1 / 78

Compliance Programs 101 Creating a Culture of Compliance

Compliance Programs 101 Creating a Culture of Compliance. Brooke Bennett Aziere & Amanda M. Wilwert Missouri Rural Health Conference August 22, 2019. What is a culture of compliance? Why is it important?. What is a Culture of Compliance?.

parra
Download Presentation

Compliance Programs 101 Creating a Culture of Compliance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Compliance Programs 101Creating a Culture of Compliance Brooke Bennett Aziere & Amanda M. Wilwert Missouri Rural Health Conference August 22, 2019

  2. What is a culture of compliance? Why is it important?

  3. What is a Culture of Compliance? • To have an effective compliance program, an organization must establish and maintain an organizational culture that “encourages ethical conduct and a commitment to compliance with the law” • U.S. Federal Sentencing Guidelines § 8B2.1(a)(2).

  4. Compliance & Ethics Compliance Ethics • Doing what is required • Law • Regulations • Policy/Procedure • Code of Conduct • Doing what is right • Practicing with integrity • Upholding the organization mission and values

  5. The culture of compliance goes beyond the mere presence of a program or adherence to a manual Know the Difference between Compliance & Culture of Compliance

  6. Why is the Culture of Compliance Important?

  7. Qui Tam Lawsuits • False Claims Act includes provisions for private individuals (Whistleblowers or relators) to bring suit • Whistleblowers may be entitled to receive between 15% and 30% of the recovery • As many as 90% of whistleblowers report internally first • Concern is ignored; or • Employee experiences retaliation

  8. Money, Money, Money • FY 2018 (ended September 30, 2018) • $2.8 billion in settlements and judgments • $2.5 billion from the healthcare industry • Does not include criminal recoveries • Healthcare enforcement continues to be a profitable endeavor for the government

  9. Federal Sentencing Guidelines and NewGuidance from the DOJ

  10. Federal Sentencing Guidelines • Effective November 1, 1991 • Revised November 2004 and 2010 • Control sentencing of organizations for most federal criminal violations • Sentencing credit for “effective programs to prevent and detect violations of law”

  11. Federal Sentencing Guidelines • Organizations shall exercise due diligence to prevent and detect criminal conduct; and otherwise promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.

  12. Federal Sentencing Guidelines • You can get credit for having an effective program, provided you meet the new criteria: • The head of the compliance program must report directly to the governing authority or appropriate subgroup; • The compliance program must discover the problem before discovery outside the organization was reasonably likely; • The organization must promptly report the problem to the government; and • No person with operational responsibility in the compliance program participated in, condoned or was willfully ignorant of the offense.

  13. Federal Compliance Program Guidance • Stipulates the need for an Effective Compliance Program • Silent on how to measure effectiveness • Emphasizes that to be effective, the program “must” • Be fully implemented • Be adequately resourced • Have an annual independent audit of “effectiveness” (select programs) • Have effective board oversight • Increased push for “outcomes” and “performance” measures

  14. DOJ Guidance Document • U.S. Department of Justice Criminal Division – Evaluation of Corporate Compliance Programs – updated April 2019 • 3 fundamental questions prosecutors consider: • Is the organization’s compliance program well-designed? • Is the program being applied earnestly and in good faith? In other words, is the program being implemented effectively? • Does the organization’s compliance program work in practice?

  15. DOJ Guidance Document • Well-designed • Risk Assessment • Policies and Procedures • Training • Communications • Reporting and investigation process • Third party management

  16. DOJ Guidance Document • Effectively implemented • Commitment by Management • Disciplinary measures • Resources • Works in practice • Continuous improvement • Periodic testing and review • Investigation of misconduct • Analysis and remediation

  17. What is a Compliance Program?

  18. What is a Compliance Program?

  19. 7 Fundamental Elements of an Effective Compliance Program • Written policies and procedures • Compliance professionals • Effective training • Effective communication • Risk assessment/Internal monitoring • Enforcement of standards • Prompt response

  20. Element #1 Written Policies and Procedures

  21. Policies and Procedures • Code of Conduct • Standards to promote compliance • Patient care and treatment • Legal • Fraud and abuse/AKS/Stark • HIPAA/HITECH/EMTALA • Record retention • Business Relationships • Gifts and gratuities • Business inducements • Conflicts of Interest • Provide to all new employees, condition of continued employment • Failure to abide = disciplinary action

  22. Policies and Procedures • Regularly review and update policies, procedures and code of conduct • Simple, short and separate from policies and procedures • Use real life examples

  23. Element #2 Compliance Officer, Compliance Committee, and Compliance Reporting Structures

  24. Compliance Officer/Committee • Compliance Officer • Direct Access to Board and senior management • OIG recommends that Compliance Officer not serve as CFO or General Counsel • Compliance Committee • Advises Compliance Officer and assists with implementation of the Compliance Program • Cross-section of organization • Operations • Finance • Auditing • HR • UR • Coding • Clinical • Legal (inside or outside counsel)

  25. Compliance Reporting Structures Compliance Committee Compliance Officer Senior Management Governing Body

  26. Compliance Reporting Structures Compliance Committee Compliance Officer (Human Resources, Administrator, Executive Director) Senior Management Governing Body

