy, understand its value, secure and retain it appropriately, ensure that it is discoverable, and have quick access to it when required you know what information you have, can confirm its accuracy, understand its value, secure and retain it appropriately, ensure that it is discoverable, and have quick access to it when required.”

Gartner’s recent Magic Quadrant report drew a very different definition of the term “compliance,” however. Gartner says that compliance is the “process of adherence to policies and decisions. Policies can be derived from internal directives, procedures and requirements, or external laws, regulations, standards and agreements.”

I’ll concede that the definitions aren’t entirely incompatible, but I will make the rather obvious point that Autonomy’s definition works to its advantage… since it is a search company!

(Blurry Christmas lights from Rich Evenhouse)

The Editor spent some quality time with a recent Gartner report on leading GRC vendors. OpenPages (now owned by IBM), MetricStream, and Bwise are the leaders in Gartner’s “Magic Quadrant.” Almost everyone else, with the notable exception of SAP, got ensnared in the “challenger” category. The most interesting aspect of the report, however, is that major players (like SAP) have shown up in the famed Magic Quadrant for the first time.

While not every vendor made it into the sought-after leader’s quadrant, the report seems to pay particular attention to the following:

• BWise, for its extensive risk library, innovative continuous controls monitoring, and combined qualitative and quantitative capabilities. Gartner seemed concerned, however, about flat revenue growth when some other competitors seemed to expand.
• LogicManager, because it seems to be well positioned for the shift to full-blown BPM integration.
• MetricStream, because its sales expanded last year and because it’s going for the big boys that need to accomplish multiple GRC objectives at once.
• Thomson Reuter’s Paisley because its content integration with the Thomson platform, its heavy investment in R&D, and its extensive product roadmap may have positioned it for World Domination.
• SAP BusinessObjects because of its planned platform rearchitecture for December 2010.
• Strategic Thought Group because it seems well positioned for the industry trend.

Gartner is also taking the position that the leading driver of GRC shifted from compliance to broader enterprise risk management concerns. While there’s probably some truth to that, even there metrics aren’t overwhelmingly convincing. Their own study indicated that about 58% of survey respondents selected general “ERM” as a driver while 46% indicated that regulatory concerns like SOX were driving their initiatives. That may be a statistical difference, but the numbers are so close that it looks like companies really just want BOTH.

I thought two stories I saw yesterday warranted a synthesis. First, the ACC/Seregeti report that was floating around last week made it onto a post by Kevin Hunt on Legal Current. That blog observed that legal spend is growing, but the bigger budget line item didn’t translate to more money for outside counsel. Instead, “In-house counsel are increasingly turning to more sophisticated tracking systems to carefully understand where their money is going.”

Second, Michael Rasmussen on Corporate Integrity has a post from last week in which he calls for a “regulatory intelligence” system to deal with the crushing weight of new regulations coming out all over the world. He calls for automated, streamlined processes.

Synthesize those, and I think legal is justified in asking for even more money, not for lawyers, but for tools. Lots of new software tools!

In other news: think you’re an eDiscovery expert? Consider getting certified.  But, hey, maybe you’re wasting your time since even 86 percent of IT professionals still rely on paper. If that’s the rate for the IT guys, then what do you think it is for the lawyers? Would you really trust a hard drive to a lawyer? Josh Tredennick has a problem with an EDRM model.