  27. Compliance Reporting Structures • Organizational Compliance Strategy • Establishing goals • Measuring progress • Reporting results

  28. Compliance Reporting Structures Compliance Committee/Compliance Officer Develop Risk Assessment and Work Plan Senior Management/Governing Body

  29. Compliance Reporting Structures Compliance Committee/Compliance Officer Dashboards with compliance accomplishments (# of days it takes to close compliance investigations; # of physician/provider contracts executed without legal review; # of workforce members completing compliance training; # hotline calls) Senior Management/Governing Body

  30. Compliance Reporting Structures Compliance Officer Quarterly reports (Meaty, but don’t get lost in the details) Senior Management/Governing Body

  31. Element #3 Effective Training

  32. Training • New employees/independent contractors trained as part of orientation process • Regular review and update with current employees/independent contractors • At least annually • Reinforce compliance throughout the year via • Staff meetings • Emails • Newsletters • Document attendance • Train the Governing Body and Senior Management

  33. Training • Test Knowledge • Make training part of the job • Compliance staff/officer education & networking • Make sure everyone understands that the underlying reason for the program is to consistently do the right thing • Everyone needs to view compliance as his or her responsibility

  34. Training • General Compliance Education to Include: • Elements of the Compliance Program • Organization’s Code of Conduct • Reporting System • Individual accountability for reporting suspected non-compliance • Non-retaliation policy • Who is the Compliance Officer • Explanation for fraud waste and abuse • Ethics • Privacy

  35. Training • Specific Focused Training for High Risk Areas and Specialized Personnel to Include: • Actions outside scope of practice • Government & Private payor reimbursement principles • Third party relationships • Identification of Privacy breach • Stark/Anti-Kickback Laws • Submission of claims which do not meet payor requirements for reimbursement • Conflicts of Interest • Documentation to support services

  36. Element #4 Communication

  37. Open Lines of Communication • Communication must be kept open, so that staff members feel comfortable speaking up • Solicit feedback • Maintain visibility with employees

  38. Communication • Open lines of communication • Compliance officer and employees/independent contractors • Hotlines • Anonymous email/drop box • Non-retaliation • Anonymity of reporter • Maintain visibility • Newsletters • Emails • Compliance Officer and the Board • Regular reports

  39. Element #5 Risk Assessment and Internal Auditing

  40. Risk Assessment • What is a Risk Assessment? • Understanding the organization’s risk • Identifying priorities • Assessment of organization and users for weak links • Annual Risk Assessment • Local, State, and Federal laws • Organization-wide • Policy development

  41. Auditing • What is an internal audit? • “Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systemic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.” -The Foundation for IA Standards

  42. Auditing

  43. Audits • Auditing v. Monitoring • Baseline Audits • Routine Audits • Investigations

  44. Auditing • Areas of focus: • External audits of financial statements • Clinical operations intersecting with financial operations • Government audits (e.g., OIG) • Corporate Integrity Agreements • Second Line of Defense reports (e.g., compliance, quality assurance) • Software/technology • Billing and coding • Documentation • Known risks/areas of prior non-compliance

  45. Auditing • Effective audit plan • Educational opportunity • Promotes the understanding of errors • Raises the bar on compliance • Promotes change • Reacts to discovered areas of non-compliance • Organization-wide buy-in • Self-monitoring of departments or functions • Compliance Officer

  46. Audits • Use of Attorney Client Privilege • Potential exposure to criminal/civil penalties or high overpayment • Sampling • Judgment • Probe • OIG requires at least 30 sample units • Statistical • Sample size • Targeted confidence and precision interval • CMS requires a confidence interval not < 90% • OIG recommends a precision not < +/- 25% • Assumed error rate • Sampling method (simple random, stratified or cluster) • Assumptions concerning errors as compared to the sampling unit • Sampling software • OIG RATS-STATS

  47. Auditing • Process • Develop an audit rotation schedule (e.g., department, provider, unit, service) • Keep an audit inventory • Reach out to individuals impacted/participating in the audit • Pre-audit meeting: document request; questions answered • Audit (e.g., routine, for cause, monitoring prior noncompliance) • Defined: • Issue • Scope • Objectives • Resources • Sample selection (if applicable)

  48. Auditing • Process continued: • Final audit review • Findings • Results analyzed, tracked, trended, reported • Education or policy and procedure changes needed • Final audit meeting with proposed Corrective Action Plan (CAP) • Root Cause Analysis • Follow CAP schedule • Follow up process to make sure items are completed • Did CAP correct deficiency? • Ongoing monitoring/auditing

  49. Audits • Check the findings • Ex: Additional records may exist in other departments to support the claim as billed • Evaluate the results • Repayment • Changes to claims development submission process • Employee disciplinary action • Expanded investigations • Corrective Action Plan • Employee training • Follow-up reviews • Monitoring

  50. OIG Audit Tips • Don’t only focus on the money – also evaluate what caused the problem • Sampling techniques in OIG’s Self Disclosure Protocol and in CIAs • Proactive reviews • Coding • Contracts • Quality of Care • Audit Plans • Corrective Action Plans

More Related